feat: verify api service in code generation

internal/oauth/authorize.go

@@ -3,8 +3,6 @@ package oauth
 import (
 	"fmt"
 	"net/http"
-	"slices"
-	"strings"
 
 	"gitea.local/admin/hspguard/internal/web"
 )
@@ -29,43 +27,11 @@ func (h *OAuthHandler) AuthorizeClient(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	client, err := h.repo.GetApiServiceCID(r.Context(), clientId)
-	if err != nil {
-		uri := fmt.Sprintf("%s?error=access_denied&error_description=Service+not+authorized", redirectUri)
-		if state != "" {
-			uri += "&state=" + state
-		}
-		http.Redirect(w, r, uri, http.StatusFound)
-		return
-	}
-
-	if !client.IsActive {
-		uri := fmt.Sprintf("%s?error=temporarily_unavailable&error_description=Service+not+active", redirectUri)
-		if state != "" {
-			uri += "&state=" + state
-		}
-		http.Redirect(w, r, uri, http.StatusFound)
-		return
-	}
-
-	scopes := strings.SplitSeq(strings.TrimSpace(r.URL.Query().Get("scope")), " ")
-
-	for scope := range scopes {
-		if !slices.Contains(client.Scopes, scope) {
-			uri := fmt.Sprintf("%s?error=invalid_scope&error_description=Scope+%s+is+not+allowed", redirectUri, strings.ReplaceAll(scope, " ", "+"))
-			if state != "" {
-				uri += "&state=" + state
-			}
-			http.Redirect(w, r, uri, http.StatusFound)
-			return
-		}
-	}
-
-	if !slices.Contains(client.RedirectUris, redirectUri) {
-		uri := fmt.Sprintf("%s?error=invalid_request&error_description=Redirect+URI+is+not+allowed", redirectUri)
-		if state != "" {
-			uri += "&state=" + state
-		}
+	if uri, err := h.verifyOAuthClient(w, r, &VerifyOAuthClientParams{
+		ClientID:    clientId,
+		RedirectURI: redirectUri,
+		State:       state,
+	}); err != nil {
 		http.Redirect(w, r, uri, http.StatusFound)
 		return
 	}