master
/
rustdesk-api-lejianwen
mirror of https://github.com/lejianwen/rustdesk-api.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371
							package api

import (
	"Gwen/global"
	"Gwen/http/request/api"
	"Gwen/http/response"
	apiResp "Gwen/http/response/api"
	"Gwen/model"
	"Gwen/service"
	"github.com/gin-gonic/gin"
	"net/http"
	"strconv"
	"strings"
)

type Oauth struct {
}

// OidcAuth
// @Tags Oauth
// @Summary OidcAuth
// @Description OidcAuth
// @Accept  json
// @Produce  json
// @Success 200 {object} apiResp.LoginRes
// @Failure 500 {object} response.ErrorResponse
// @Router /oidc/auth [post]
func (o *Oauth) OidcAuth(c *gin.Context) {
	f := &api.OidcAuthRequest{}
	err := c.ShouldBindJSON(&f)
	if err != nil {
		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
		return
	}
	if f.Op != model.OauthTypeWebauth && f.Op != model.OauthTypeGoogle && f.Op != model.OauthTypeGithub && f.Op != model.OauthTypeOidc {
		response.Error(c, response.TranslateMsg(c, "ParamsError"))
		return
	}

	err, code, url := service.AllService.OauthService.BeginAuth(f.Op)
	if err != nil {
		response.Error(c, response.TranslateMsg(c, err.Error()))
		return
	}

	service.AllService.OauthService.SetOauthCache(code, &service.OauthCacheItem{
		Action:     service.OauthActionTypeLogin,
		Id:         f.Id,
		Op:         f.Op,
		Uuid:       f.Uuid,
		DeviceName: f.DeviceInfo.Name,
		DeviceOs:   f.DeviceInfo.Os,
		DeviceType: f.DeviceInfo.Type,
	}, 5*60)
	//fmt.Println("code url", code, url)
	c.JSON(http.StatusOK, gin.H{
		"code": code,
		"url":  url,
	})
}

func (o *Oauth) OidcAuthQueryPre(c *gin.Context) (*model.User, *model.UserToken) {
	var u *model.User
	var ut *model.UserToken
	q := &api.OidcAuthQuery{}

	// 解析查询参数并处理错误
	if err := c.ShouldBindQuery(q); err != nil {
		response.Error(c, response.TranslateMsg(c, "ParamsError")+": "+err.Error())
		return nil, nil
	}

	// 获取 OAuth 缓存
	v := service.AllService.OauthService.GetOauthCache(q.Code)
	if v == nil {
		response.Error(c, response.TranslateMsg(c, "OauthExpired"))
		return nil, nil
	}

	// 如果 UserId 为 0，说明还在授权中
	if v.UserId == 0 {
		c.JSON(http.StatusOK, gin.H{"message": "Authorization in progress"})
		return nil, nil
	}

	// 获取用户信息
	u = service.AllService.UserService.InfoById(v.UserId)
	if u == nil {
		response.Error(c, response.TranslateMsg(c, "UserNotFound"))
		return nil, nil
	}

	// 删除 OAuth 缓存
	service.AllService.OauthService.DeleteOauthCache(q.Code)

	// 创建登录日志并生成用户令牌
	ut = service.AllService.UserService.Login(u, &model.LoginLog{
		UserId:   u.Id,
		Client:   v.DeviceType,
		Uuid:     v.Uuid,
		Ip:       c.ClientIP(),
		Type:     model.LoginLogTypeOauth,
		Platform: v.DeviceOs,
	})

	if ut == nil {
		response.Error(c, response.TranslateMsg(c, "LoginFailed"))
		return nil, nil
	}

	// 返回用户令牌
	return u, ut
}

// OidcAuthQuery
// @Tags Oauth
// @Summary OidcAuthQuery
// @Description OidcAuthQuery
// @Accept  json
// @Produce  json
// @Success 200 {object} apiResp.LoginRes
// @Failure 500 {object} response.ErrorResponse
// @Router /oidc/auth-query [get]
func (o *Oauth) OidcAuthQuery(c *gin.Context) {
	u, ut := o.OidcAuthQueryPre(c)
	c.JSON(http.StatusOK, apiResp.LoginRes{
		AccessToken: ut.Token,
		Type:        "access_token",
		User:        *(&apiResp.UserPayload{}).FromUser(u),
	})
}

// OauthCallback 回调
// @Tags Oauth
// @Summary OauthCallback
// @Description OauthCallback
// @Accept  json
// @Produce  json
// @Success 200 {object} apiResp.LoginRes
// @Failure 500 {object} response.ErrorResponse
// @Router /oauth/callback [get]
func (o *Oauth) OauthCallback(c *gin.Context) {
	state := c.Query("state")
	if state == "" {
		c.String(http.StatusInternalServerError, response.TranslateParamMsg(c, "ParamIsEmpty", "state"))
		return
	}

	cacheKey := state
	//从缓存中获取
	v := service.AllService.OauthService.GetOauthCache(cacheKey)
	if v == nil {
		c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthExpired"))
		return
	}

	ty := v.Op
	ac := v.Action
	var u *model.User
	//fmt.Println("ty ac ", ty, ac)
	if ty == model.OauthTypeGithub {
		code := c.Query("code")
		err, userData := service.AllService.OauthService.GithubCallback(code)
		if err != nil {
			c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
			return
		}
		if ac == service.OauthActionTypeBind {
			//fmt.Println("bind", ty, userData)
			utr := service.AllService.OauthService.UserThirdInfo(ty, strconv.Itoa(userData.Id))
			if utr.UserId > 0 {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
				return
			}
			//绑定
			u = service.AllService.UserService.InfoById(v.UserId)
			if u == nil {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
				return
			}
			//绑定github
			err = service.AllService.OauthService.BindGithubUser(strconv.Itoa(userData.Id), userData.Login, v.UserId)
			if err != nil {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
				return
			}
			c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
			return
		} else if ac == service.OauthActionTypeLogin {
			//登录
			if v.UserId != 0 {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
				return
			}
			u = service.AllService.UserService.InfoByGithubId(strconv.Itoa(userData.Id))
			if u == nil {
				oa := service.AllService.OauthService.InfoByOp(ty)
				if !*oa.AutoRegister {
					//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")
					v.ThirdName = userData.Login
					v.ThirdOpenId = strconv.Itoa(userData.Id)
					url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
					c.Redirect(http.StatusFound, url)
					return
				}

				//自动注册
				u = service.AllService.UserService.RegisterByGithub(userData.Login, strconv.Itoa(userData.Id))
				if u.Id == 0 {
					c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
					return
				}
			}

			// v.UserId = u.Id
			// service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
			// c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
			// return
		}

	} else if ty == model.OauthTypeGoogle {
		code := c.Query("code")
		err, userData := service.AllService.OauthService.GoogleCallback(code)
		if err != nil {
			c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
			return
		}
		//将空格替换成_
		googleName := strings.Replace(userData.Name, " ", "_", -1)
		if ac == service.OauthActionTypeBind {
			//fmt.Println("bind", ty, userData)
			utr := service.AllService.OauthService.UserThirdInfo(ty, userData.Email)
			if utr.UserId > 0 {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
				return
			}
			//绑定
			u = service.AllService.UserService.InfoById(v.UserId)
			if u == nil {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
				return
			}
			//绑定
			err = service.AllService.OauthService.BindGoogleUser(userData.Email, googleName, v.UserId)
			if err != nil {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
				return
			}
			c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
			return
		} else if ac == service.OauthActionTypeLogin {
			if v.UserId != 0 {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
				return
			}
			u = service.AllService.UserService.InfoByGoogleEmail(userData.Email)
			if u == nil {
				oa := service.AllService.OauthService.InfoByOp(ty)
				if !*oa.AutoRegister {
					//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")

					v.ThirdName = googleName
					v.ThirdOpenId = userData.Email
					url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
					c.Redirect(http.StatusFound, url)
					return
				}

				//自动注册
				u = service.AllService.UserService.RegisterByGoogle(googleName, userData.Email)
				if u.Id == 0 {
					c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
					return
				}
			}

			// v.UserId = u.Id
			// service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
			// c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
			// return
		}
	} else if ty == model.OauthTypeOidc {
		code := c.Query("code")
		err, userData := service.AllService.OauthService.OidcCallback(code)
		if err != nil {
			c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
			return
		}
		//将空格替换成_
		// OidcName := strings.Replace(userData.Name, " ", "_", -1)
		if ac == service.OauthActionTypeBind {
			//fmt.Println("bind", ty, userData)
			utr := service.AllService.OauthService.UserThirdInfo(ty, userData.Sub)
			if utr.UserId > 0 {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
				return
			}
			//绑定
			u = service.AllService.UserService.InfoById(v.UserId)
			if u == nil {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
				return
			}
			//绑定, user preffered_username as username
			err = service.AllService.OauthService.BindOidcUser(userData.Sub, userData.PreferredUsername, v.UserId)
			if err != nil {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
				return
			}
			c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
			return
		} else if ac == service.OauthActionTypeLogin {
			if v.UserId != 0 {
				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
				return
			}
			u = service.AllService.UserService.InfoByOidcSub(userData.Sub)
			if u == nil {
				oa := service.AllService.OauthService.InfoByOp(ty)
				if !*oa.AutoRegister {
					//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")

					v.ThirdName = userData.PreferredUsername
					v.ThirdOpenId = userData.Sub
					v.ThirdEmail = userData.Email
					url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
					c.Redirect(http.StatusFound, url)
					return
				}

				//自动注册
				u = service.AllService.UserService.RegisterByOidc(userData.PreferredUsername, userData.Sub)
				if u.Id == 0 {
					c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
					return
				}
			}

			// v.UserId = u.Id
			// service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
			// c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
			// return
		}
	}
	// 如果u为空，说明没有绑定用户
	if u == nil {
		c.String(http.StatusInternalServerError, response.TranslateMsg(c, "SystemError"))
		return
	}
	// 认证成功，设置缓存
	v.UserId = u.Id
	service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
	// 如果是webadmin，登录成功后跳转到webadmin
	if v.DeviceType == "webadmin" {
		service.AllService.UserService.Login(u, &model.LoginLog{
			UserId:   u.Id,
			Client:   "webadmin",
			Uuid:     "",//must be empty
			Ip:       c.ClientIP(),
			Type:     "account",
			Platform: v.DeviceOs,
		})
		url := global.Config.Rustdesk.ApiServer + "/_admin/#/"
		c.Redirect(http.StatusFound, url)
		return
	}
	c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
	return

}