添加OIDC支持 (#387)

* add general OIDC * use "github.com/coreos/go-oidc/v3/oidc" to simplify oidc config * fix: check if https by X-Forwarded-Proto * recovery config.yaml
2026-02-04 12:40:07 +00:00 · 2024-07-13 06:51:59 +02:00
parent 17373e2dee
commit e1513203b4
7 changed files with 204 additions and 35 deletions
--- a/pkg/oidc/general/general.go
+++ b/pkg/oidc/general/general.go
@@ -0,0 +1,56 @@
+package general
+
+import (
+	"github.com/naiba/nezha/model"
+	"github.com/naiba/nezha/service/singleton"
+)
+
+type UserInfo struct {
+	Sub      string   `json:"sub"`
+	Username string   `json:"preferred_username"`
+	Email    string   `json:"email"`
+	Name     string   `json:"name"`
+	Groups   []string `json:"groups,omitempty"`
+	Roles    []string `json:"roles,omitempty"`
+}
+
+func (u UserInfo) MapToNezhaUser(loginClaim string, groupClaim string, adminGroups []string, autoCreate bool) model.User {
+	var user model.User
+	var login string
+	var groups []string
+	var isAdmin bool
+	if loginClaim == "email" {
+		login = u.Email
+	} else if loginClaim == "preferred_username" {
+		login = u.Username
+	} else {
+		login = u.Sub
+	}
+	if groupClaim == "roles" {
+		groups = u.Roles
+	} else {
+		groups = u.Groups
+	}
+	// Check if user is admin
+	adminGroupSet := make(map[string]struct{}, len(adminGroups))
+	for _, adminGroup := range adminGroups {
+		adminGroupSet[adminGroup] = struct{}{}
+	}
+	for _, group := range groups {
+		if _, found := adminGroupSet[group]; found {
+			isAdmin = true
+			break
+		}
+	}
+	result := singleton.DB.Where("login = ?", login).First(&user)
+	user.Login = login
+	user.Email = u.Email
+	user.Name = u.Name
+	user.SuperAdmin = isAdmin
+	if result.Error != nil && autoCreate {
+		singleton.DB.Create(&user)
+	} else if result.Error != nil {
+		return model.User{}
+	}
+	return user
+}