feat(oidc): add pkce (#150)

http/controller/admin/login.go

@@ -283,13 +283,13 @@ func (ct *Login) OidcAuth(c *gin.Context) {
 		return
 	}
 
-	err, code, url := service.AllService.OauthService.BeginAuth(f.Op)
+	err, state, verifier, url := service.AllService.OauthService.BeginAuth(f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
 	}
 
-	service.AllService.OauthService.SetOauthCache(code, &service.OauthCacheItem{
+	service.AllService.OauthService.SetOauthCache(state, &service.OauthCacheItem{
 		Action:     service.OauthActionTypeLogin,
 		Op:         f.Op,
 		Id:         f.Id,
@@ -297,10 +297,11 @@ func (ct *Login) OidcAuth(c *gin.Context) {
 		// DeviceOs: ct.Platform(c),
 		DeviceOs: f.DeviceInfo.Os,
 		Uuid:     f.Uuid,
+		Verifier: verifier,
 	}, 5*60)
 
 	response.Success(c, gin.H{
-		"code": code,
+		"code": state,
 		"url":  url,
 	})
 }

http/controller/admin/oauth.go

@@ -43,20 +43,21 @@ func (o *Oauth) ToBind(c *gin.Context) {
 		return
 	}
 
-	err, code, url := service.AllService.OauthService.BeginAuth(f.Op)
+	err, state, verifier, url := service.AllService.OauthService.BeginAuth(f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
 	}
 
-	service.AllService.OauthService.SetOauthCache(code, &service.OauthCacheItem{
+	service.AllService.OauthService.SetOauthCache(state, &service.OauthCacheItem{
 		Action: service.OauthActionTypeBind,
-		Op:     f.Op,
-		UserId: u.Id,
+		Op:     	f.Op,
+		UserId: 	u.Id,
+		Verifier: 	verifier,
 	}, 5*60)
 
 	response.Success(c, gin.H{
-		"code": code,
+		"code": state,
 		"url":  url,
 	})
 }

http/controller/api/ouath.go

@@ -32,15 +32,16 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 	}
 
 	oauthService := service.AllService.OauthService
-	var code string
+	var state string
 	var url string
-	err, code, url = oauthService.BeginAuth(f.Op)
+	var verifier string
+	err, state, verifier, url = oauthService.BeginAuth(f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
 	}
 
-	service.AllService.OauthService.SetOauthCache(code, &service.OauthCacheItem{
+	service.AllService.OauthService.SetOauthCache(state, &service.OauthCacheItem{
 		Action:     service.OauthActionTypeLogin,
 		Id:         f.Id,
 		Op:         f.Op,
@@ -48,10 +49,11 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 		DeviceName: f.DeviceInfo.Name,
 		DeviceOs:   f.DeviceInfo.Os,
 		DeviceType: f.DeviceInfo.Type,
+		Verifier:   verifier,
 	}, 5*60)
 	//fmt.Println("code url", code, url)
 	c.JSON(http.StatusOK, gin.H{
-		"code": code,
+		"code": state,
 		"url":  url,
 	})
 }
@@ -156,10 +158,11 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
 	}
 	op := oauthCache.Op
 	action := oauthCache.Action
+	verifier := oauthCache.Verifier
 	var user *model.User
 	// 获取用户信息
 	code := c.Query("code")
-	err, oauthUser := oauthService.Callback(code, op)
+	err, oauthUser := oauthService.Callback(code, verifier, op)
 	if err != nil {
 		c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
 		return

http/request/admin/oauth.go

@@ -24,6 +24,8 @@ type OauthForm struct {
 	ClientSecret string `json:"client_secret" validate:"required"`
 	RedirectUrl  string `json:"redirect_url" validate:"required"`
 	AutoRegister *bool  `json:"auto_register"`
+	PkceEnable   *bool  `json:"pkce_enable"`
+	PkceMethod   string `json:"pkce_method"`
 }
 
 func (of *OauthForm) ToOauth() *model.Oauth {
@@ -36,6 +38,8 @@ func (of *OauthForm) ToOauth() *model.Oauth {
 		AutoRegister: of.AutoRegister,
 		Issuer:       of.Issuer,
 		Scopes:       of.Scopes,
+		PkceEnable:   of.PkceEnable,
+		PkceMethod:   of.PkceMethod,
 	}
 	oa.Id = of.Id
 	return oa