添加OIDC支持 (#387)

* add general OIDC * use "github.com/coreos/go-oidc/v3/oidc" to simplify oidc config * fix: check if https by X-Forwarded-Proto * recovery config.yaml
2026-02-04 12:40:07 +00:00 · 2024-07-13 06:51:59 +02:00
parent 17373e2dee
commit e1513203b4
7 changed files with 204 additions and 35 deletions
--- a/model/config.go
+++ b/model/config.go
@@ -38,6 +38,7 @@ const (
 	ConfigTypeJihulab    = "jihulab"
 	ConfigTypeGitea      = "gitea"
 	ConfigTypeCloudflare = "cloudflare"
+	ConfigTypeOidc       = "oidc"
 )

 const (
@@ -87,11 +88,21 @@ type Config struct {
 		ViewPassword   string // 前台查看密码
 	}
 	Oauth2 struct {
-		Type         string
-		Admin        string // 管理员用户名列表
-		ClientID     string
-		ClientSecret string
-		Endpoint     string
+		Type            string
+		Admin           string // 管理员用户名列表
+		AdminGroups     string // 管理员用户组列表
+		ClientID        string
+		ClientSecret    string
+		Endpoint        string
+		OidcDisplayName string // for OIDC Display Name
+		OidcIssuer      string // for OIDC Issuer
+		OidcLogoutURL   string // for OIDC Logout URL
+		OidcRegisterURL string // for OIDC Register URL
+		OidcLoginClaim  string // for OIDC Claim
+		OidcGroupClaim  string // for OIDC Group Claim
+		OidcScopes      string // for OIDC Scopes
+		OidcAutoCreate  bool   // for OIDC Auto Create
+		OidcAutoLogin   bool   // for OIDC Auto Login
 	}
 	HTTPPort      uint
 	GRPCPort      uint
@@ -181,6 +192,18 @@ func (c *Config) Read(path string) error {
 	if c.DDNS.MaxRetries == 0 {
 		c.DDNS.MaxRetries = 3
 	}
+	if c.Oauth2.OidcScopes == "" {
+		c.Oauth2.OidcScopes = "openid,profile,email"
+	}
+	if c.Oauth2.OidcLoginClaim == "" {
+		c.Oauth2.OidcLoginClaim = "sub"
+	}
+	if c.Oauth2.OidcDisplayName == "" {
+		c.Oauth2.OidcDisplayName = "OIDC"
+	}
+	if c.Oauth2.OidcGroupClaim == "" {
+		c.Oauth2.OidcGroupClaim = "groups"
+	}

 	c.updateIgnoredIPNotificationID()
 	return nil