master
/
rustdesk-api-lejianwen
зеркало из https://github.com/lejianwen/rustdesk-api.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430
							package service

import (
	"Gwen/global"
	"Gwen/model"
	"Gwen/utils"
	"context"
	"encoding/json"
	"errors"
	"golang.org/x/oauth2"
	"golang.org/x/oauth2/github"
	"golang.org/x/oauth2/google"
	"gorm.io/gorm"
	// "io"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"sync"
	"time"
	"fmt"
)


type OauthService struct {
}

// Define a struct to parse the .well-known/openid-configuration response
type OidcEndpoint struct {
	Issuer   string `json:"issuer"`
	AuthURL  string `json:"authorization_endpoint"`
	TokenURL string `json:"token_endpoint"`
	UserInfo string `json:"userinfo_endpoint"`
}

type OauthCacheItem struct {
	UserId      uint   `json:"user_id"`
	Id          string `json:"id"` //rustdesk的设备ID
	Op          string `json:"op"`
	Action      string `json:"action"`
	Uuid        string `json:"uuid"`
	DeviceName  string `json:"device_name"`
	DeviceOs    string `json:"device_os"`
	DeviceType  string `json:"device_type"`
	OpenId 		string `json:"open_id"`
	Username	string `json:"username"`
	Name   		string `json:"name"`
	Email  		string `json:"email"`
}

func (oci *OauthCacheItem) ToOauthUser() *model.OauthUser {
	return &model.OauthUser{
		OpenId: oci.OpenId,
		Username: oci.Username,
		Name: oci.Name,
		Email: oci.Email,
	}
}

var OauthCache = &sync.Map{}

const (
	OauthActionTypeLogin = "login"
	OauthActionTypeBind  = "bind"
)

func (oa *OauthCacheItem) UpdateFromOauthUser(oauthUser *model.OauthUser) {
	oa.OpenId = oauthUser.OpenId
	oa.Username = oauthUser.Username
	oa.Name = oauthUser.Name
	oa.Email = oauthUser.Email
}

// Validate the oauth type
func (os *OauthService) ValidateOauthType(oauthType string) error {
	switch oauthType {
	case model.OauthTypeGithub, model.OauthTypeGoogle, model.OauthTypeOidc, model.OauthTypeWebauth:
		return nil
	default:
		return errors.New("invalid Oauth type")
	}
}


func (os *OauthService) GetOauthCache(key string) *OauthCacheItem {
	v, ok := OauthCache.Load(key)
	if !ok {
		return nil
	}
	return v.(*OauthCacheItem)
}

func (os *OauthService) SetOauthCache(key string, item *OauthCacheItem, expire uint) {
	OauthCache.Store(key, item)
	if expire > 0 {
		go func() {
			time.Sleep(time.Duration(expire) * time.Second)
			os.DeleteOauthCache(key)
		}()
	}
}

func (os *OauthService) DeleteOauthCache(key string) {
	OauthCache.Delete(key)
}

func (os *OauthService) BeginAuth(op string) (error error, code, url string) {
	code = utils.RandomString(10) + strconv.FormatInt(time.Now().Unix(), 10)

	if op == string(model.OauthTypeWebauth) {
		url = global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/" + code
		//url = "http://localhost:8888/_admin/#/oauth/" + code
		return nil, code, url
	}
	err, _, conf := os.GetOauthConfig(op)
	if err == nil {
		return err, code, conf.AuthCodeURL(code)
	}

	return err, code, ""
}

// Method to fetch OIDC configuration dynamically
func (os *OauthService) FetchOidcEndpoint(issuer string) (error, OidcEndpoint) {
	configURL := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"

	// Get the HTTP client (with or without proxy based on configuration)
	client := getHTTPClientWithProxy()

	resp, err := client.Get(configURL)
	if err != nil {
		return errors.New("failed to fetch OIDC configuration"), OidcEndpoint{}
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		return errors.New("OIDC configuration not found, status code: %d"), OidcEndpoint{}
	}

	var endpoint OidcEndpoint
	if err := json.NewDecoder(resp.Body).Decode(&endpoint); err != nil {
		return errors.New("failed to parse OIDC configuration"), OidcEndpoint{}
	}

	return nil, endpoint
}

func (os *OauthService) FetchOidcEndpointByOp(op string) (error, OidcEndpoint) {
	oauthInfo := os.InfoByOp(op)
	if oauthInfo.Issuer == "" {
		return errors.New("issuer is empty"), OidcEndpoint{}
	}
	return os.FetchOidcEndpoint(oauthInfo.Issuer)
}

// GetOauthConfig retrieves the OAuth2 configuration based on the provider name
func (os *OauthService) GetOauthConfig(op string) (err error, oauthType string, oauthConfig *oauth2.Config) {
	err = os.ValidateOauthProvider(op)
	if err != nil {
		return err, "", nil
	}
	err, oauthType, oauthConfig = os.getOauthConfigGeneral(op)
	if err != nil {
		return err, oauthType, nil
	}
	// Maybe should validate the oauthConfig here
	switch oauthType {
	case model.OauthTypeGithub:
		oauthConfig.Endpoint = github.Endpoint
		oauthConfig.Scopes = []string{"read:user", "user:email"}
	case model.OauthTypeGoogle:
		oauthConfig.Endpoint = google.Endpoint
		oauthConfig.Scopes = []string{"https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"}
	case model.OauthTypeOidc:
		err, endpoint := os.FetchOidcEndpointByOp(op)
		if err != nil {
			return err,oauthType, nil
		}
		oauthConfig.Endpoint = oauth2.Endpoint{AuthURL:  endpoint.AuthURL,TokenURL: endpoint.TokenURL,}
		oauthConfig.Scopes = os.getScopesByOp(op)
	default:
		return errors.New("unsupported OAuth type"), oauthType, nil
	}
	return nil, oauthType, oauthConfig
}

// GetOauthConfig retrieves the OAuth2 configuration based on the provider name
func (os *OauthService) getOauthConfigGeneral(op string) (err error, oauthType string, oauthConfig *oauth2.Config) {
	g := os.InfoByOp(op)
	if g.Id == 0 || g.ClientId == "" || g.ClientSecret == "" {
		return errors.New("ConfigNotFound"), "", nil
	}
	// If the redirect URL is empty, use the default redirect URL
	if g.RedirectUrl == "" {
		g.RedirectUrl = global.Config.Rustdesk.ApiServer + "/api/oidc/callback"
	}
	return nil, g.OauthType, &oauth2.Config{
		ClientID:     g.ClientId,
		ClientSecret: g.ClientSecret,
		RedirectURL:  g.RedirectUrl,
	}
}

func getHTTPClientWithProxy() *http.Client {
	//todo add timeout
	if global.Config.Proxy.Enable {
		if global.Config.Proxy.Host == "" {
			global.Logger.Warn("Proxy is enabled but proxy host is empty.")
			return http.DefaultClient
		}
		proxyURL, err := url.Parse(global.Config.Proxy.Host)
		if err != nil {
			global.Logger.Warn("Invalid proxy URL: ", err)
			return http.DefaultClient
		}
		transport := &http.Transport{
			Proxy: http.ProxyURL(proxyURL),
		}
		return &http.Client{Transport: transport}
	}
	return http.DefaultClient
}

func (os *OauthService) callbackBase(op string, code string, userEndpoint string, userData interface{}) error {
	err, oauthType, oauthConfig := os.GetOauthConfig(op)
	if err != nil {
		return err
	}
	
	// If the OAuth type is OIDC and the user endpoint is empty
	// Fetch the OIDC configuration and get the user endpoint
	if oauthType == model.OauthTypeOidc && userEndpoint == "" {
		err, endpoint := os.FetchOidcEndpointByOp(op)
		if err != nil {
			global.Logger.Warn("failed fetching OIDC configuration: ", err)
			return errors.New("FetchOidcEndpointError")
		}
		userEndpoint = endpoint.UserInfo
	}

	// 设置代理客户端
	httpClient := getHTTPClientWithProxy()
	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)

	// 使用 code 换取 token
	token, err := oauthConfig.Exchange(ctx, code)
	if err != nil {
		global.Logger.Warn("oauthConfig.Exchange() failed: ", err)
		return errors.New("GetOauthTokenError")
	}

	// 获取用户信息
	client := oauthConfig.Client(ctx, token)
	resp, err := client.Get(userEndpoint)
	if err != nil {
		global.Logger.Warn("failed getting user info: ", err)
		return errors.New("GetOauthUserInfoError")
	}
	defer func() {
		if closeErr := resp.Body.Close(); closeErr != nil {
			global.Logger.Warn("failed closing response body: ", closeErr)
		}
	}()

	// 解析用户信息
	if err = json.NewDecoder(resp.Body).Decode(userData); err != nil {
		global.Logger.Warn("failed decoding user info: ", err)
		return errors.New("DecodeOauthUserInfoError")
	}

	return nil
}

// githubCallback github回调
func (os *OauthService) githubCallback(code string) (error, *model.OauthUser) {
	var user = &model.GithubUser{}
	const userEndpoint = "https://api.github.com/user"
	if err := os.callbackBase(model.OauthTypeGithub, code, userEndpoint, user); err != nil {
		return err, nil
	}
	return nil, user.ToOauthUser()
}

// googleCallback google回调
func (os *OauthService) googleCallback(code string) (error, *model.OauthUser) {
	var user = &model.GoogleUser{}
	const userEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo"
	if err := os.callbackBase(model.OauthTypeGoogle, code, userEndpoint, user); err != nil {
		return err, nil
	}
	return nil, user.ToOauthUser()
}

// oidcCallback oidc回调, 通过code获取用户信息
func (os *OauthService) oidcCallback(code string, op string) (error, *model.OauthUser,) {
	var user = &model.OidcUser{}
	if err := os.callbackBase(op, code, "", user); err != nil {
		return err, nil
	}
	return nil, user.ToOauthUser()
}

// Callback: Get user information by code and op(Oauth provider)
func (os *OauthService) Callback(code string, op string) (err error, oauthUser *model.OauthUser) {
    oauthType := os.GetTypeByOp(op)
    if err = os.ValidateOauthType(oauthType); err != nil {
        return err, nil
    }
    
    switch oauthType {
    case model.OauthTypeGithub:
        err, oauthUser = os.githubCallback(code)
    case model.OauthTypeGoogle:
        err, oauthUser = os.googleCallback(code)
    case model.OauthTypeOidc:
        err, oauthUser = os.oidcCallback(code, op)
    default:
        return errors.New("unsupported OAuth type"), nil
    }
    
    return err, oauthUser
}


func (os *OauthService) UserThirdInfo(op string, openId string) *model.UserThird {
	ut := &model.UserThird{}
	global.DB.Where("open_id = ? and op = ?", openId, op).First(ut)
	return ut
}

// BindOauthUser: Bind third party account
func (os *OauthService) BindOauthUser(userId uint, oauthUser *model.OauthUser, op string) error {
	utr := &model.UserThird{}
	oauthType := os.GetTypeByOp(op)
	utr.FromOauthUser(userId, oauthUser, oauthType, op)
	return global.DB.Create(utr).Error
}

// UnBindOauthUser: Unbind third party account
func (os *OauthService) UnBindOauthUser(userId uint, op string) error {
	return os.UnBindThird(op, userId)
}

// UnBindThird: Unbind third party account
func (os *OauthService) UnBindThird(op string, userId uint) error {
	return global.DB.Where("user_id = ? and op = ?", userId, op).Delete(&model.UserThird{}).Error
}

// DeleteUserByUserId: When user is deleted, delete all third party bindings
func (os *OauthService) DeleteUserByUserId(userId uint) error {
	return global.DB.Where("user_id = ?", userId).Delete(&model.UserThird{}).Error
}

// InfoById 根据id获取Oauth信息
func (os *OauthService) InfoById(id uint) *model.Oauth {
	oauthInfo := &model.Oauth{}
	global.DB.Where("id = ?", id).First(oauthInfo)
	return oauthInfo
}

// InfoByOp 根据op获取Oauth信息
func (os *OauthService) InfoByOp(op string) *model.Oauth {
	oauthInfo := &model.Oauth{}
	global.DB.Where("op = ?", op).First(oauthInfo)
	return oauthInfo
}

// Helper function to get scopes by operation
func (os *OauthService) getScopesByOp(op string) []string {
    scopes := os.InfoByOp(op).Scopes
    scopes = strings.TrimSpace(scopes) // 这里使用 `=` 而不是 `:=`，避免重新声明变量
    if scopes == "" {
        scopes = "openid,profile,email"
    }
    return strings.Split(scopes, ",")
}


func (os *OauthService) List(page, pageSize uint, where func(tx *gorm.DB)) (res *model.OauthList) {
	res = &model.OauthList{}
	res.Page = int64(page)
	res.PageSize = int64(pageSize)
	tx := global.DB.Model(&model.Oauth{})
	if where != nil {
		where(tx)
	}
	tx.Count(&res.Total)
	tx.Scopes(Paginate(page, pageSize))
	tx.Find(&res.Oauths)
	return
}

// GetTypeByOp 根据op获取OauthType
func (os *OauthService) GetTypeByOp(op string) string {
	oauthInfo := &model.Oauth{}
	if global.DB.Where("op = ?", op).First(oauthInfo).Error != nil {
		return ""
	}
	return oauthInfo.OauthType
}

func (os *OauthService) ValidateOauthProvider(op string) error {
	oauthInfo := &model.Oauth{}
    // 使用 Gorm 的 Take 方法查找符合条件的记录
    if err := global.DB.Where("op = ?", op).Take(oauthInfo).Error; err != nil {
        return fmt.Errorf("OAuth provider with op '%s' not found: %w", op, err)
    }
    return nil
}

// Create 创建
func (os *OauthService) Create(oauthInfo *model.Oauth) error {
	res := global.DB.Create(oauthInfo).Error
	return res
}
func (os *OauthService) Delete(oauthInfo *model.Oauth) error {
	return global.DB.Delete(oauthInfo).Error
}

// Update 更新
func (os *OauthService) Update(oauthInfo *model.Oauth) error {
	return global.DB.Model(oauthInfo).Updates(oauthInfo).Error
}

// GetOauthProviders 获取所有的provider
func (os *OauthService) GetOauthProviders() []string {
	var res []string
	global.DB.Model(&model.Oauth{}).Pluck("op", &res)
	return res
}