tcjlj/nezha
1
0
Fork 0
mirror of https://github.com/nezhahq/nezha.git synced 2025-02-02 09:38:13 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: oauth2 redirect url not consistent

Browse Source
This commit is contained in:
uubulb 2024-12-31 03:11:50 +08:00
parent 953fa153cc
commit a2541b0a5c
3 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/dashboard/controller/oauth2.go
View File

@ -80,7 +80,7 @@ func oauth2redirect(c *gin.Context) (*model.Oauth2LoginResponse, error) {
return &model.Oauth2LoginResponse{Redirect: url}, nil
}
func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider string, callbackData model.Oauth2Callback) (string, error) {
func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider string, callbackData model.Oauth2Callback, typ Oauth2LoginType) (string, error) {
// 验证登录跳转时的 State
stateKey, err := c.Cookie("nz-o2s")
if err != nil {
@ -91,7 +91,7 @@ func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider stri
return "", singleton.Localizer.ErrorT("invalid state key")
}
o2conf := o2confRaw.Setup(getRedirectURL(c, provider, rTypeLogin))
o2conf := o2confRaw.Setup(getRedirectURL(c, provider, typ))
ctx := context.Background()
@ -110,7 +110,7 @@ func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, provider stri
return "", err
}
return gjson.Get(string(body), o2confRaw.UserIDPath).String(), nil
return gjson.GetBytes(body, o2confRaw.UserIDPath).String(), nil
}
// @Summary Oauth2 Callback
@ -132,7 +132,6 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (*mode
if !has {
return nil, singleton.Localizer.ErrorT("provider not found")
}
provider = strings.ToLower(provider)
var callbackData model.Oauth2Callback
if err := c.ShouldBind(&callbackData); err != nil {
@ -146,14 +145,14 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (*mode
return nil, singleton.Localizer.ErrorT("code is required")
}
openId, err := exchangeOpenId(c, o2confRaw, provider, callbackData)
openId, err := exchangeOpenId(c, o2confRaw, provider, callbackData, rTypeLogin)
if err != nil {
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeBruteForceOauth2, model.BlockIDToken)
return nil, err
}
var bind model.Oauth2Bind
if err := singleton.DB.Where("provider = ? AND open_id = ?", provider, openId).First(&bind).Error; err != nil {
if err := singleton.DB.Where("provider = ? AND open_id = ?", strings.ToLower(provider), openId).First(&bind).Error; err != nil {
return nil, singleton.Localizer.ErrorT("oauth2 user not binded yet")
}
@ -187,14 +186,14 @@ func bindOauth2(c *gin.Context) (any, error) {
if !has {
return nil, singleton.Localizer.ErrorT("provider not found")
}
provider = strings.ToLower(provider)
openId, err := exchangeOpenId(c, o2conf, provider, bindData)
openId, err := exchangeOpenId(c, o2conf, provider, bindData, rTypeBind)
if err != nil {
return nil, err
}
u := c.MustGet(model.CtxKeyAuthorizedUser).(*model.User)
provider = strings.ToLower(provider)
var bind model.Oauth2Bind
result := singleton.DB.Where("provider = ? AND open_id = ?", provider, openId).Limit(1).Find(&bind)

2
go.mod
View File

@ -33,7 +33,7 @@ require (
golang.org/x/crypto v0.31.0
golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67
golang.org/x/net v0.33.0
golang.org/x/oauth2 v0.23.0
golang.org/x/oauth2 v0.24.0
golang.org/x/sync v0.10.0
google.golang.org/grpc v1.69.2
google.golang.org/protobuf v1.36.0

4
go.sum
View File

@ -198,8 +198,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=