This commit is contained in:
KaySar12 2024-08-13 12:19:14 +07:00
parent 634c492519
commit c385748979
7 changed files with 99 additions and 16 deletions

1
.gitignore vendored
View File

@ -36,3 +36,4 @@ linux-amd64-nextzenos-user-service-v1.3.0.tar.gz
dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
linux-amd64-nextzenos-user-service-v1.2.3.tar.gz
dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service

2
dist/metadata.json vendored
View File

@ -1 +1 @@
{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"5f1a22031693c9e00ce1e6708325735fce3a81d2","date":"2024-08-10T12:28:54.51296295+07:00","runtime":{"goos":"linux","goarch":"amd64"}}
{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"634c492519a2c929fc20b8d2d1f2f403ea79197c","date":"2024-08-13T11:38:58.760480343+07:00","runtime":{"goos":"linux","goarch":"amd64"}}

View File

@ -35,9 +35,8 @@ func InitRouter() *gin.Engine {
r.GET("/v1/users/image", v1.GetUserImage)
r.GET("/v1/users/:username", v1.GetUserInfoByUsername)
r.GET("/v1/users/status", v1.GetUserStatus) // init/check
r.GET("/v1/users/oidc/login", v1.OIDCLogin)
r.POST("/v1/users/oidc/login", v1.OIDCLogin)
r.GET("/v1/users/oidc/callback", v1.OIDCCallback)
r.GET("/v1/users/oidc/profile")
v1Group := r.Group("/v1")
v1Group.Use(jwt.JWT(

View File

@ -7,6 +7,7 @@ import (
"encoding/base64"
"encoding/json"
json2 "encoding/json"
"fmt"
"image"
"image/png"
"io"
@ -43,10 +44,11 @@ import (
)
var (
baseURL = "https://auth.c14soft.com"
clientID = "6KwKSxLCtaQ4r6HoAn3gdNMbNOAf75j3SejLIAx7"
clientSecret = "PE05fcDP4qESUmyZ1TNYpZNBxRPq70VpFI81vehsoJ6WhGz5yPXMljrFrOdMRdRhrYmF03fHWTZHgO9ZdNENrLN13BzL8CAgtEkTsyjXfgx9GvISheIjYfpSfvo219fL"
authURL = "https://auth.c14soft.com/application/o/nextzenos-oidc/" // e.g., "https://authentik.example.com/"
callbackURL = "http://172.26.157.79:81/v1/users/oidc/callback" // e.g., "http://localhost:8080/callback"
authURL = "https://auth.c14soft.com/application/o/nextzenos-oidc/" //
callbackURL = "http://172.26.157.79:8080/v1/users/oidc/callback"
)
// @Summary register user
@ -198,18 +200,23 @@ func OIDC() {
ClientSecret: clientSecret,
RedirectURL: callbackURL,
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "goauthentik.io/api", "offline_access"},
}
}
func OIDCLogin(c *gin.Context) {
state, err := randString(16)
if err != nil {
return
}
json := make(map[string]string)
c.ShouldBind(&json)
state := json["state"]
w := c.Writer
r := c.Request
setCallbackCookie(w, r, "state", state)
c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state))
// c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state))
c.JSON(common_err.SUCCESS,
model.Result{
Success: common_err.SUCCESS,
Message: common_err.GetMsg(common_err.SUCCESS),
Data: oauth2Config.AuthCodeURL(state),
})
}
func OIDCCallback(c *gin.Context) {
w := c.Writer
@ -237,12 +244,29 @@ func OIDCCallback(c *gin.Context) {
OAuth2Token *oauth2.Token
UserInfo *oidc.UserInfo
}{oauth2Token, userInfo}
data, err := json.MarshalIndent(resp, "", " ")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
// data, err := json.MarshalIndent(resp, "", " ")
// if err != nil {
// http.Error(w, err.Error(), http.StatusInternalServerError)
// return
// }
//Save Userinfo and access token logic
service.MyService.Authentik().GetUserInfo(resp.OAuth2Token.AccessToken)
fmt.Println(resp)
oldUser := service.MyService.User().GetUserInfoByUserName(resp.UserInfo.Email)
if oldUser.Id > 0 {
service.MyService.User().UpdateUser(oldUser)
} else {
user := model2.UserDBModel{}
user.Username = resp.UserInfo.Email
user.Password = encryption.GetMD5ByStr("123")
user.Role = "admin"
user = service.MyService.User().CreateUser(user)
if user.Id == 0 {
c.JSON(common_err.SERVICE_ERROR, model.Result{Success: common_err.SERVICE_ERROR, Message: common_err.GetMsg(common_err.SERVICE_ERROR)})
return
}
}
w.Write(data)
c.Redirect(http.StatusFound, state.Value)
}
func OIDCProfile(c *gin.Context) {

View File

@ -1,12 +1,46 @@
package service
import (
"bytes"
"fmt"
"io"
"log"
"net/http"
model2 "github.com/IceWhaleTech/CasaOS-UserService/service/model"
)
type AuthentikService interface {
HelloWorld() string
GetUserInfo(accessToken string) model2.AuthentikUser
}
type authentikService struct {
}
func (a *authentikService) GetUserInfo(accessToken string) model2.AuthentikUser {
bearer := "Bearer " + accessToken
req, err := http.NewRequest("GET", "", bytes.NewBuffer(nil))
req.Header.Set("Authorization", bearer)
req.Header.Add("Accept", "application/json")
client := &http.Client{}
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
for key, val := range via[0].Header {
req.Header[key] = val
}
return err
}
resp, err := client.Do(req)
if err != nil {
log.Println("Error on response.\n[ERRO] -", err)
} else {
defer resp.Body.Close()
data, _ := io.ReadAll(resp.Body)
fmt.Println(string(data))
}
return model2.AuthentikUser{}
}
func (a *authentikService) HelloWorld() string {
return "Hello World!"
}

View File

@ -0,0 +1,25 @@
package model
type AuthentikUser struct {
User struct {
Avatar string `json:"avatar"`
Email string `json:"email"`
Groups []struct {
Name string `json:"name"`
Pk string `json:"pk"`
} `json:"groups"`
IsActive bool `json:"is_active"`
IsSuperuser bool `json:"is_superuser"`
Name string `json:"name"`
Pk int64 `json:"pk"`
Settings struct {
Theme struct {
Base string `json:"base"`
} `json:"theme"`
} `json:"settings"`
SystemPermissions []string `json:"system_permissions"`
Type string `json:"type"`
UID string `json:"uid"`
Username string `json:"username"`
} `json:"user"`
}