mirror of
https://github.com/lejianwen/rustdesk-api.git
synced 2026-02-15 18:50:50 +00:00
re-construct oauth
This commit is contained in:
Tao Chen
@@ -63,6 +63,8 @@ func (ct *Login) Login(c *gin.Context) {
|
||||
response.Success(c, &adResp.LoginPayload{
|
||||
Token: ut.Token,
|
||||
Username: u.Username,
|
||||
Email: u.Email,
|
||||
Avatar: u.Avatar,
|
||||
RouteNames: service.AllService.UserService.RouteNames(u),
|
||||
Nickname: u.Nickname,
|
||||
})
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
"Gwen/http/request/admin"
|
||||
adminReq "Gwen/http/request/admin"
|
||||
"Gwen/http/response"
|
||||
"Gwen/model"
|
||||
"Gwen/service"
|
||||
"github.com/gin-gonic/gin"
|
||||
"strconv"
|
||||
@@ -96,21 +95,23 @@ func (o *Oauth) BindConfirm(c *gin.Context) {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
|
||||
return
|
||||
}
|
||||
v := service.AllService.OauthService.GetOauthCache(j.Code)
|
||||
if v == nil {
|
||||
oauthService := service.AllService.OauthService
|
||||
oauthCache := oauthService.GetOauthCache(j.Code)
|
||||
if oauthCache == nil {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "OauthExpired"))
|
||||
return
|
||||
}
|
||||
u := service.AllService.UserService.CurUser(c)
|
||||
err = service.AllService.OauthService.BindOauthUser(v.Op, v.ThirdOpenId, v.ThirdName, u.Id)
|
||||
oauthUser := oauthCache.ToOauthUser()
|
||||
user := service.AllService.UserService.CurUser(c)
|
||||
err = oauthService.BindOauthUser(user.Id, oauthUser, oauthCache.Op)
|
||||
if err != nil {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "BindFail"))
|
||||
return
|
||||
}
|
||||
|
||||
v.UserId = u.Id
|
||||
service.AllService.OauthService.SetOauthCache(j.Code, v, 0)
|
||||
response.Success(c, v)
|
||||
oauthCache.UserId = user.Id
|
||||
oauthService.SetOauthCache(j.Code, oauthCache, 0)
|
||||
response.Success(c, oauthCache)
|
||||
}
|
||||
|
||||
func (o *Oauth) Unbind(c *gin.Context) {
|
||||
@@ -126,28 +127,11 @@ func (o *Oauth) Unbind(c *gin.Context) {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
|
||||
return
|
||||
}
|
||||
if f.Op == model.OauthTypeGithub {
|
||||
err = service.AllService.OauthService.UnBindGithubUser(u.Id)
|
||||
if err != nil {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
|
||||
return
|
||||
}
|
||||
err = service.AllService.OauthService.UnBindOauthUser(u.Id, f.Op)
|
||||
if err != nil {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
|
||||
return
|
||||
}
|
||||
if f.Op == model.OauthTypeGoogle {
|
||||
err = service.AllService.OauthService.UnBindGoogleUser(u.Id)
|
||||
if err != nil {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
if f.Op == model.OauthTypeOidc {
|
||||
err = service.AllService.OauthService.UnBindOidcUser(u.Id)
|
||||
if err != nil {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
response.Success(c, nil)
|
||||
}
|
||||
|
||||
|
||||
@@ -286,10 +286,10 @@ func (ct *User) MyOauth(c *gin.Context) {
|
||||
var res []*adResp.UserOauthItem
|
||||
for _, oa := range oal.Oauths {
|
||||
item := &adResp.UserOauthItem{
|
||||
ThirdType: oa.Op,
|
||||
Op: oa.Op,
|
||||
}
|
||||
for _, ut := range uts {
|
||||
if ut.ThirdType == oa.Op {
|
||||
if ut.Op == oa.Op {
|
||||
item.Status = 1
|
||||
break
|
||||
}
|
||||
|
||||
@@ -83,22 +83,10 @@ func (l *Login) Login(c *gin.Context) {
|
||||
// @Failure 500 {object} response.ErrorResponse
|
||||
// @Router /login-options [get]
|
||||
func (l *Login) LoginOptions(c *gin.Context) {
|
||||
oauthOks := []string{}
|
||||
err, _ := service.AllService.OauthService.GetOauthConfig(model.OauthTypeGithub)
|
||||
if err == nil {
|
||||
oauthOks = append(oauthOks, model.OauthTypeGithub)
|
||||
}
|
||||
err, _ = service.AllService.OauthService.GetOauthConfig(model.OauthTypeGoogle)
|
||||
if err == nil {
|
||||
oauthOks = append(oauthOks, model.OauthTypeGoogle)
|
||||
}
|
||||
err, _ = service.AllService.OauthService.GetOauthConfig(model.OauthTypeOidc)
|
||||
if err == nil {
|
||||
oauthOks = append(oauthOks, model.OauthTypeOidc)
|
||||
}
|
||||
oauthOks = append(oauthOks, model.OauthTypeWebauth)
|
||||
ops := service.AllService.OauthService.GetOauthProviders()
|
||||
ops = append(ops, model.OauthTypeWebauth)
|
||||
var oidcItems []map[string]string
|
||||
for _, v := range oauthOks {
|
||||
for _, v := range ops {
|
||||
oidcItems = append(oidcItems, map[string]string{"name": v})
|
||||
}
|
||||
common, err := json.Marshal(oidcItems)
|
||||
@@ -108,7 +96,7 @@ func (l *Login) LoginOptions(c *gin.Context) {
|
||||
}
|
||||
var res []string
|
||||
res = append(res, "common-oidc/"+string(common))
|
||||
for _, v := range oauthOks {
|
||||
for _, v := range ops {
|
||||
res = append(res, "oidc/"+v)
|
||||
}
|
||||
c.JSON(http.StatusOK, res)
|
||||
|
||||
@@ -9,8 +9,6 @@ import (
|
||||
"Gwen/service"
|
||||
"github.com/gin-gonic/gin"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type Oauth struct {
|
||||
@@ -32,13 +30,17 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
|
||||
response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
|
||||
return
|
||||
}
|
||||
//fmt.Println(f)
|
||||
if f.Op != model.OauthTypeWebauth && f.Op != model.OauthTypeGoogle && f.Op != model.OauthTypeGithub && f.Op != model.OauthTypeOidc {
|
||||
response.Error(c, response.TranslateMsg(c, "ParamsError"))
|
||||
|
||||
oauthService := service.AllService.OauthService
|
||||
err = oauthService.ValidateOauthProvider(f.Op)
|
||||
if err != nil {
|
||||
response.Error(c, response.TranslateMsg(c, err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
err, code, url := service.AllService.OauthService.BeginAuth(f.Op)
|
||||
var code string
|
||||
var url string
|
||||
err, code, url = oauthService.BeginAuth(f.Op)
|
||||
if err != nil {
|
||||
response.Error(c, response.TranslateMsg(c, err.Error()))
|
||||
return
|
||||
@@ -149,70 +151,43 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
|
||||
c.String(http.StatusInternalServerError, response.TranslateParamMsg(c, "ParamIsEmpty", "state"))
|
||||
return
|
||||
}
|
||||
|
||||
cacheKey := state
|
||||
oauthService := service.AllService.OauthService
|
||||
//从缓存中获取
|
||||
v := service.AllService.OauthService.GetOauthCache(cacheKey)
|
||||
if v == nil {
|
||||
oauthCache := oauthService.GetOauthCache(cacheKey)
|
||||
if oauthCache == nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthExpired"))
|
||||
return
|
||||
}
|
||||
|
||||
ty := v.Op
|
||||
ac := v.Action
|
||||
var u *model.User
|
||||
openid := ""
|
||||
thirdName := ""
|
||||
//fmt.Println("ty ac ", ty, ac)
|
||||
|
||||
if ty == model.OauthTypeGithub {
|
||||
code := c.Query("code")
|
||||
err, userData := service.AllService.OauthService.GithubCallback(code)
|
||||
if err != nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
|
||||
return
|
||||
}
|
||||
openid = strconv.Itoa(userData.Id)
|
||||
thirdName = userData.Login
|
||||
} else if ty == model.OauthTypeGoogle {
|
||||
code := c.Query("code")
|
||||
err, userData := service.AllService.OauthService.GoogleCallback(code)
|
||||
if err != nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
|
||||
return
|
||||
}
|
||||
openid = userData.Email
|
||||
//将空格替换成_
|
||||
thirdName = strings.Replace(userData.Name, " ", "_", -1)
|
||||
} else if ty == model.OauthTypeOidc {
|
||||
code := c.Query("code")
|
||||
err, userData := service.AllService.OauthService.OidcCallback(code)
|
||||
if err != nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
|
||||
return
|
||||
}
|
||||
openid = userData.Sub
|
||||
thirdName = userData.PreferredUsername
|
||||
} else {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ParamsError"))
|
||||
op := oauthCache.Op
|
||||
action := oauthCache.Action
|
||||
var user *model.User
|
||||
// 获取用户信息
|
||||
code := c.Query("code")
|
||||
err, oauthUser := oauthService.Callback(code, op)
|
||||
if err != nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
|
||||
return
|
||||
}
|
||||
if ac == service.OauthActionTypeBind {
|
||||
userId := oauthCache.UserId
|
||||
openid := oauthUser.OpenId
|
||||
if action == service.OauthActionTypeBind {
|
||||
|
||||
//fmt.Println("bind", ty, userData)
|
||||
utr := service.AllService.OauthService.UserThirdInfo(ty, openid)
|
||||
// 检查此openid是否已经绑定过
|
||||
utr := oauthService.UserThirdInfo(op, openid)
|
||||
if utr.UserId > 0 {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
|
||||
return
|
||||
}
|
||||
//绑定
|
||||
u = service.AllService.UserService.InfoById(v.UserId)
|
||||
if u == nil {
|
||||
user = service.AllService.UserService.InfoById(userId)
|
||||
if user == nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
|
||||
return
|
||||
}
|
||||
//绑定
|
||||
err := service.AllService.OauthService.BindOauthUser(ty, openid, thirdName, v.UserId)
|
||||
err := oauthService.BindOauthUser(userId, oauthUser, op)
|
||||
if err != nil {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
|
||||
return
|
||||
@@ -220,42 +195,41 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
|
||||
c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
|
||||
return
|
||||
|
||||
} else if ac == service.OauthActionTypeLogin {
|
||||
} else if action == service.OauthActionTypeLogin {
|
||||
//登录
|
||||
if v.UserId != 0 {
|
||||
if userId != 0 {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
|
||||
return
|
||||
}
|
||||
u = service.AllService.UserService.InfoByGithubId(openid)
|
||||
if u == nil {
|
||||
oa := service.AllService.OauthService.InfoByOp(ty)
|
||||
if !*oa.AutoRegister {
|
||||
user = service.AllService.UserService.InfoByOauthId(op, openid)
|
||||
if user == nil {
|
||||
oauthConfig := oauthService.InfoByOp(op)
|
||||
if !*oauthConfig.AutoRegister {
|
||||
//c.String(http.StatusInternalServerError, "还未绑定用户,请先绑定")
|
||||
v.ThirdName = thirdName
|
||||
v.ThirdOpenId = openid
|
||||
oauthCache.UpdateFromOauthUser(oauthUser)
|
||||
url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
|
||||
c.Redirect(http.StatusFound, url)
|
||||
return
|
||||
}
|
||||
|
||||
//自动注册
|
||||
u = service.AllService.UserService.RegisterByOauth(ty, thirdName, openid)
|
||||
if u.Id == 0 {
|
||||
user = service.AllService.UserService.RegisterByOauth(oauthUser, op)
|
||||
if user.Id == 0 {
|
||||
c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
|
||||
return
|
||||
}
|
||||
}
|
||||
v.UserId = u.Id
|
||||
service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
|
||||
oauthCache.UserId = user.Id
|
||||
oauthService.SetOauthCache(cacheKey, oauthCache, 0)
|
||||
// 如果是webadmin,登录成功后跳转到webadmin
|
||||
if v.DeviceType == "webadmin" {
|
||||
if oauthCache.DeviceType == "webadmin" {
|
||||
/*service.AllService.UserService.Login(u, &model.LoginLog{
|
||||
UserId: u.Id,
|
||||
Client: "webadmin",
|
||||
Uuid: "", //must be empty
|
||||
Ip: c.ClientIP(),
|
||||
Type: model.LoginLogTypeOauth,
|
||||
Platform: v.DeviceOs,
|
||||
Platform: oauthService.DeviceOs,
|
||||
})*/
|
||||
url := global.Config.Rustdesk.ApiServer + "/_admin/#/"
|
||||
c.Redirect(http.StatusFound, url)
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
package admin
|
||||
|
||||
import "Gwen/model"
|
||||
import (
|
||||
"Gwen/model"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type BindOauthForm struct {
|
||||
Op string `json:"op" binding:"required"`
|
||||
@@ -13,19 +16,37 @@ type UnBindOauthForm struct {
|
||||
Op string `json:"op" binding:"required"`
|
||||
}
|
||||
type OauthForm struct {
|
||||
Id uint `json:"id"`
|
||||
Op string `json:"op" validate:"required"`
|
||||
Issuer string `json:"issuer" validate:"omitempty,url"`
|
||||
Scopes string `json:"scopes" validate:"omitempty"`
|
||||
ClientId string `json:"client_id" validate:"required"`
|
||||
ClientSecret string `json:"client_secret" validate:"required"`
|
||||
RedirectUrl string `json:"redirect_url" validate:"required"`
|
||||
AutoRegister *bool `json:"auto_register"`
|
||||
Id uint `json:"id"`
|
||||
Op string `json:"op" validate:"omitempty"`
|
||||
OauthType string `json:"oauth_type" validate:"required"`
|
||||
Issuer string `json:"issuer" validate:"omitempty,url"`
|
||||
Scopes string `json:"scopes" validate:"omitempty"`
|
||||
ClientId string `json:"client_id" validate:"required"`
|
||||
ClientSecret string `json:"client_secret" validate:"required"`
|
||||
RedirectUrl string `json:"redirect_url" validate:"required"`
|
||||
AutoRegister *bool `json:"auto_register"`
|
||||
}
|
||||
|
||||
func (of *OauthForm) ToOauth() *model.Oauth {
|
||||
op := strings.ToLower(of.Op)
|
||||
op = strings.TrimSpace(op)
|
||||
if op == "" {
|
||||
switch of.OauthType {
|
||||
case model.OauthTypeGithub:
|
||||
of.Op = "GitHub"
|
||||
case model.OauthTypeGoogle:
|
||||
of.Op = "Google"
|
||||
case model.OauthTypeOidc:
|
||||
of.Op = "OIDC"
|
||||
case model.OauthTypeWebauth:
|
||||
of.Op = "WebAuth"
|
||||
default:
|
||||
of.Op = of.OauthType
|
||||
}
|
||||
}
|
||||
oa := &model.Oauth{
|
||||
Op: of.Op,
|
||||
OauthType: of.OauthType,
|
||||
ClientId: of.ClientId,
|
||||
ClientSecret: of.ClientSecret,
|
||||
RedirectUrl: of.RedirectUrl,
|
||||
|
||||
@@ -5,20 +5,22 @@ import (
|
||||
)
|
||||
|
||||
type UserForm struct {
|
||||
Id uint `json:"id"`
|
||||
Username string `json:"username" validate:"required,gte=4,lte=10"`
|
||||
Id uint `json:"id"`
|
||||
Username string `json:"username" validate:"required,gte=4,lte=10"`
|
||||
Email string `json:"email" validate:"required,email"`
|
||||
//Password string `json:"password" validate:"required,gte=4,lte=20"`
|
||||
Nickname string `json:"nickname"`
|
||||
Avatar string `json:"avatar"`
|
||||
GroupId uint `json:"group_id" validate:"required"`
|
||||
IsAdmin *bool `json:"is_admin" `
|
||||
Status model.StatusCode `json:"status" validate:"required,gte=0"`
|
||||
Nickname string `json:"nickname"`
|
||||
Avatar string `json:"avatar"`
|
||||
GroupId uint `json:"group_id" validate:"required"`
|
||||
IsAdmin *bool `json:"is_admin" `
|
||||
Status model.StatusCode `json:"status" validate:"required,gte=0"`
|
||||
}
|
||||
|
||||
func (uf *UserForm) FromUser(user *model.User) *UserForm {
|
||||
uf.Id = user.Id
|
||||
uf.Username = user.Username
|
||||
uf.Nickname = user.Nickname
|
||||
uf.Email = user.Email
|
||||
uf.Avatar = user.Avatar
|
||||
uf.GroupId = user.GroupId
|
||||
uf.IsAdmin = user.IsAdmin
|
||||
@@ -30,6 +32,7 @@ func (uf *UserForm) ToUser() *model.User {
|
||||
user.Id = uf.Id
|
||||
user.Username = uf.Username
|
||||
user.Nickname = uf.Nickname
|
||||
user.Email = uf.Email
|
||||
user.Avatar = uf.Avatar
|
||||
user.GroupId = uf.GroupId
|
||||
user.IsAdmin = uf.IsAdmin
|
||||
|
||||
@@ -4,6 +4,8 @@ import "Gwen/model"
|
||||
|
||||
type LoginPayload struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
Avatar string `json:"avatar"`
|
||||
Token string `json:"token"`
|
||||
RouteNames []string `json:"route_names"`
|
||||
Nickname string `json:"nickname"`
|
||||
@@ -15,8 +17,8 @@ var UserRouteNames = []string{
|
||||
var AdminRouteNames = []string{"*"}
|
||||
|
||||
type UserOauthItem struct {
|
||||
ThirdType string `json:"third_type"`
|
||||
Status int `json:"status"`
|
||||
Op string `json:"op"`
|
||||
Status int `json:"status"`
|
||||
}
|
||||
|
||||
type GroupUsersPayload struct {
|
||||
|
||||
@@ -29,6 +29,7 @@ type UserPayload struct {
|
||||
|
||||
func (up *UserPayload) FromUser(user *model.User) *UserPayload {
|
||||
up.Name = user.Username
|
||||
up.Email = user.Email
|
||||
up.IsAdmin = user.IsAdmin
|
||||
up.Status = int(user.Status)
|
||||
up.Info = map[string]interface{}{}
|
||||
|
||||
Reference in New Issue
Block a user