🔖 dashboard v0.12.25 refactor oauth2 login

README.md

@@ -4,7 +4,7 @@
   <br>
   <small><i>LOGO designed by <a href="https://xio.ng" target="_blank">熊大</a> .</i></small>
   <br><br>
-<img src="https://img.shields.io/github/workflow/status/naiba/nezha/Dashboard%20image?label=Dash%20v0.12.24&logo=github&style=for-the-badge">&nbsp;<img src="https://img.shields.io/github/v/release/naiba/nezha?color=brightgreen&label=Agent&style=for-the-badge&logo=github">&nbsp;<img src="https://img.shields.io/github/workflow/status/naiba/nezha/Agent%20release?label=Agent%20CI&logo=github&style=for-the-badge">&nbsp;<img src="https://img.shields.io/badge/Installer-v0.8.2-brightgreen?style=for-the-badge&logo=linux">
+<img src="https://img.shields.io/github/workflow/status/naiba/nezha/Dashboard%20image?label=Dash%20v0.12.25&logo=github&style=for-the-badge">&nbsp;<img src="https://img.shields.io/github/v/release/naiba/nezha?color=brightgreen&label=Agent&style=for-the-badge&logo=github">&nbsp;<img src="https://img.shields.io/github/workflow/status/naiba/nezha/Agent%20release?label=Agent%20CI&logo=github&style=for-the-badge">&nbsp;<img src="https://img.shields.io/badge/Installer-v0.8.2-brightgreen?style=for-the-badge&logo=linux">
   <br>
   <br>
   <p>:trollface: <b>哪吒监控</b> 一站式轻监控轻运维系统。支持系统状态、HTTP(SSL 证书变更、即将到期、到期)、TCP、Ping 监控报警，计划任务和在线终端。</p>

cmd/dashboard/controller/oauth2.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	GitHubAPI "github.com/google/go-github/github"
+	"github.com/patrickmn/go-cache"
 	"golang.org/x/oauth2"
 	GitHubOauth2 "golang.org/x/oauth2/github"
 
@@ -58,18 +59,25 @@ func (oa *oauth2controller) getRedirectURL(c *gin.Context) string {
 }
 
 func (oa *oauth2controller) login(c *gin.Context) {
-	state := utils.RandStringBytesMaskImprSrcUnsafe(6)
+	randomString := utils.RandStringBytesMaskImprSrcUnsafe(32)
-	singleton.Cache.Set(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, c.ClientIP()), state, 0)
+	state, stateKey := randomString[:16], randomString[16:]
+	singleton.Cache.Set(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, stateKey), state, cache.DefaultExpiration)
 	url := oa.getCommonOauth2Config(c).AuthCodeURL(state, oauth2.AccessTypeOnline)
-	c.Redirect(http.StatusFound, url)
+	c.SetCookie(singleton.Conf.Site.CookieName+"-sk", stateKey, 60*5, "", "", false, false)
+	c.HTML(http.StatusOK, "dashboard/redirect", gin.H{
+		"URL": url,
+	})
 }
 
 func (oa *oauth2controller) callback(c *gin.Context) {
 	var err error
 	// 验证登录跳转时的 State
-	state, ok := singleton.Cache.Get(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, c.ClientIP()))
+	stateKey, err := c.Cookie(singleton.Conf.Site.CookieName + "-sk")
-	if !ok || state.(string) != c.Query("state") {
+	if err == nil {
-		err = errors.New("非法的登录方式")
+		state, ok := singleton.Cache.Get(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, stateKey))
+		if !ok || state.(string) != c.Query("state") {
+			err = errors.New("非法的登录方式")
+		}
 	}
 	oauth2Config := oa.getCommonOauth2Config(c)
 	ctx := context.Background()
@@ -117,6 +125,7 @@ func (oa *oauth2controller) callback(c *gin.Context) {
 	user.IssueNewToken()
 	singleton.DB.Save(&user)
 	c.SetCookie(singleton.Conf.Site.CookieName, user.Token, 60*60*24, "", "", false, false)
-	c.Status(http.StatusOK)
+	c.HTML(http.StatusOK, "dashboard/redirect", gin.H{
-	c.Writer.WriteString("<script>window.location.href='/'</script>")
+		"URL": "/",
+	})
 }

resource/template/dashboard/redirect.html

@@ -0,0 +1,17 @@
+{{define "dashboard/redirect"}}
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Redireting..</title>
+</head>
+
+<body>
+    <script>window.location.href = "{{.URL}}"</script>
+</body>
+
+</html>
+{{end}}

service/singleton/singleton.go

@@ -12,7 +12,7 @@ import (
 	"github.com/naiba/nezha/pkg/utils"
 )
 
-var Version = "v0.12.24" // ！！记得修改 README 中的 badge 版本！！
+var Version = "v0.12.25" // ！！记得修改 README 中的 badge 版本！！
 
 var (
 	Conf  *model.Config