mirror of https://github.com/casbin/casnode.git
860 lines
24 KiB
Go
860 lines
24 KiB
Go
// Copyright 2020 The casbin Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package controllers
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/url"
|
|
"regexp"
|
|
"sync"
|
|
|
|
"golang.org/x/oauth2"
|
|
|
|
"github.com/aliyun/aliyun-sts-go-sdk/sts"
|
|
"github.com/astaxie/beego"
|
|
|
|
"github.com/casbin/casbin-forum/object"
|
|
"github.com/casbin/casbin-forum/service"
|
|
"github.com/casbin/casbin-forum/util"
|
|
)
|
|
|
|
type SignupForm struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
Email string `json:"email"`
|
|
Avatar string `json:"avatar"`
|
|
Method string `json:"method"`
|
|
Phone string `json:"phone"`
|
|
AreaCode string `json:"areaCode"` // phone area code
|
|
Company string `json:"company"`
|
|
CompanyTitle string `json:"companyTitle"`
|
|
Location string `json:"location"`
|
|
ValidateCode string `json:"validateCode"`
|
|
ValidateCodeId string `json:"validateCodeId"`
|
|
Addition string `json:"addition"`
|
|
Addition2 string `json:"addition2"` // this field is for more addition info if needed
|
|
}
|
|
|
|
// SigninForm information field could be phone number, username or email.
|
|
type SigninForm struct {
|
|
Information string `json:"information"`
|
|
Password string `json:"password"`
|
|
Email string `json:"email"`
|
|
Captcha string `json:"captcha"`
|
|
CaptchaId string `json:"captchaId"`
|
|
}
|
|
|
|
type Response struct {
|
|
Status string `json:"status"`
|
|
Msg string `json:"msg"`
|
|
Data interface{} `json:"data"`
|
|
Data2 interface{} `json:"data2"`
|
|
}
|
|
|
|
// @Title Signup
|
|
// @Description sign up a new member
|
|
// @Param username formData string true "The username to sign up"
|
|
// @Param password formData string true "The password"
|
|
// @Success 200 {object} controllers.api_controller.Response The Response object
|
|
// @router /signup [post]
|
|
func (c *APIController) Signup() {
|
|
var resp Response
|
|
|
|
if c.GetSessionUser() != "" {
|
|
resp = Response{Status: "error", Msg: "errorSignoutBeforeSignup", Data: c.GetSessionUser()}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
var form SignupForm
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
if form.Method != "google" && form.Method != "github" && form.Method != "qq" {
|
|
// Check validate code.
|
|
var validateCodeRes bool
|
|
if form.Method == "phone" {
|
|
validateCodeRes = object.VerifyValidateCode(form.ValidateCodeId, form.ValidateCode, form.Phone)
|
|
} else {
|
|
validateCodeRes = object.VerifyValidateCode(form.ValidateCodeId, form.ValidateCode, form.Email)
|
|
}
|
|
if !validateCodeRes {
|
|
resp = Response{Status: "error", Msg: "validate code error", Data: ""}
|
|
if object.CheckValidateCodeExpired(form.ValidateCodeId) {
|
|
resp = Response{Status: "error", Msg: "validate code expired", Data: ""}
|
|
}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
}
|
|
|
|
member, password, email, avatar := form.Username, form.Password, form.Email, form.Avatar
|
|
|
|
checkUserName := object.UserNamingRestrictions
|
|
if checkUserName {
|
|
if !util.IsValidUsername(member) {
|
|
resp = Response{Status: "error", Msg: "You can only use numbers, letters and underline in your username, and the length is between 4 and 20 characters", Data: ""}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
}
|
|
|
|
var msg string
|
|
// Check the information registered through the github, google, email method.
|
|
if (password == "" && email != "") || form.Method == "email" {
|
|
if password != "" {
|
|
msg = object.CheckMemberSignup(member, password)
|
|
}
|
|
msg = object.CheckMemberSignupWithEmail(member, email)
|
|
} else {
|
|
// Check the information registered through the phone method.
|
|
if form.Method != "qq" {
|
|
msg = object.CheckMemberSignup(member, password)
|
|
if len(msg) == 0 {
|
|
msg = object.CheckMemberSignupWithPhone(member, form.Phone)
|
|
}
|
|
} else {
|
|
// Check the information registered through the qq method.
|
|
msg = object.CheckMemberSignupWithQQ(member, form.Addition2)
|
|
}
|
|
}
|
|
|
|
if msg != "" {
|
|
resp = Response{Status: "error", Msg: msg, Data: ""}
|
|
} else {
|
|
if form.Method == "qq" {
|
|
avatar, err = url.QueryUnescape(avatar)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
avatar = UploadAvatarToOSS(avatar, member)
|
|
no := object.GetMemberNum()
|
|
member := &object.Member{
|
|
Id: member,
|
|
Password: password,
|
|
No: no + 1,
|
|
IsModerator: false,
|
|
CreatedTime: util.GetCurrentTime(),
|
|
Phone: form.Phone,
|
|
AreaCode: form.AreaCode,
|
|
Avatar: avatar,
|
|
Email: email,
|
|
Company: form.Company,
|
|
CompanyTitle: form.CompanyTitle,
|
|
SilverCount: 2,
|
|
Location: form.Location,
|
|
FileQuota: object.DefaultUploadFileQuota,
|
|
}
|
|
if no == 0 {
|
|
member.IsModerator = true
|
|
}
|
|
switch form.Method {
|
|
case "google":
|
|
member.GoogleAccount = form.Addition
|
|
if len(email) != 0 {
|
|
member.EmailVerifiedTime = util.GetCurrentTime()
|
|
}
|
|
break
|
|
case "github":
|
|
member.GithubAccount = form.Addition
|
|
if len(email) != 0 {
|
|
member.EmailVerifiedTime = util.GetCurrentTime()
|
|
}
|
|
break
|
|
case "phone":
|
|
member.PhoneVerifiedTime = util.GetCurrentTime()
|
|
case "email":
|
|
member.EmailVerifiedTime = util.GetCurrentTime()
|
|
case "qq":
|
|
member.QQOpenId = form.Addition2
|
|
member.QQAccount = form.Addition
|
|
member.QQVerifiedTime = util.GetCurrentTime()
|
|
}
|
|
|
|
object.AddMember(member)
|
|
|
|
c.SetSessionUser(member.Id)
|
|
|
|
util.LogInfo(c.Ctx, "API: [%s] is signed up as new member", member)
|
|
resp = Response{Status: "ok", Msg: "success", Data: member}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
}
|
|
|
|
// @Title Signin
|
|
// @Description sign in as a member
|
|
// @Param username formData string true "The username to sign in"
|
|
// @Param password formData string true "The password"
|
|
// @Success 200 {object} controllers.api_controller.Response The Response object
|
|
// @router /signin [post]
|
|
func (c *APIController) Signin() {
|
|
var resp Response
|
|
|
|
if c.GetSessionUser() != "" {
|
|
resp = Response{Status: "error", Msg: "errorSignoutBeforeSignin", Data: c.GetSessionUser()}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
var form SigninForm
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
verifyCaptchaRes := object.VerifyCaptcha(form.CaptchaId, form.Captcha)
|
|
if !verifyCaptchaRes {
|
|
resp = Response{Status: "error", Msg: "Captcha error"}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
var information string
|
|
var password string
|
|
information, password = form.Information, form.Password
|
|
member, msg := object.CheckMemberLogin(information, password)
|
|
|
|
if msg != "" {
|
|
resp = Response{Status: "error", Msg: msg, Data: ""}
|
|
} else {
|
|
// check account status
|
|
if object.IsForbidden(member) {
|
|
c.forbiddenAccountResp(member)
|
|
return
|
|
}
|
|
|
|
c.SetSessionUser(member)
|
|
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", member)
|
|
resp = Response{Status: "ok", Msg: "success", Data: member}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
}
|
|
|
|
// @Title Signout
|
|
// @Description sign out the current member
|
|
// @Success 200 {object} controllers.api_controller.Response The Response object
|
|
// @router /signout [post]
|
|
func (c *APIController) Signout() {
|
|
var resp Response
|
|
|
|
member := c.GetSessionUser()
|
|
util.LogInfo(c.Ctx, "API: [%s] signed out", member)
|
|
|
|
c.SetSessionUser("")
|
|
|
|
resp = Response{Status: "ok", Msg: "success", Data: member}
|
|
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
}
|
|
|
|
func (c *APIController) GetAccount() {
|
|
var resp Response
|
|
|
|
if c.GetSessionUser() == "" {
|
|
resp = Response{Status: "error", Msg: "errorSigninFirst", Data: c.GetSessionUser()}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
var memberObj interface{}
|
|
username := c.GetSessionUser()
|
|
memberObj = object.GetMember(username)
|
|
resp = Response{Status: "ok", Msg: "", Data: util.StructToJson(memberObj)}
|
|
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
}
|
|
|
|
func (c *APIController) ResetPassword() {
|
|
step := c.Input().Get("step")
|
|
|
|
var resp Response
|
|
switch step {
|
|
case "1":
|
|
var form getResetPasswordMember
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
verifyCaptchaRes := object.VerifyCaptcha(form.CaptchaId, form.Captcha)
|
|
if !verifyCaptchaRes {
|
|
resp = Response{Status: "error", Msg: "Captcha error"}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
date := util.GetTimeHour(-24)
|
|
frequency := object.GetMemberResetFrequency(form.Username, date)
|
|
if frequency >= 2 {
|
|
resp = Response{Status: "error", Msg: "Reset password more than twice within 24 hours"}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
userInfo := object.GetMember(form.Username)
|
|
if userInfo == nil {
|
|
resp = Response{Status: "error", Msg: "Member not found"}
|
|
} else {
|
|
if len(userInfo.Phone) != 0 && len(userInfo.PhoneVerifiedTime) != 0 {
|
|
//validateCodeId, code := object.GetNewValidateCode(userInfo.Phone)
|
|
//service.SendSms(userInfo.Phone, code)
|
|
resetInfo := resetPasswordPhoneResponse{
|
|
Username: userInfo.Id,
|
|
Phone: "*******" + userInfo.Phone[len(userInfo.Phone)-4:],
|
|
//ValidateCodeId: validateCodeId,
|
|
}
|
|
resp = Response{Status: "ok", Msg: "success", Data: "phone", Data2: resetInfo}
|
|
if len(userInfo.Email) != 0 && len(userInfo.EmailVerifiedTime) != 0 {
|
|
resp.Data = "both"
|
|
break
|
|
}
|
|
} else {
|
|
resp = Response{Status: "ok", Msg: "success", Data: "email"}
|
|
}
|
|
}
|
|
break
|
|
case "2": // phone
|
|
var form resetPasswordWithPhone
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
userInfo := object.GetMember(form.Username)
|
|
if form.Method != "phone" {
|
|
resp = Response{Status: "error", Msg: "Please try again"}
|
|
}
|
|
|
|
verifyRes := object.VerifyValidateCode(form.ValidateCodeId, form.ValidateCode, userInfo.Phone)
|
|
if verifyRes {
|
|
resetId, resetCode := object.AddNewResetRecord(userInfo.Phone, form.Username, 1)
|
|
res := verifyResetWithPhoneRes{
|
|
Username: form.Username,
|
|
ResetId: resetId,
|
|
ResetCode: resetCode,
|
|
}
|
|
resp = Response{Status: "ok", Msg: "success", Data: "phone", Data2: res}
|
|
} else {
|
|
resp = Response{Status: "error", Msg: "Validate code error"}
|
|
}
|
|
case "3": // email
|
|
var form resetPasswordWithEmail
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
userInfo := object.GetMember(form.Username)
|
|
if form.Method != "email" {
|
|
resp = Response{Status: "error", Msg: "Please try again"}
|
|
}
|
|
|
|
if userInfo.Email == form.Email {
|
|
resetId, resetCode := object.AddNewResetRecord(userInfo.Email, form.Username, 2)
|
|
idStr := util.IntToString(resetId)
|
|
resetUrl := form.Url + "/forgot?method=email" + "&id=" + idStr + "&code=" + resetCode + "&username=" + userInfo.Id
|
|
err := service.SendResetPasswordMail(userInfo.Email, userInfo.Id, resetUrl)
|
|
if err != nil {
|
|
resp = Response{Status: "error", Msg: "Send email fail"}
|
|
}
|
|
resp = Response{Status: "ok", Msg: "success", Data: "email", Data2: userInfo.Email}
|
|
} else {
|
|
resp = Response{Status: "error", Msg: "Email and account do not correspond"}
|
|
}
|
|
case "5": // verify
|
|
var form resetPasswordVerify
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
var recordType int
|
|
if form.Method == "phone" {
|
|
recordType = 1
|
|
} else if form.Method == "email" {
|
|
recordType = 2
|
|
}
|
|
|
|
res := object.VerifyResetInformation(form.Id, form.Code, form.Username, recordType)
|
|
if res {
|
|
object.UpdateMemberPassword(form.Username, form.Password)
|
|
resp = Response{Status: "ok", Msg: "success"}
|
|
} else {
|
|
resp = Response{Status: "error", Msg: "Please try again"}
|
|
if object.CheckResetCodeExpired(form.Id) {
|
|
resp = Response{Status: "error", Msg: "This password reset request has expired", Data: ""}
|
|
}
|
|
}
|
|
case "7":
|
|
var form resetPasswordValidateCode
|
|
err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
userInfo := object.GetMember(form.Username)
|
|
if userInfo == nil {
|
|
resp = Response{Status: "error", Msg: "Member not found"}
|
|
} else {
|
|
validateCodeId, code := object.GetNewValidateCode(userInfo.Phone)
|
|
service.SendSms(userInfo.Phone, code)
|
|
resp = Response{Status: "ok", Msg: "success", Data: validateCodeId}
|
|
}
|
|
default:
|
|
resp = Response{Status: "error", Msg: "Please try again"}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
}
|
|
|
|
func (c *APIController) GetSessionId() {
|
|
c.Data["json"] = c.StartSession().SessionID()
|
|
c.ServeJSON()
|
|
}
|
|
|
|
var googleEndpoint = oauth2.Endpoint{
|
|
AuthURL: "https://accounts.google.com/o/oauth2/auth",
|
|
TokenURL: "https://accounts.google.com/o/oauth2/token",
|
|
}
|
|
|
|
var googleOauthConfig = &oauth2.Config{
|
|
ClientID: beego.AppConfig.String("GoogleAuthClientID"),
|
|
ClientSecret: beego.AppConfig.String("GoogleAuthClientSecret"),
|
|
RedirectURL: "",
|
|
Scopes: []string{"profile", "email"},
|
|
Endpoint: googleEndpoint,
|
|
}
|
|
|
|
//Using addition to judge signup or link
|
|
func (c *APIController) AuthGoogle() {
|
|
code := c.Input().Get("code")
|
|
state := c.Input().Get("state")
|
|
addition := c.Input().Get("addition")
|
|
RedirectURL := c.Input().Get("redirect_url")
|
|
|
|
var resp Response
|
|
var res authResponse
|
|
res.IsAuthenticated = true
|
|
|
|
if state != beego.AppConfig.String("GoogleAuthState") {
|
|
res.IsAuthenticated = false
|
|
resp = Response{Status: "fail", Msg: "unauthorized", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
googleOauthConfig.RedirectURL = RedirectURL
|
|
|
|
// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
|
|
ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, httpClient)
|
|
token, err := googleOauthConfig.Exchange(ctx, code)
|
|
if err != nil {
|
|
res.IsAuthenticated = false
|
|
panic(err)
|
|
}
|
|
|
|
response, err := httpClient.Get("https://www.googleapis.com/oauth2/v2/userinfo?alt=json&access_token=" + token.AccessToken)
|
|
defer response.Body.Close()
|
|
contents, err := ioutil.ReadAll(response.Body)
|
|
|
|
var tempUser userInfoFromGoogle
|
|
err = json.Unmarshal(contents, &tempUser)
|
|
if err != nil {
|
|
res.IsAuthenticated = false
|
|
panic(err)
|
|
}
|
|
res.Email = tempUser.Email
|
|
res.Avatar = tempUser.Picture
|
|
|
|
if addition == "signup" {
|
|
userId := object.HasGoogleAccount(res.Email)
|
|
if userId != "" {
|
|
// check account status
|
|
if object.IsForbidden(userId) {
|
|
c.forbiddenAccountResp(userId)
|
|
return
|
|
}
|
|
|
|
if len(object.GetMemberAvatar(userId)) == 0 {
|
|
avatar := UploadAvatarToOSS(res.Avatar, userId)
|
|
object.LinkMemberAccount(userId, "avatar", avatar)
|
|
}
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
} else {
|
|
if userId := object.HasMail(res.Email); userId != "" {
|
|
// check account status
|
|
if object.IsForbidden(userId) {
|
|
c.forbiddenAccountResp(userId)
|
|
return
|
|
}
|
|
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
_ = object.LinkMemberAccount(userId, "google_account", tempUser.Email)
|
|
} else {
|
|
res.IsSignedUp = false
|
|
}
|
|
}
|
|
res.Addition = res.Email
|
|
resp = Response{Status: "ok", Msg: "success", Data: res}
|
|
} else {
|
|
memberId := c.GetSessionUser()
|
|
if memberId == "" {
|
|
resp = Response{Status: "fail", Msg: "no account exist", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
linkRes := object.LinkMemberAccount(memberId, "google_account", res.Email)
|
|
if linkRes {
|
|
resp = Response{Status: "ok", Msg: "success", Data: linkRes}
|
|
} else {
|
|
resp = Response{Status: "fail", Msg: "link account failed", Data: linkRes}
|
|
}
|
|
if len(object.GetMemberAvatar(memberId)) == 0 {
|
|
avatar := UploadAvatarToOSS(res.Avatar, memberId)
|
|
object.LinkMemberAccount(memberId, "avatar", avatar)
|
|
}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
|
|
c.ServeJSON()
|
|
}
|
|
|
|
var githubEndpoint = oauth2.Endpoint{
|
|
AuthURL: "https://github.com/login/oauth/authorize",
|
|
TokenURL: "https://github.com/login/oauth/access_token",
|
|
}
|
|
|
|
var githubOauthConfig = &oauth2.Config{
|
|
ClientID: beego.AppConfig.String("GithubAuthClientID"),
|
|
ClientSecret: beego.AppConfig.String("GithubAuthClientSecret"),
|
|
RedirectURL: "",
|
|
Scopes: []string{"user:email", "read:user"},
|
|
Endpoint: githubEndpoint,
|
|
}
|
|
|
|
func (c *APIController) AuthGithub() {
|
|
code := c.Input().Get("code")
|
|
state := c.Input().Get("state")
|
|
addition := c.Input().Get("addition")
|
|
RedirectURL := c.Input().Get("redirect_url")
|
|
|
|
var resp Response
|
|
var res authResponse
|
|
res.IsAuthenticated = true
|
|
|
|
if state != beego.AppConfig.String("GithubAuthState") {
|
|
res.IsAuthenticated = false
|
|
resp = Response{Status: "fail", Msg: "unauthorized", Data: res}
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
githubOauthConfig.RedirectURL = RedirectURL
|
|
|
|
// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
|
|
ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, httpClient)
|
|
token, err := githubOauthConfig.Exchange(ctx, code)
|
|
if err != nil {
|
|
res.IsAuthenticated = false
|
|
panic(err)
|
|
}
|
|
|
|
if !token.Valid() {
|
|
resp = Response{Status: "fail", Msg: "unauthorized", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
var wg sync.WaitGroup
|
|
var tempUserEmail []userEmailFromGithub
|
|
var tempUserAccount userInfoFromGithub
|
|
wg.Add(2)
|
|
go func() {
|
|
response, err := httpClient.Get("https://api.github.com/user/emails?access_token=" + token.AccessToken)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
defer response.Body.Close()
|
|
contents, err := ioutil.ReadAll(response.Body)
|
|
|
|
err = json.Unmarshal(contents, &tempUserEmail)
|
|
if err != nil {
|
|
res.IsAuthenticated = false
|
|
panic(err)
|
|
}
|
|
for _, v := range tempUserEmail {
|
|
if v.Primary == true {
|
|
res.Email = v.Email
|
|
break
|
|
}
|
|
}
|
|
wg.Done()
|
|
}()
|
|
go func() {
|
|
response2, err := httpClient.Get("https://api.github.com/user?access_token=" + token.AccessToken)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
defer response2.Body.Close()
|
|
contents2, err := ioutil.ReadAll(response2.Body)
|
|
err = json.Unmarshal(contents2, &tempUserAccount)
|
|
if err != nil {
|
|
res.IsAuthenticated = false
|
|
panic(err)
|
|
}
|
|
wg.Done()
|
|
}()
|
|
wg.Wait()
|
|
|
|
if addition == "signup" {
|
|
userId := object.HasGithubAccount(tempUserAccount.Login)
|
|
if userId != "" {
|
|
// check account status
|
|
if object.IsForbidden(userId) {
|
|
c.forbiddenAccountResp(userId)
|
|
return
|
|
}
|
|
|
|
if len(object.GetMemberAvatar(userId)) == 0 {
|
|
avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, userId)
|
|
object.LinkMemberAccount(userId, "avatar", avatar)
|
|
}
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
} else {
|
|
if userId := object.HasMail(res.Email); userId != "" {
|
|
// check account status
|
|
if object.IsForbidden(userId) {
|
|
c.forbiddenAccountResp(userId)
|
|
return
|
|
}
|
|
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
_ = object.LinkMemberAccount(userId, "github_account", tempUserAccount.Login)
|
|
} else {
|
|
res.IsSignedUp = false
|
|
}
|
|
}
|
|
res.Addition = tempUserAccount.Login
|
|
res.Avatar = tempUserAccount.AvatarUrl
|
|
resp = Response{Status: "ok", Msg: "success", Data: res}
|
|
} else {
|
|
memberId := c.GetSessionUser()
|
|
if memberId == "" {
|
|
resp = Response{Status: "fail", Msg: "no account exist", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
linkRes := object.LinkMemberAccount(memberId, "github_account", tempUserAccount.Login)
|
|
if linkRes {
|
|
resp = Response{Status: "ok", Msg: "success", Data: linkRes}
|
|
} else {
|
|
resp = Response{Status: "fail", Msg: "link account failed", Data: linkRes}
|
|
}
|
|
if len(object.GetMemberAvatar(memberId)) == 0 {
|
|
avatar := UploadAvatarToOSS(tempUserAccount.AvatarUrl, memberId)
|
|
object.LinkMemberAccount(memberId, "avatar", avatar)
|
|
}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
|
|
c.ServeJSON()
|
|
}
|
|
|
|
var QQClientID = beego.AppConfig.String("QQAPPID")
|
|
var QQClientSecret = beego.AppConfig.String("QQAPPKey")
|
|
|
|
func (c *APIController) AuthQQ() {
|
|
code := c.Input().Get("code")
|
|
state := c.Input().Get("state")
|
|
addition := c.Input().Get("addition")
|
|
redirectURL := c.Input().Get("redirect_url")
|
|
|
|
var resp Response
|
|
var res authResponse
|
|
res.IsAuthenticated = true
|
|
|
|
if state != beego.AppConfig.String("QQAuthState") {
|
|
res.IsAuthenticated = false
|
|
resp = Response{Status: "fail", Msg: "unauthorized", Data: res}
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
|
|
params := url.Values{}
|
|
params.Add("grant_type", "authorization_code")
|
|
params.Add("client_id", QQClientID)
|
|
params.Add("client_secret", QQClientSecret)
|
|
params.Add("code", code)
|
|
params.Add("redirect_uri", redirectURL)
|
|
getAccessKeyUrl := fmt.Sprintf("%s?%s", "https://graph.qq.com/oauth2.0/token", params.Encode())
|
|
|
|
tokenResponse, err := httpClient.Get(getAccessKeyUrl)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
defer tokenResponse.Body.Close()
|
|
tokenContent, err := ioutil.ReadAll(tokenResponse.Body)
|
|
|
|
tokenReg := regexp.MustCompile("token=(.*?)&")
|
|
tokenRegRes := tokenReg.FindAllStringSubmatch(string(tokenContent), -1)
|
|
token := tokenRegRes[0][1]
|
|
|
|
getOpenIdUrl := fmt.Sprintf("https://graph.qq.com/oauth2.0/me?access_token=%s", token)
|
|
|
|
openIdResponse, err := httpClient.Get(getOpenIdUrl)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
defer openIdResponse.Body.Close()
|
|
openIdContent, err := ioutil.ReadAll(openIdResponse.Body)
|
|
|
|
openIdReg := regexp.MustCompile("\"openid\":\"(.*?)\"}")
|
|
openIdRegRes := openIdReg.FindAllStringSubmatch(string(openIdContent), -1)
|
|
openId := openIdRegRes[0][1]
|
|
|
|
getUserInfoUrl := fmt.Sprintf("https://graph.qq.com/user/get_user_info?access_token=%s&oauth_consumer_key=%s&openid=%s", token, QQClientID, openId)
|
|
getUserInfoResponse, err := httpClient.Get(getUserInfoUrl)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
defer getUserInfoResponse.Body.Close()
|
|
userInfoContent, err := ioutil.ReadAll(getUserInfoResponse.Body)
|
|
var userInfo userInfoFromQQ
|
|
err = json.Unmarshal(userInfoContent, &userInfo)
|
|
if err != nil || userInfo.Ret != 0 {
|
|
res.IsAuthenticated = false
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
if addition == "signup" {
|
|
userId := object.HasQQAccount(openId)
|
|
if userId != "" {
|
|
// check account status
|
|
if object.IsForbidden(userId) {
|
|
c.forbiddenAccountResp(userId)
|
|
return
|
|
}
|
|
|
|
if len(object.GetMemberAvatar(userId)) == 0 {
|
|
avatar := UploadAvatarToOSS(userInfo.AvatarUrl, userId)
|
|
object.LinkMemberAccount(userId, "avatar", avatar)
|
|
}
|
|
c.SetSessionUser(userId)
|
|
util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
|
|
res.IsSignedUp = true
|
|
} else {
|
|
res.IsSignedUp = false
|
|
}
|
|
res.Addition = userInfo.Nickname
|
|
res.Avatar = url.QueryEscape(userInfo.AvatarUrl)
|
|
resp = Response{Status: "ok", Msg: "success", Data: res, Data2: openId}
|
|
} else {
|
|
memberId := c.GetSessionUser()
|
|
if memberId == "" {
|
|
resp = Response{Status: "fail", Msg: "no account exist", Data: res}
|
|
c.Data["json"] = resp
|
|
c.ServeJSON()
|
|
return
|
|
}
|
|
linkRes := object.LinkMemberAccount(memberId, "qq_account", userInfo.Nickname)
|
|
linkRes = object.LinkMemberAccount(memberId, "qq_open_id", openId)
|
|
linkRes = object.LinkMemberAccount(memberId, "qq_verified_time", util.GetCurrentTime())
|
|
if linkRes {
|
|
resp = Response{Status: "ok", Msg: "success", Data: linkRes}
|
|
} else {
|
|
resp = Response{Status: "fail", Msg: "link account failed", Data: linkRes}
|
|
}
|
|
if len(object.GetMemberAvatar(memberId)) == 0 {
|
|
avatar := UploadAvatarToOSS(userInfo.AvatarUrl, memberId)
|
|
object.LinkMemberAccount(memberId, "avatar", avatar)
|
|
}
|
|
}
|
|
|
|
c.Data["json"] = resp
|
|
|
|
c.ServeJSON()
|
|
}
|
|
|
|
var accessKeyID = beego.AppConfig.String("accessKeyID")
|
|
var accessKeySecret = beego.AppConfig.String("accessKeySecret")
|
|
var roleArn = beego.AppConfig.String("roleArn")
|
|
|
|
func (c *APIController) GetMemberStsToken() {
|
|
sessionName := util.ConvertToPinyin(c.GetSessionUser())
|
|
|
|
if accessKeyID == "" {
|
|
resp := Response{Status: "fail", Msg: "Missing sts config."}
|
|
c.Data["json"] = resp
|
|
return
|
|
}
|
|
|
|
stsClient := sts.NewClient(accessKeyID, accessKeySecret, roleArn, sessionName)
|
|
|
|
authResp, err := stsClient.AssumeRole(3600)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
res := stsTokenResponse{
|
|
AccessKeyID: authResp.Credentials.AccessKeyId,
|
|
AccessKeySecret: authResp.Credentials.AccessKeySecret,
|
|
StsToken: authResp.Credentials.SecurityToken,
|
|
}
|
|
|
|
var resp Response
|
|
resp = Response{Status: "ok", Msg: "success", Data: res}
|
|
|
|
c.Data["json"] = resp
|
|
|
|
c.ServeJSON()
|
|
}
|