feat(peer): add alias field and support filtering by alias

* add "disable_pwd" and "auto_oidc" at /admin/login-options

* fix: build RedirectURL by host and scheme, not Origin

README.md

@@ -94,8 +94,8 @@
     - 对于`OIDC`, `Issuer`是必须的。`Scopes`是可选的，默认为 `openid,profile,email`. 确保可以获取 `sub`,`email` 和`preferred_username`
     - `github oauth app`在`Settings`->`Developer settings`->`OAuth Apps`->`New OAuth App`
       中创建,地址 [https://github.com/settings/developers](https://github.com/settings/developers)
-    - `Authorization callback URL`填写`http://<your server[:port]>/api/oauth/callback`
+    - `Authorization callback URL`填写`http://<your server[:port]>/api/oidc/callback`
-      ，比如`http://127.0.0.1:21114/api/oauth/callback`
+      ，比如`http://127.0.0.1:21114/api/oidc/callback`
 7. 登录日志
 8. 链接日志
 9. 文件传输日志

README_EN.md

@@ -94,8 +94,8 @@ displaying data.Frontend code is available at [rustdesk-api-web](https://github.
     - For `OIDC`, you must set the `Issuer`. And `Scopes` is optional which default is `openid,email,profile`, please make sure this `Oauth App` can access `sub`, `email` and `preferred_username`
     - Create a `GitHub OAuth App`
       at `Settings` -> `Developer settings` -> `OAuth Apps` -> `New OAuth App` [here](https://github.com/settings/developers).
-    - Set the `Authorization callback URL` to `http://<your server[:port]>/api/oauth/callback`,
+    - Set the `Authorization callback URL` to `http://<your server[:port]>/api/oidc/callback`,
-      e.g., `http://127.0.0.1:21114/api/oauth/callback`.
+      e.g., `http://127.0.0.1:21114/api/oidc/callback`.
    
 7. Login logs
 8. Connection logs
@@ -164,8 +164,7 @@ The table below does not list all configurations. Please refer to the configurat
 | RUSTDESK_API_APP_DISABLE_PWD_LOGIN                     | disable password login                                                                                                                              | `false`                       |
 | RUSTDESK_API_APP_REGISTER_STATUS                       | register user default status ; 1 enabled , 2 disabled ; default 1                                                                                   | `1`                           |
 | RUSTDESK_API_APP_CAPTCHA_THRESHOLD                     | captcha threshold; -1 disabled, 0 always enable, >0 threshold  ;default `3`                                                                         | `3`                           |
-| RUSTDESK_API_APP_BAN_THRESHOLD                         | ban ip threshold; 0 disabled, >0 threshold ; default `0`
+| RUSTDESK_API_APP_BAN_THRESHOLD                         | ban ip threshold; 0 disabled, >0 threshold ; default `0`                                                                                            | `0`                           |
-                                               | `0`                           |
 | ----- ADMIN Configuration-----                         | ----------                                                                                                                                          | ----------                    |
 | RUSTDESK_API_ADMIN_TITLE                               | Admin Title                                                                                                                                         | `RustDesk Api Admin`          |
 | RUSTDESK_API_ADMIN_HELLO                               | Admin welcome message, you can use `html`                                                                                                           |                               |
@@ -325,4 +324,4 @@ Thanks to everyone who contributed!
   <img src="https://contrib.rocks/image?repo=lejianwen/rustdesk-api" />
 </a>
 
-## Thanks for your support! If you find this project useful, please give it a ⭐️. Thank you!
+## Thanks for your support! If you find this project useful, please give it a ⭐️. Thank you!

cmd/apimain.go

@@ -23,7 +23,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const DatabaseVersion = 264
+const DatabaseVersion = 265
 
 // @title 管理系统API
 // @version 1.0

docs/api/api_docs.go

@@ -954,35 +954,6 @@ const docTemplateapi = `{
                 }
             }
         },
-        "/oauth/callback": {
-            "get": {
-                "description": "OauthCallback",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "Oauth"
-                ],
-                "summary": "OauthCallback",
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/api.LoginRes"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/response.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
         "/oidc/auth": {
             "post": {
                 "description": "OidcAuth",
@@ -1041,6 +1012,35 @@ const docTemplateapi = `{
                 }
             }
         },
+        "/oidc/callback": {
+            "get": {
+                "description": "OauthCallback",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Oauth"
+                ],
+                "summary": "OauthCallback",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/api.LoginRes"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/response.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/peers": {
             "get": {
                 "security": [

docs/api/api_swagger.json

@@ -947,35 +947,6 @@
                 }
             }
         },
-        "/oauth/callback": {
-            "get": {
-                "description": "OauthCallback",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "Oauth"
-                ],
-                "summary": "OauthCallback",
-                "responses": {
-                    "200": {
-                        "description": "OK",
-                        "schema": {
-                            "$ref": "#/definitions/api.LoginRes"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal Server Error",
-                        "schema": {
-                            "$ref": "#/definitions/response.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
         "/oidc/auth": {
             "post": {
                 "description": "OidcAuth",
@@ -1034,6 +1005,35 @@
                 }
             }
         },
+        "/oidc/callback": {
+            "get": {
+                "description": "OauthCallback",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Oauth"
+                ],
+                "summary": "OauthCallback",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/api.LoginRes"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/response.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/peers": {
             "get": {
                 "security": [

docs/api/api_swagger.yaml

@@ -792,25 +792,6 @@ paths:
       summary: 登出
       tags:
       - 登录
-  /oauth/callback:
-    get:
-      consumes:
-      - application/json
-      description: OauthCallback
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/api.LoginRes'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/response.ErrorResponse'
-      summary: OauthCallback
-      tags:
-      - Oauth
   /oidc/auth:
     post:
       consumes:
@@ -849,6 +830,25 @@ paths:
       summary: OidcAuthQuery
       tags:
       - Oauth
+  /oidc/callback:
+    get:
+      consumes:
+      - application/json
+      description: OauthCallback
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/api.LoginRes'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/response.ErrorResponse'
+      summary: OauthCallback
+      tags:
+      - Oauth
   /peers:
     get:
       consumes:

http/controller/admin/login.go

@@ -169,6 +169,8 @@ func (ct *Login) LoginOptions(c *gin.Context) {
 		"ops":          ops,
 		"register":     global.Config.App.Register,
 		"need_captcha": needCaptcha,
+		"disable_pwd":  global.Config.App.DisablePwdLogin,
+		"auto_oidc":    global.Config.App.DisablePwdLogin && len(ops) == 1,
 	})
 }
 
@@ -189,7 +191,7 @@ func (ct *Login) OidcAuth(c *gin.Context) {
 		return
 	}
 
-	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(c, f.Op)
+	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return

http/controller/admin/my/addressBookCollection.go

@@ -98,10 +98,10 @@ func (abc *AddressBookCollection) Update(c *gin.Context) {
 		return
 	}
 	u := service.AllService.UserService.CurUser(c)
-	if f.UserId != u.Id {
+	//if f.UserId != u.Id {
-		response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
+	//	response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
-		return
+	//	return
-	}
+	//}
 	ex := service.AllService.AddressBookService.CollectionInfoById(f.Id)
 	if ex.Id == 0 {
 		response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))

http/controller/admin/oauth.go

@@ -44,7 +44,7 @@ func (o *Oauth) ToBind(c *gin.Context) {
 		return
 	}
 
-	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(c, f.Op)
+	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return

http/controller/admin/peer.go

@@ -114,6 +114,9 @@ func (ct *Peer) List(c *gin.Context) {
 		if query.Ip != "" {
 			tx.Where("last_online_ip like ?", "%"+query.Ip+"%")
 		}
+		if query.Alias != "" {
+			tx.Where("alias like ?", "%"+query.Alias+"%")
+		}
 	})
 	response.Success(c, res)
 }

http/controller/api/index.go

@@ -49,7 +49,7 @@ func (i *Index) Heartbeat(c *gin.Context) {
 		c.JSON(http.StatusOK, gin.H{})
 		return
 	}
-	peer := service.AllService.PeerService.FindByUuid(info.Uuid)
+	peer := service.AllService.PeerService.FindById(info.Id)
 	if peer == nil || peer.RowId == 0 {
 		c.JSON(http.StatusOK, gin.H{})
 		return

http/controller/api/ouath.go

@@ -36,7 +36,7 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 
 	oauthService := service.AllService.OauthService
 
-	err, state, verifier, nonce, url := oauthService.BeginAuth(c, f.Op)
+	err, state, verifier, nonce, url := oauthService.BeginAuth(f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
@@ -143,7 +143,7 @@ func (o *Oauth) OidcAuthQuery(c *gin.Context) {
 // @Produce  json
 // @Success 200 {object} apiResp.LoginRes
 // @Failure 500 {object} response.ErrorResponse
-// @Router /oauth/callback [get]
+// @Router /oidc/callback [get]
 func (o *Oauth) OauthCallback(c *gin.Context) {
 	state := c.Query("state")
 	if state == "" {
@@ -170,7 +170,7 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
 	var user *model.User
 	// 获取用户信息
 	code := c.Query("code")
-	err, oauthUser := oauthService.Callback(c, code, verifier, op, nonce)
+	err, oauthUser := oauthService.Callback(code, verifier, op, nonce)
 	if err != nil {
 		c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 			"message":     "OauthFailed",

http/controller/api/peer.go

@@ -31,10 +31,10 @@ func (p *Peer) SysInfo(c *gin.Context) {
 		return
 	}
 	fpe := f.ToPeer()
-	pe := service.AllService.PeerService.FindByUuid(f.Uuid)
+	pe := service.AllService.PeerService.FindById(f.Id)
 	if pe.RowId == 0 {
 		pe = f.ToPeer()
-		pe.UserId = service.AllService.UserService.FindLatestUserIdFromLoginLogByUuid(pe.Uuid)
+		pe.UserId = service.AllService.UserService.FindLatestUserIdFromLoginLogByUuid(pe.Uuid, pe.Id)
 		err = service.AllService.PeerService.Create(pe)
 		if err != nil {
 			response.Error(c, response.TranslateMsg(c, "OperationFailed")+err.Error())
@@ -42,7 +42,7 @@ func (p *Peer) SysInfo(c *gin.Context) {
 		}
 	} else {
 		if pe.UserId == 0 {
-			pe.UserId = service.AllService.UserService.FindLatestUserIdFromLoginLogByUuid(pe.Uuid)
+			pe.UserId = service.AllService.UserService.FindLatestUserIdFromLoginLogByUuid(pe.Uuid, pe.Id)
 		}
 		fpe.RowId = pe.RowId
 		fpe.UserId = pe.UserId

http/request/admin/peer.go

@@ -13,6 +13,7 @@ type PeerForm struct {
 	Uuid     string `json:"uuid"`
 	Version  string `json:"version"`
 	GroupId  uint   `json:"group_id"`
+	Alias    string `json:"alias"`
 }
 
 type PeerBatchDeleteForm struct {
@@ -32,6 +33,7 @@ func (f *PeerForm) ToPeer() *model.Peer {
 		Uuid:     f.Uuid,
 		Version:  f.Version,
 		GroupId:  f.GroupId,
+		Alias:    f.Alias,
 	}
 }
 
@@ -43,6 +45,7 @@ type PeerQuery struct {
 	Uuids    string `json:"uuids" form:"uuids"`
 	Ip       string `json:"ip" form:"ip"`
 	Username string `json:"username" form:"username"`
+	Alias    string `json:"alias" form:"alias"`
 }
 
 type SimpleDataQuery struct {

http/router/api.go

@@ -49,6 +49,10 @@ func ApiInit(g *gin.Engine) {
 		frg.GET("/oauth/callback", o.OauthCallback)
 		frg.GET("/oauth/login", o.OauthCallback)
 		frg.GET("/oauth/msg", o.Message)
+
+		frg.GET("/oidc/callback", o.OauthCallback)
+		frg.GET("/oidc/login", o.OauthCallback)
+		frg.GET("/oidc/msg", o.Message)
 	}
 	{
 		pe := &api.Peer{}

model/oauth.go

@@ -41,6 +41,7 @@ type Oauth struct {
 	OauthType    string `json:"oauth_type"`
 	ClientId     string `json:"client_id"`
 	ClientSecret string `json:"client_secret"`
+	//RedirectUrl  string `json:"redirect_url"`
 	AutoRegister *bool  `json:"auto_register"`
 	Scopes       string `json:"scopes"`
 	Issuer       string `json:"issuer"`

model/peer.go

@@ -15,6 +15,7 @@ type Peer struct {
 	LastOnlineTime int64  `json:"last_online_time"  gorm:"default:0;not null;"`
 	LastOnlineIp   string `json:"last_online_ip"  gorm:"default:'';not null;"`
 	GroupId        uint   `json:"group_id"  gorm:"default:0;not null;index"`
+	Alias          string `json:"alias" gorm:"default:'';not null;index"`
 	TimeModel
 }
 

resources/i18n/zh_TW.toml

@@ -5,8 +5,8 @@ other = "測試2 {{.P0}}"
 
 [ParamsError]
 description = "Params validation failed."
-one = "引數錯誤。"
+one = "參數驗證失敗。"
-other = "引數錯誤。"
+other = "參數驗證失敗。"
 
 [OperationFailed]
 description = "OperationFailed."
@@ -20,18 +20,18 @@ other = "操作成功。"
 
 [ItemExists]
 description = "Item already exists."
-one = "資料已存在。"
+one = "項目已存在。"
-other = "資料已存在。"
+other = "項目已存在。"
 
 [ItemNotFound]
 description = "Item not found."
-one = "資料不存在。"
+one = "找不到項目。"
-other = "資料不存在。"
+other = "找不到項目。"
 
 [NoAccess]
 description = "No access."
-one = "無許可權。"
+one = "無權限存取。"
-other = "無許可權。"
+other = "無權限存取。"
 
 [NeedLogin]
 description = "Need login."
@@ -50,24 +50,23 @@ other = "系統錯誤。"
 
 [ConfigNotFound]
 description = "Config not found."
-one = "配置不存在。"
+one = "找不到設定。"
-other = "配置不存在。"
+other = "找不到設定。"
 
-#授權過期
 [OauthExpired]
 description = "Oauth expired."
-one = "授權過期，請重新授權。"
+one = "OAuth 已過期，請重試。"
-other = "授權過期，請重新授權。"
+other = "OAuth 已過期，請重試。"
 
 [OauthFailed]
 description = "Oauth failed."
-one = "授權失敗。"
+one = "OAuth 失敗。"
-other = "授權失敗。"
+other = "OAuth 失敗。"
 
 [OauthHasBindOtherUser]
 description = "Oauth has bind other user."
-one = "授權已繫結其他使用者。"
+one = "OAuth 已綁定其他使用者。"
-other = "授權已繫結其他使用者。"
+other = "OAuth 已綁定其他使用者。"
 
 [ParamIsEmpty]
 description = "Param is empty."
@@ -76,56 +75,64 @@ other = "{{.P0}} 為空。"
 
 [BindFail]
 description = "Bind fail."
-one = "繫結失敗。"
+one = "綁定失敗。"
-other = "繫結失敗。"
+other = "綁定失敗。"
+
 [BindSuccess]
 description = "Bind success."
-one = "繫結成功。"
+one = "綁定成功。"
-other = "繫結成功。"
+other = "綁定成功。"
+
 [OauthHasBeenSuccess]
 description = "Oauth has been success."
-one = "授權已成功。"
+one = "OAuth 已成功。"
-other = "授權已成功。"
+other = "OAuth 已成功。"
+
 [OauthSuccess]
 description = "Oauth success."
-one = "授權成功。"
+one = "OAuth 成功。"
-other = "授權成功。"
+other = "OAuth 成功。"
+
 [OauthRegisterSuccess]
 description = "Oauth register success."
-one = "授權註冊成功。"
+one = "OAuth 註冊成功。"
-other = "授權註冊成功。"
+other = "OAuth 註冊成功。"
+
 [OauthRegisterFailed]
 description = "Oauth register failed."
-one = "授權註冊失敗。"
+one = "OAuth 註冊失敗。"
-other = "授權註冊失敗。"
+other = "OAuth 註冊失敗。"
+
 [GetOauthTokenError]
 description = "Get oauth token error."
-one = "獲取授權token失敗。"
+one = "取得 OAuth 權杖錯誤。"
-other = "獲取授權token失敗。"
+other = "取得 OAuth 權杖錯誤。"
+
 [GetOauthUserInfoError]
 description = "Get oauth user info error."
-one = "獲取授權使用者資訊失敗。"
+one = "取得 OAuth 使用者資訊錯誤。"
-other = "獲取授權使用者資訊失敗。"
+other = "取得 OAuth 使用者資訊錯誤。"
+
 [DecodeOauthUserInfoError]
 description = "Decode oauth user info error."
-one = "解析授權使用者資訊失敗。"
+one = "解析 OAuth 使用者資訊錯誤。"
-other = "解析授權使用者資訊失敗。"
+other = "解析 OAuth 使用者資訊錯誤。"
 
 [OldPasswordError]
 description = "Old password error."
 one = "舊密碼錯誤。"
 other = "舊密碼錯誤。"
 
-
 [DefaultGroup]
 description = "Default group."
-one = "預設組"
+one = "預設群組"
-other = "預設組"
+other = "預設群組"
 
 [ShareGroup]
 description = "Share group."
-one = "共享組"
+one = "共享群組"
-other = "共享組"
+other = "共享群組"
+
 [RegisterClosed]
 description = "Register closed."
 one = "註冊已關閉。"
@@ -143,20 +150,20 @@ other = "驗證碼錯誤。"
 
 [PwdLoginDisabled]
 description = "Password login disabled."
-one = "密碼登錄已禁用。"
+one = "密碼登入已停用。"
-other = "密碼登錄已禁用。"
+other = "密碼登入已停用。"
 
 [CannotShareToSelf]
 description = "Cannot share to self."
-one = "無法共享給自己。"
+one = "無法分享給自己。"
-other = "無法共享給自己。"
+other = "無法分享給自己。"
 
 [Banned]
 description = "Banned."
-one = "禁止使用。"
+one = "已被禁用。"
-other = "禁止使用。"
+other = "已被禁用。"
 
 [RegisterSuccessWaitAdminConfirm]
-description = "Register success wait admin confirm."
+description = "Register success, wait admin confirm."
-one = "註冊成功，請等待管理員確認。"
+one = "註冊成功，等待管理員確認。"
-other = "註冊成功，請等待管理員確認。"
+other = "註冊成功，等待管理員確認。"

resources/templates/oauth_fail.html

@@ -62,7 +62,7 @@
         var title = 'OauthFailed'
         var msg = '{{.message}}'
         var btn = 'Close'
-        document.writeln('<script src="/api/oauth/msg?lang=' + lang + '&msg=' + msg + '&title=OauthFailed"><\/script>');
+        document.writeln('<script src="/api/oidc/msg?lang=' + lang + '&msg=' + msg + '&title=OauthFailed"><\/script>');
     </script>
 </head>
 <body>

resources/templates/oauth_success.html

@@ -61,7 +61,7 @@
         var title = 'OauthSuccess'
         var msg = '{{.message}}'
         var btn = 'Close'
-        document.writeln('<script src="/api/oauth/msg?lang=' + lang + '&msg=' + msg + '&title=OauthSuccess"><\/script>');
+        document.writeln('<script src="/api/oidc/msg?lang=' + lang + '&msg=' + msg + '&title=OauthSuccess"><\/script>');
     </script>
 </head>
 <body>

service/oauth.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 
 	"github.com/coreos/go-oidc/v3/oidc"
-	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/model"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"golang.org/x/oauth2"
@@ -96,20 +95,16 @@ func (os *OauthService) DeleteOauthCache(key string) {
 	OauthCache.Delete(key)
 }
 
-func (os *OauthService) BeginAuth(c *gin.Context, op string) (error error, state, verifier, nonce, url string) {
+func (os *OauthService) BeginAuth(op string) (error error, state, verifier, nonce, url string) {
 	state = utils.RandomString(10) + strconv.FormatInt(time.Now().Unix(), 10)
 	verifier = ""
 	nonce = ""
 	if op == model.OauthTypeWebauth {
-		host := c.GetHeader("Origin")
+		url = Config.Rustdesk.ApiServer + "/_admin/#/oauth/" + state
-		if host == "" {
-			host = Config.Rustdesk.ApiServer
-		}
-		url = host + "/_admin/#/oauth/" + state
 		//url = "http://localhost:8888/_admin/#/oauth/" + code
 		return nil, state, verifier, nonce, url
 	}
-	err, oauthInfo, oauthConfig, _ := os.GetOauthConfig(c, op)
+	err, oauthInfo, oauthConfig, _ := os.GetOauthConfig(op)
 	if err == nil {
 		extras := make([]oauth2.AuthCodeOption, 0, 3)
 
@@ -174,20 +169,16 @@ func (os *OauthService) LinuxdoProvider() *oidc.Provider {
 }
 
 // GetOauthConfig retrieves the OAuth2 configuration based on the provider name
-func (os *OauthService) GetOauthConfig(c *gin.Context, op string) (err error, oauthInfo *model.Oauth, oauthConfig *oauth2.Config, provider *oidc.Provider) {
+func (os *OauthService) GetOauthConfig(op string) (err error, oauthInfo *model.Oauth, oauthConfig *oauth2.Config, provider *oidc.Provider) {
 	//err, oauthInfo, oauthConfig = os.getOauthConfigGeneral(op)
 	oauthInfo = os.InfoByOp(op)
 	if oauthInfo.Id == 0 || oauthInfo.ClientId == "" || oauthInfo.ClientSecret == "" {
 		return errors.New("ConfigNotFound"), nil, nil, nil
 	}
-	host := c.GetHeader("Origin")
-	if host == "" {
-		host = Config.Rustdesk.ApiServer
-	}
 	oauthConfig = &oauth2.Config{
 		ClientID:     oauthInfo.ClientId,
 		ClientSecret: oauthInfo.ClientSecret,
-		RedirectURL:  host + "/api/oidc/callback",
+		RedirectURL:  Config.Rustdesk.ApiServer + "/api/oidc/callback",
 	}
 
 	// Maybe should validate the oauthConfig here
@@ -342,8 +333,8 @@ func (os *OauthService) oidcCallback(oauthConfig *oauth2.Config, provider *oidc.
 }
 
 // Callback: Get user information by code and op(Oauth provider)
-func (os *OauthService) Callback(c *gin.Context, code, verifier, op, nonce string) (err error, oauthUser *model.OauthUser) {
+func (os *OauthService) Callback(code, verifier, op, nonce string) (err error, oauthUser *model.OauthUser) {
-	err, oauthInfo, oauthConfig, provider := os.GetOauthConfig(c, op)
+	err, oauthInfo, oauthConfig, provider := os.GetOauthConfig(op)
 	// oauthType is already validated in GetOauthConfig
 	if err != nil {
 		return err, nil

service/user.go

@@ -395,10 +395,10 @@ func (us *UserService) UserThirdInfo(userId uint, op string) *model.UserThird {
 	return ut
 }
 
-// FindLatestUserIdFromLoginLogByUuid 根据uuid查找最后登录的用户id
+// FindLatestUserIdFromLoginLogByUuid 根据uuid和设备id查找最后登录的用户id
-func (us *UserService) FindLatestUserIdFromLoginLogByUuid(uuid string) uint {
+func (us *UserService) FindLatestUserIdFromLoginLogByUuid(uuid string, deviceId string) uint {
 	llog := &model.LoginLog{}
-	DB.Where("uuid = ?", uuid).Order("id desc").First(llog)
+	DB.Where("uuid = ? and device_id = ?", uuid, deviceId).Order("id desc").First(llog)
 	return llog.UserId
 }
 

utils/captcha.go

@@ -5,7 +5,8 @@ import (
 	"time"
 )
 
-var capdString = base64Captcha.NewDriverString(50, 150, 0, 5, 4, "123456789abcdefghijklmnopqrstuvwxyz", nil, nil, nil)
+var capdString = base64Captcha.NewDriverString(50, 150, 0, 5, 4, "123456789abcdefghijklmnopqrstuvwxyz", nil, nil,
+	[]string{"3Dumb.ttf", "ApothecaryFont.ttf", "Comismsh.ttf", "Flim-Flam.ttf", "RitaSmith.ttf", "wqy-microhei.ttc"})
 
 var capdMath = base64Captcha.NewDriverMath(50, 150, 3, 10, nil, nil, nil)