Implement OAuth2 server module with personal access token support

[Copilot]

Implements the missing OAuth2 server module referenced by AuthenticationController.requireOauth() middleware and related scripts. The module wraps @node-oauth/oauth2-server with Mongoose model integration.

Implementation

• SecretsHelper.js - Cryptographic utilities (SHA256 hashing, timing-safe verification, token generation)
• OAuth2Model.js - Complete OAuth2 model implementation providing token/code persistence, client authentication, scope validation
• Oauth2Server.js - Configured server instance exporting Request, Response, and server objects
• OAuthPersonalAccessTokenManager.mjs - CRUD operations for personal access tokens with optional naming and expiration

Schema Changes

Added name field to OauthAccessToken schema for token identification.

Integration Points

The module integrates with:

• AuthenticationController.requireOauth(scope) middleware for OAuth-protected endpoints
• Existing scripts: create_oauth_personal_access_token.mjs, register_client.mjs, create_token.mjs
• Mongoose models: OauthAccessToken, OauthApplication, OauthAuthorizationCode, User

Example Usage

// Middleware usage (already in AuthenticationController)
const middleware = AuthenticationController.requireOauth('read_write')
app.get('/api/protected', middleware, handler)

// Personal access token creation
import OAuthPersonalAccessTokenManager from './modules/oauth2-server/app/src/OAuthPersonalAccessTokenManager.mjs'
const token = await OAuthPersonalAccessTokenManager.createToken(userId, 'My API Token')

All secrets stored as SHA256 hashes with timing-safe verification. Token lifetime: 1 year (access), 2 years (refresh).

Original prompt

你现在阅读 requireOauth(scope) {
if (typeof scope !== 'string' || !scope) {
throw new Error(
"requireOauth() expects a non-empty string as 'scope' parameter"
)
}

const middleware = async (req, res, next) => {
  const Oauth2Server = (
    await import(
      '../../../../modules/oauth2-server/app/src/Oauth2Server.js'
    )
  ).default

  const request = new Oauth2Server.Request(req)
  const response = new Oauth2Server.Response(res)
  try {
    const token = await Oauth2Server.server.authenticate(
      request,
      response,
      { scope }
    )
    req.oauth = { access_token: token.accessToken }
    req.oauth_token = token
    req.oauth_user = token.user
    next()
  } catch (err) {
    if (
      err.code === 400 &&
      err.message === 'Invalid request: malformed authorization header'
    ) {
      err.code = 401
    }
    // send all other errors
    res
      .status(err.code)
      .json({ error: err.name, error_description: err.message })
  }
}
return expressify(middleware)

},这里面的代码帮我把那个所谓的oauth2的server写出来 如果有需要的话尽可能把oauth哪那个模块的所有内容 还有personAccessToken也全部写出来

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.