refactor: enhance OAuth2 error handling by adding user-friendly excep…

…tion messages (#58)

### What this PR does?
/kind improvement

增加友好的异常日志以便在 OAuth2 身份验证失败时向用户提供清晰的反馈，如不匹配的重定向URL

示例：
```shell
2024-08-02T14:56:24.357+08:00 ERROR 7 --- [or-http-epoll-3] r.halo.oauth.Oauth2LoginConfiguration    : An error occurred while attempting to oauth2 authenticate: 
error: redirect_uri_mismatch
error_description: The redirect_uri MUST match the registered callback URL for this application.
error_uri: https://docs.github.com/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch


org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found] 
	at run.halo.oauth.Oauth2LoginConfiguration$Initializer.lambda$getAuthenticationConverter$0(Oauth2LoginConfiguration.java:238) ~[na:na]
	at reactor.core.publisher.Mono.lambda$onErrorMap$27(Mono.java:3840) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.Mono.lambda$onErrorResume$29(Mono.java:3930) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.M
onoFlatMap$FlatMapMain.onError(MonoFlatMap.java:180) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2236) ~[reactor-core-3.6.7.jar:3.6.7]
error: redirect_uri_mismatch

	at reactor.core.publisher.Operators.error(Operators.java:198) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.MonoError.subscribe(MonoError.java:53) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:53) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.Mono.subscribe(Mono.java:4568) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:82) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.MonoFlatMap$FlatMapMain.onComplete(MonoFlatMap.java:189) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166) ~[reactor-core-3.6.7.jar:3.6.7]
	at reactor.core.publisher.FluxMap$MapConditionalSubscribe
r.onComplete(FluxMap.java:275) ~[reactor-core-3.6.7.jar:3.6.7]
```
```release-note
增加友好的异常日志以便在 OAuth2 身份验证失败时向用户提供清晰的反馈
```

build.gradle

@@ -30,4 +30,5 @@ test {
 
 halo {
     version = '2.17'
+    debug = true
 }

src/main/java/run/halo/oauth/Oauth2LoginConfiguration.java

@@ -1,6 +1,9 @@
 package run.halo.oauth;
 
+import com.google.common.base.Throwables;
 import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.DelegatingReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
@@ -40,6 +43,7 @@
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.MultiValueMap;
 import reactor.core.publisher.Mono;
 import run.halo.app.extension.ReactiveExtensionClient;
 import run.halo.app.security.LoginHandlerEnhancer;
@@ -50,6 +54,7 @@
  * @author guqing
  * @since 1.0.0
  */
+@Slf4j
 @Getter
 @Component
 public final class Oauth2LoginConfiguration {
@@ -108,12 +113,42 @@ ServerAuthenticationFailureHandler getAuthenticationFailureHandler() {
                 @Override
                 public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange,
                                                           AuthenticationException exception) {
+                    var queryParams = webFilterExchange.getExchange().getRequest().getQueryParams();
+                    var response = new OAuth2ErrorResponse(queryParams);
+                    log.error("An error occurred while attempting to oauth2 authenticate: \n{}",
+                        response, Throwables.getRootCause(exception));
                     return loginHandlerEnhancer.onLoginFailure(webFilterExchange.getExchange(), exception)
                         .then(super.onAuthenticationFailure(webFilterExchange, exception));
                 }
             };
         }
 
+        @RequiredArgsConstructor
+        static class OAuth2ErrorResponse {
+            private final MultiValueMap<String, String> queryParams;
+
+            public String error() {
+                return queryParams.getFirst("error");
+            }
+
+            public String errorDescription() {
+                return queryParams.getFirst("error_description");
+            }
+
+            public String errorUri() {
+                return queryParams.getFirst("error_uri");
+            }
+
+            @Override
+            public String toString() {
+                return """
+                    error: %s
+                    error_description: %s
+                    error_uri: %s
+                    """.formatted(error(), errorDescription(), errorUri());
+            }
+        }
+
         GrantedAuthoritiesMapper getAuthoritiesMapper() {
             return new SimpleAuthorityMapper();
         }