update

2025-03-15 23:25:35 +07:00 · 2024-08-13 12:19:14 +07:00 · 2024-08-13 12:19:14 +07:00 · c385748979
commit c385748979
parent 634c492519
7 changed files with 99 additions and 16 deletions
--- a/.gitignore
+++ b/.gitignore
@ -36,3 +36,4 @@ linux-amd64-nextzenos-user-service-v1.3.0.tar.gz
 dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
 dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
 linux-amd64-nextzenos-user-service-v1.2.3.tar.gz
+dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
--- a/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
+++ b/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service
--- a/dist/metadata.json
+++ b/dist/metadata.json
@ -1 +1 @@
-{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"5f1a22031693c9e00ce1e6708325735fce3a81d2","date":"2024-08-10T12:28:54.51296295+07:00","runtime":{"goos":"linux","goarch":"amd64"}}
+{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"634c492519a2c929fc20b8d2d1f2f403ea79197c","date":"2024-08-13T11:38:58.760480343+07:00","runtime":{"goos":"linux","goarch":"amd64"}}
--- a/route/v1.go
+++ b/route/v1.go
@ -35,9 +35,8 @@ func InitRouter() *gin.Engine {
 	r.GET("/v1/users/image", v1.GetUserImage)
 	r.GET("/v1/users/:username", v1.GetUserInfoByUsername)
 	r.GET("/v1/users/status", v1.GetUserStatus) // init/check
-	r.GET("/v1/users/oidc/login", v1.OIDCLogin)
+	r.POST("/v1/users/oidc/login", v1.OIDCLogin)
 	r.GET("/v1/users/oidc/callback", v1.OIDCCallback)
-	r.GET("/v1/users/oidc/profile")
 	v1Group := r.Group("/v1")

 	v1Group.Use(jwt.JWT(
--- a/route/v1/user.go
+++ b/route/v1/user.go
@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	json2 "encoding/json"
+	"fmt"
 	"image"
 	"image/png"
 	"io"
@ -43,10 +44,11 @@ import (
 )

 var (
+	baseURL      = "https://auth.c14soft.com"
 	clientID     = "6KwKSxLCtaQ4r6HoAn3gdNMbNOAf75j3SejLIAx7"
 	clientSecret = "PE05fcDP4qESUmyZ1TNYpZNBxRPq70VpFI81vehsoJ6WhGz5yPXMljrFrOdMRdRhrYmF03fHWTZHgO9ZdNENrLN13BzL8CAgtEkTsyjXfgx9GvISheIjYfpSfvo219fL"
-	authURL      = "https://auth.c14soft.com/application/o/nextzenos-oidc/" // e.g., "https://authentik.example.com/"
-	callbackURL  = "http://172.26.157.79:81/v1/users/oidc/callback"         // e.g., "http://localhost:8080/callback"
+	authURL      = "https://auth.c14soft.com/application/o/nextzenos-oidc/" //
+	callbackURL  = "http://172.26.157.79:8080/v1/users/oidc/callback"
 )

 // @Summary register user
@ -198,18 +200,23 @@ func OIDC() {
 		ClientSecret: clientSecret,
 		RedirectURL:  callbackURL,
 		Endpoint:     provider.Endpoint(),
-		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email", "goauthentik.io/api", "offline_access"},
 	}
 }
 func OIDCLogin(c *gin.Context) {
-	state, err := randString(16)
-	if err != nil {
-		return
-	}
+	json := make(map[string]string)
+	c.ShouldBind(&json)
+	state := json["state"]
 	w := c.Writer
 	r := c.Request
 	setCallbackCookie(w, r, "state", state)
-	c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state))
+	// c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state))
+	c.JSON(common_err.SUCCESS,
+		model.Result{
+			Success: common_err.SUCCESS,
+			Message: common_err.GetMsg(common_err.SUCCESS),
+			Data:    oauth2Config.AuthCodeURL(state),
+		})
 }
 func OIDCCallback(c *gin.Context) {
 	w := c.Writer
@ -237,12 +244,29 @@ func OIDCCallback(c *gin.Context) {
 		OAuth2Token *oauth2.Token
 		UserInfo    *oidc.UserInfo
 	}{oauth2Token, userInfo}
-	data, err := json.MarshalIndent(resp, "", "    ")
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
+	// data, err := json.MarshalIndent(resp, "", "    ")
+	// if err != nil {
+	// 	http.Error(w, err.Error(), http.StatusInternalServerError)
+	// 	return
+	// }
+	//Save Userinfo and access token logic
+	service.MyService.Authentik().GetUserInfo(resp.OAuth2Token.AccessToken)
+	fmt.Println(resp)
+	oldUser := service.MyService.User().GetUserInfoByUserName(resp.UserInfo.Email)
+	if oldUser.Id > 0 {
+		service.MyService.User().UpdateUser(oldUser)
+	} else {
+		user := model2.UserDBModel{}
+		user.Username = resp.UserInfo.Email
+		user.Password = encryption.GetMD5ByStr("123")
+		user.Role = "admin"
+		user = service.MyService.User().CreateUser(user)
+		if user.Id == 0 {
+			c.JSON(common_err.SERVICE_ERROR, model.Result{Success: common_err.SERVICE_ERROR, Message: common_err.GetMsg(common_err.SERVICE_ERROR)})
+			return
+		}
 	}
-	w.Write(data)
+	c.Redirect(http.StatusFound, state.Value)
 }
 func OIDCProfile(c *gin.Context) {

--- a/service/authentik.go
+++ b/service/authentik.go
@ -1,12 +1,46 @@
 package service

+import (
+	"bytes"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+
+	model2 "github.com/IceWhaleTech/CasaOS-UserService/service/model"
+)
+
 type AuthentikService interface {
 	HelloWorld() string
+	GetUserInfo(accessToken string) model2.AuthentikUser
 }

 type authentikService struct {
 }

+func (a *authentikService) GetUserInfo(accessToken string) model2.AuthentikUser {
+	bearer := "Bearer " + accessToken
+	req, err := http.NewRequest("GET", "", bytes.NewBuffer(nil))
+	req.Header.Set("Authorization", bearer)
+	req.Header.Add("Accept", "application/json")
+	client := &http.Client{}
+	client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+		for key, val := range via[0].Header {
+			req.Header[key] = val
+		}
+		return err
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Println("Error on response.\n[ERRO] -", err)
+	} else {
+		defer resp.Body.Close()
+		data, _ := io.ReadAll(resp.Body)
+		fmt.Println(string(data))
+	}
+
+	return model2.AuthentikUser{}
+}
 func (a *authentikService) HelloWorld() string {
 	return "Hello World!"
 }
--- a/service/model/o_authentik_user.go
+++ b/service/model/o_authentik_user.go
@ -0,0 +1,25 @@
+package model
+
+type AuthentikUser struct {
+	User struct {
+		Avatar string `json:"avatar"`
+		Email  string `json:"email"`
+		Groups []struct {
+			Name string `json:"name"`
+			Pk   string `json:"pk"`
+		} `json:"groups"`
+		IsActive    bool   `json:"is_active"`
+		IsSuperuser bool   `json:"is_superuser"`
+		Name        string `json:"name"`
+		Pk          int64  `json:"pk"`
+		Settings    struct {
+			Theme struct {
+				Base string `json:"base"`
+			} `json:"theme"`
+		} `json:"settings"`
+		SystemPermissions []string `json:"system_permissions"`
+		Type              string   `json:"type"`
+		UID               string   `json:"uid"`
+		Username          string   `json:"username"`
+	} `json:"user"`
+}