From a2541b0a5c79d24b6a749c73002fef4851a7a3c4 Mon Sep 17 00:00:00 2001
From: uubulb <uub@kuzu.uk>
Date: Tue, 31 Dec 2024 03:11:50 +0800
Subject: [PATCH] fix: oauth2 redirect url not consistent

---
 cmd/dashboard/controller/oauth2.go | 15 +++++++--------
 go.mod                             |  2 +-
 go.sum                             |  4 ++--
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/cmd/dashboard/controller/oauth2.go b/cmd/dashboard/controller/oauth2.go
index 5dd6f16..7988400 100644
--- a/cmd/dashboard/controller/oauth2.go
+++ b/cmd/dashboard/controller/oauth2.go
@@ -80,7 +80,7 @@ func oauth2redirect(c *gin.Context) (*model.Oauth2LoginResponse, error) {
 	return &model.Oauth2LoginResponse{Redirect: url}, nil
 }
 
-func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider string, callbackData model.Oauth2Callback) (string, error) {
+func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider string, callbackData model.Oauth2Callback, typ Oauth2LoginType) (string, error) {
 	// 验证登录跳转时的 State
 	stateKey, err := c.Cookie("nz-o2s")
 	if err != nil {
@@ -91,7 +91,7 @@ func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider stri
 		return "", singleton.Localizer.ErrorT("invalid state key")
 	}
 
-	o2conf := o2confRaw.Setup(getRedirectURL(c, provider, rTypeLogin))
+	o2conf := o2confRaw.Setup(getRedirectURL(c, provider, typ))
 
 	ctx := context.Background()
 
@@ -110,7 +110,7 @@ func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider stri
 		return "", err
 	}
 
-	return gjson.Get(string(body), o2confRaw.UserIDPath).String(), nil
+	return gjson.GetBytes(body, o2confRaw.UserIDPath).String(), nil
 }
 
 // @Summary Oauth2 Callback
@@ -132,7 +132,6 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (*mode
 		if !has {
 			return nil, singleton.Localizer.ErrorT("provider not found")
 		}
-		provider = strings.ToLower(provider)
 
 		var callbackData model.Oauth2Callback
 		if err := c.ShouldBind(&callbackData); err != nil {
@@ -146,14 +145,14 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (*mode
 			return nil, singleton.Localizer.ErrorT("code is required")
 		}
 
-		openId, err := exchangeOpenId(c, o2confRaw, provider, callbackData)
+		openId, err := exchangeOpenId(c, o2confRaw, provider, callbackData, rTypeLogin)
 		if err != nil {
 			model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeBruteForceOauth2, model.BlockIDToken)
 			return nil, err
 		}
 
 		var bind model.Oauth2Bind
-		if err := singleton.DB.Where("provider = ? AND open_id = ?", provider, openId).First(&bind).Error; err != nil {
+		if err := singleton.DB.Where("provider = ? AND open_id = ?", strings.ToLower(provider), openId).First(&bind).Error; err != nil {
 			return nil, singleton.Localizer.ErrorT("oauth2 user not binded yet")
 		}
 
@@ -187,14 +186,14 @@ func bindOauth2(c *gin.Context) (any, error) {
 	if !has {
 		return nil, singleton.Localizer.ErrorT("provider not found")
 	}
-	provider = strings.ToLower(provider)
 
-	openId, err := exchangeOpenId(c, o2conf, provider, bindData)
+	openId, err := exchangeOpenId(c, o2conf, provider, bindData, rTypeBind)
 	if err != nil {
 		return nil, err
 	}
 
 	u := c.MustGet(model.CtxKeyAuthorizedUser).(*model.User)
+	provider = strings.ToLower(provider)
 
 	var bind model.Oauth2Bind
 	result := singleton.DB.Where("provider = ? AND open_id = ?", provider, openId).Limit(1).Find(&bind)
diff --git a/go.mod b/go.mod
index 1df547b..9973d7d 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,7 @@ require (
 	golang.org/x/crypto v0.31.0
 	golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67
 	golang.org/x/net v0.33.0
-	golang.org/x/oauth2 v0.23.0
+	golang.org/x/oauth2 v0.24.0
 	golang.org/x/sync v0.10.0
 	google.golang.org/grpc v1.69.2
 	google.golang.org/protobuf v1.36.0
diff --git a/go.sum b/go.sum
index a103bcc..d5f9460 100644
--- a/go.sum
+++ b/go.sum
@@ -198,8 +198,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=