mirror of
https://github.com/Buriburizaem0n/nezha_domains.git
synced 2026-02-04 12:40:07 +00:00
✨ 接入 Gitee 登录,v0.4.11 之前的用户需要更新配置文件
This commit is contained in:
naiba
@@ -4,6 +4,7 @@ import (
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/naiba/nezha/model"
|
||||
"github.com/naiba/nezha/pkg/mygin"
|
||||
"github.com/naiba/nezha/service/dao"
|
||||
"golang.org/x/oauth2"
|
||||
@@ -26,12 +27,23 @@ func (gp *guestPage) serve() {
|
||||
|
||||
gr.GET("/login", gp.login)
|
||||
|
||||
var endPoint oauth2.Endpoint
|
||||
|
||||
if dao.Conf.Oauth2.Type == model.ConfigTypeGitee {
|
||||
endPoint = oauth2.Endpoint{
|
||||
AuthURL: "https://gitee.com/oauth/authorize",
|
||||
TokenURL: "https://gitee.com/oauth/token",
|
||||
}
|
||||
} else {
|
||||
endPoint = github.Endpoint
|
||||
}
|
||||
|
||||
oauth := &oauth2controller{
|
||||
oauth2Config: &oauth2.Config{
|
||||
ClientID: dao.Conf.GitHub.ClientID,
|
||||
ClientSecret: dao.Conf.GitHub.ClientSecret,
|
||||
ClientID: dao.Conf.Oauth2.ClientID,
|
||||
ClientSecret: dao.Conf.Oauth2.ClientSecret,
|
||||
Scopes: []string{},
|
||||
Endpoint: github.Endpoint,
|
||||
Endpoint: endPoint,
|
||||
},
|
||||
r: gr,
|
||||
}
|
||||
|
||||
@@ -447,6 +447,7 @@ type settingForm struct {
|
||||
CustomCode string
|
||||
ViewPassword string
|
||||
EnableIPChangeNotification string
|
||||
Oauth2Type string
|
||||
}
|
||||
|
||||
func (ma *memberAPI) updateSetting(c *gin.Context) {
|
||||
@@ -463,7 +464,8 @@ func (ma *memberAPI) updateSetting(c *gin.Context) {
|
||||
dao.Conf.Site.Theme = sf.Theme
|
||||
dao.Conf.Site.CustomCode = sf.CustomCode
|
||||
dao.Conf.Site.ViewPassword = sf.ViewPassword
|
||||
dao.Conf.GitHub.Admin = sf.Admin
|
||||
dao.Conf.Oauth2.Type = sf.Oauth2Type
|
||||
dao.Conf.Oauth2.Admin = sf.Admin
|
||||
if err := dao.Conf.Save(); err != nil {
|
||||
c.JSON(http.StatusOK, model.Response{
|
||||
Code: http.StatusBadRequest,
|
||||
|
||||
@@ -2,11 +2,14 @@ package controller
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/go-github/github"
|
||||
GitHubAPI "github.com/google/go-github/github"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
@@ -26,7 +29,16 @@ func (oa *oauth2controller) serve() {
|
||||
oa.r.GET("/oauth2/callback", oa.callback)
|
||||
}
|
||||
|
||||
func (oa *oauth2controller) fillRedirectURL(c *gin.Context) {
|
||||
schame := "http://"
|
||||
if strings.HasPrefix(c.Request.Referer(), "https://") {
|
||||
schame = "https://"
|
||||
}
|
||||
oa.oauth2Config.RedirectURL = schame + c.Request.Host + "/oauth2/callback"
|
||||
}
|
||||
|
||||
func (oa *oauth2controller) login(c *gin.Context) {
|
||||
oa.fillRedirectURL(c)
|
||||
state := utils.RandStringBytesMaskImprSrcUnsafe(6)
|
||||
dao.Cache.Set(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, c.ClientIP()), state, 0)
|
||||
url := oa.oauth2Config.AuthCodeURL(state, oauth2.AccessTypeOnline)
|
||||
@@ -34,30 +46,32 @@ func (oa *oauth2controller) login(c *gin.Context) {
|
||||
}
|
||||
|
||||
func (oa *oauth2controller) callback(c *gin.Context) {
|
||||
oa.fillRedirectURL(c)
|
||||
var err error
|
||||
// 验证登录跳转时的 State
|
||||
state, ok := dao.Cache.Get(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, c.ClientIP()))
|
||||
if !ok || state.(string) != c.Query("state") {
|
||||
mygin.ShowErrorPage(c, mygin.ErrInfo{
|
||||
Code: http.StatusBadRequest,
|
||||
Title: "登录失败",
|
||||
Msg: fmt.Sprintf("错误信息:%s", "非法的登录方式"),
|
||||
}, true)
|
||||
return
|
||||
err = errors.New("非法的登录方式")
|
||||
}
|
||||
// 拉取验证用户信息
|
||||
ctx := context.Background()
|
||||
otk, err := oa.oauth2Config.Exchange(ctx, c.Query("code"))
|
||||
if err != nil {
|
||||
mygin.ShowErrorPage(c, mygin.ErrInfo{
|
||||
Code: http.StatusBadRequest,
|
||||
Title: "登录失败",
|
||||
Msg: fmt.Sprintf("错误信息:%s", err),
|
||||
}, true)
|
||||
return
|
||||
var otk *oauth2.Token
|
||||
if err == nil {
|
||||
otk, err = oa.oauth2Config.Exchange(ctx, c.Query("code"))
|
||||
}
|
||||
oc := oa.oauth2Config.Client(ctx, otk)
|
||||
client := GitHubAPI.NewClient(oc)
|
||||
gu, _, err := client.Users.Get(ctx, "")
|
||||
var client *GitHubAPI.Client
|
||||
if err == nil {
|
||||
oc := oa.oauth2Config.Client(ctx, otk)
|
||||
if dao.Conf.Oauth2.Type == "gitee" {
|
||||
client, err = GitHubAPI.NewEnterpriseClient("https://gitee.com/api/v5/", "https://gitee.com/api/v5/", oc)
|
||||
} else {
|
||||
client = GitHubAPI.NewClient(oc)
|
||||
}
|
||||
}
|
||||
var gu *github.User
|
||||
if err == nil {
|
||||
gu, _, err = client.Users.Get(ctx, "")
|
||||
}
|
||||
log.Printf("%+v", gu)
|
||||
if err != nil {
|
||||
mygin.ShowErrorPage(c, mygin.ErrInfo{
|
||||
Code: http.StatusBadRequest,
|
||||
@@ -67,12 +81,10 @@ func (oa *oauth2controller) callback(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
var isAdmin bool
|
||||
if gu.GetID() > 0 {
|
||||
for _, admin := range strings.Split(dao.Conf.GitHub.Admin, ",") {
|
||||
if fmt.Sprintf("%d", gu.GetID()) == admin {
|
||||
isAdmin = true
|
||||
break
|
||||
}
|
||||
for _, admin := range strings.Split(dao.Conf.Oauth2.Admin, ",") {
|
||||
if admin != "" && gu.GetLogin() == admin {
|
||||
isAdmin = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !isAdmin {
|
||||
|
||||
Reference in New Issue
Block a user