feat: 绑定 oauth2

2026-02-04 04:30:05 +00:00 · 2024-12-28 23:50:59 +08:00
parent 8554f3eba7
commit 18020939da
15 changed files with 360 additions and 24 deletions
--- a/model/api.go
+++ b/model/api.go
@@ -4,6 +4,15 @@ const (
 	ApiErrorUnauthorized = 10001
 )

+type Oauth2LoginResponse struct {
+	Redirect string `json:"redirect,omitempty"`
+}
+
+type Oauth2Callback struct {
+	State string `json:"state,omitempty"`
+	Code  string `json:"code,omitempty"`
+}
+
 type LoginRequest struct {
 	Username string `json:"username,omitempty"`
 	Password string `json:"password,omitempty"`
--- a/model/common.go
+++ b/model/common.go
@@ -16,6 +16,10 @@ const (
 	CtxKeyRealIPStr      = "ckri"
 )

+const (
+	CacheKeyOauth2State = "cko2s::"
+)
+
 type CtxKeyRealIP struct{}
 type CtxKeyConnectingIP struct{}

--- a/model/config.go
+++ b/model/config.go
@@ -1,8 +1,10 @@
 package model

 import (
+	"maps"
 	"os"
 	"path/filepath"
+	"slices"
 	"strconv"
 	"strings"

@@ -21,6 +23,17 @@ const (
 	ConfigCoverIgnoreAll
 )

+type ConfigForGuests struct {
+	Language            string   `json:"language"`
+	SiteName            string   `json:"site_name"`
+	CustomCode          string   `json:"custom_code,omitempty"`
+	CustomCodeDashboard string   `json:"custom_code_dashboard,omitempty"`
+	Oauth2Providers     []string `json:"oauth2_providers,omitempty"`
+
+	InstallHost string `json:"install_host,omitempty"`
+	TLS         bool   `json:"tls,omitempty"`
+}
+
 type Config struct {
 	Debug        bool   `mapstructure:"debug" json:"debug,omitempty"`                   // debug模式开关
 	RealIPHeader string `mapstructure:"real_ip_header" json:"real_ip_header,omitempty"` // 真实IP
@@ -52,6 +65,11 @@ type Config struct {
 	CustomCode          string `mapstructure:"custom_code" json:"custom_code,omitempty"`
 	CustomCodeDashboard string `mapstructure:"custom_code_dashboard" json:"custom_code_dashboard,omitempty"`

+	// oauth2 配置
+	Oauth2 map[string]*Oauth2Config `mapstructure:"oauth2" json:"oauth2,omitempty"`
+	// oauth2 供应商列表，无需配置，自动生成
+	Oauth2Providers []string `yaml:"-" json:"oauth2_providers,omitempty"`
+
 	k        *koanf.Koanf `json:"-"`
 	filePath string       `json:"-"`
 }
@@ -132,6 +150,8 @@ func (c *Config) Read(path string, frontendTemplates []FrontendTemplate) error {
 		}
 	}

+	c.Oauth2Providers = slices.Collect(maps.Keys(c.Oauth2))
+
 	c.updateIgnoredIPNotificationID()
 	return nil
 }
--- a/model/oauth2bind.go
+++ b/model/oauth2bind.go
@@ -0,0 +1,9 @@
+package model
+
+type Oauth2Bind struct {
+	Common
+
+	UserID   uint64 `gorm:"uniqueIndex:u_p_o" json:"user_id,omitempty"`
+	Provider string `gorm:"uniqueIndex:u_p_o" json:"provider,omitempty"`
+	OpenID   string `gorm:"uniqueIndex:u_p_o" json:"open_id,omitempty"`
+}
--- a/model/oauth2config.go
+++ b/model/oauth2config.go
@@ -0,0 +1,33 @@
+package model
+
+import (
+	"golang.org/x/oauth2"
+)
+
+type Oauth2Config struct {
+	ClientID     string         `mapstructure:"client_id" json:"client_id,omitempty"`
+	ClientSecret string         `mapstructure:"client_secret" json:"client_secret,omitempty"`
+	Endpoint     Oauth2Endpoint `mapstructure:"endpoint" json:"endpoint,omitempty"`
+	Scopes       []string       `mapstructure:"scopes" json:"scopes,omitempty"`
+
+	UserInfoURL string `mapstructure:"user_info_url" json:"user_info_url,omitempty"`
+	UserIDPath  string `mapstructure:"user_id_path" json:"user_id_path,omitempty"`
+}
+
+type Oauth2Endpoint struct {
+	AuthURL  string `mapstructure:"auth_url" json:"auth_url,omitempty"`
+	TokenURL string `mapstructure:"token_url" json:"token_url,omitempty"`
+}
+
+func (c *Oauth2Config) Setup(redirectURL string) *oauth2.Config {
+	return &oauth2.Config{
+		ClientID:     c.ClientID,
+		ClientSecret: c.ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  c.Endpoint.AuthURL,
+			TokenURL: c.Endpoint.TokenURL,
+		},
+		RedirectURL: redirectURL,
+		Scopes:      c.Scopes,
+	}
+}
--- a/model/setting_api.go
+++ b/model/setting_api.go
@@ -28,8 +28,8 @@ type FrontendTemplate struct {
 	IsOfficial bool   `json:"is_official,omitempty"`
 }

-type SettingResponse struct {
-	Config
+type SettingResponse[T any] struct {
+	Config T `json:"config,omitempty"`

 	Version           string             `json:"version,omitempty"`
 	FrontendTemplates []FrontendTemplate `json:"frontend_templates,omitempty"`
--- a/model/user.go
+++ b/model/user.go
@@ -42,7 +42,8 @@ func (u *User) BeforeSave(tx *gorm.DB) error {

 type Profile struct {
 	User
-	LoginIP string `json:"login_ip,omitempty"`
+	LoginIP    string            `json:"login_ip,omitempty"`
+	Oauth2Bind map[string]string `json:"oauth2_bind,omitempty"`
 }

 type OnlineUser struct {
--- a/model/waf.go
+++ b/model/waf.go
@@ -15,6 +15,7 @@ const (
 	WAFBlockReasonTypeBruteForceToken
 	WAFBlockReasonTypeAgentAuthFail
 	WAFBlockReasonTypeManual
+	WAFBlockReasonTypeBruteForceOauth2
 )

 const (