synctv/server/oauth2/auth.go

package auth

import (
	"context"
	"errors"
	"fmt"
	"net/http"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/synctv-org/synctv/internal/bootstrap"
	"github.com/synctv-org/synctv/internal/db"
	dbModel "github.com/synctv-org/synctv/internal/model"
	"github.com/synctv-org/synctv/internal/op"
	"github.com/synctv-org/synctv/internal/provider"
	"github.com/synctv-org/synctv/internal/provider/providers"
	"github.com/synctv-org/synctv/internal/settings"
	"github.com/synctv-org/synctv/server/middlewares"
	"github.com/synctv-org/synctv/server/model"
	"github.com/synctv-org/synctv/utils"
)

// GET
// /oauth2/login/:type
func OAuth2(ctx *gin.Context) {
	pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))
	if err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
		return
	}

	state := utils.RandString(16)
	states.Store(state, stateMeta{
		OAuth2Req: model.OAuth2Req{
			Redirect: ctx.Query("redirect"),
		},
	}, time.Minute*5)

	RenderRedirect(ctx, pi.NewAuthURL(state))
}

// POST
func OAuth2Api(ctx *gin.Context) {
	pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))
	if err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
	}

	meta := model.OAuth2Req{}
	if err := model.Decode(ctx, &meta); err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
		return
	}

	state := utils.RandString(16)
	states.Store(state, stateMeta{
		OAuth2Req: meta,
	}, time.Minute*5)

	ctx.JSON(http.StatusOK, model.NewApiDataResp(gin.H{
		"url": pi.NewAuthURL(state),
	}))
}

// GET
// /oauth2/callback/:type
func OAuth2Callback(ctx *gin.Context) {
	code := ctx.Query("code")
	if code == "" {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorStringResp("invalid oauth2 code"))
		return
	}

	pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))
	if err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
		return
	}

	ld, err := login(ctx, ctx.Query("state"), code, pi)
	if err != nil {
		if err == op.ErrUserBanned || err == op.ErrUserPending {
			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
			return
		}
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
		return
	}

	RenderToken(ctx, ld.redirect, ld.token)
}

// POST
// /oauth2/callback/:type
func OAuth2CallbackApi(ctx *gin.Context) {
	req := model.OAuth2CallbackReq{}
	if err := req.Decode(ctx); err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
		return
	}

	pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))
	if err != nil {
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
	}

	ld, err := login(ctx, req.State, req.Code, pi)
	if err != nil {
		if err == op.ErrUserBanned || err == op.ErrUserPending {
			ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
			return
		}
		ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
		return
	}

	ctx.JSON(http.StatusOK, model.NewApiDataResp(gin.H{
		"token":    ld.token,
		"redirect": ld.redirect,
	}))
}

type loginData struct {
	token, redirect string
}

func login(ctx context.Context, state, code string, pi provider.ProviderInterface) (*loginData, error) {
	meta, loaded := states.LoadAndDelete(state)
	if !loaded {
		return nil, errors.New("invalid oauth2 state")
	}

	t, err := pi.GetToken(ctx, code)
	if err != nil {
		return nil, err
	}

	ui, err := pi.GetUserInfo(ctx, t)
	if err != nil {
		return nil, err
	}

	pgs, loaded := bootstrap.ProviderGroupSettings[dbModel.SettingGroup(fmt.Sprintf("%s_%s", dbModel.SettingGroupOauth2, pi.Provider()))]
	if !loaded {
		return nil, errors.New("invalid oauth2 provider")
	}

	var user *op.User
	if meta.Value().BindUserId != "" {
		user, err = op.LoadOrInitUserByID(meta.Value().BindUserId)
	} else if settings.DisableUserSignup.Get() || pgs.DisableUserSignup.Get() {
		user, err = op.GetUserByProvider(pi.Provider(), ui.ProviderUserID)
	} else {
		if settings.SignupNeedReview.Get() || pgs.SignupNeedReview.Get() {
			user, err = op.CreateOrLoadUserWithProvider(ui.Username, utils.RandString(16), pi.Provider(), ui.ProviderUserID, db.WithRole(dbModel.RolePending))
		} else {
			user, err = op.CreateOrLoadUserWithProvider(ui.Username, utils.RandString(16), pi.Provider(), ui.ProviderUserID)
		}
	}
	if err != nil {
		return nil, err
	}

	if meta.Value().BindUserId != "" {
		err = user.BindProvider(pi.Provider(), ui.ProviderUserID)
		if err != nil {
			return nil, err
		}
	}

	token, err := middlewares.NewAuthUserToken(user)
	if err != nil {
		return nil, err
	}

	return &loginData{
		token:    token,
		redirect: meta.Value().Redirect,
	}, nil
}
Feat: use oauth2 2 years ago			`package auth`

			`import (`
Feat: user bind unbind providers 2 years ago			`"context"`
			`"errors"`
Feat: provider enable sign up or review 2 years ago			`"fmt"`
Feat: use oauth2 2 years ago			`"net/http"`
Feat: oauth2 api 2 years ago			`"time"`
Feat: use oauth2 2 years ago
			`"github.com/gin-gonic/gin"`
Feat: provider enable sign up or review 2 years ago			`"github.com/synctv-org/synctv/internal/bootstrap"`
Feat: pending user 2 years ago			`"github.com/synctv-org/synctv/internal/db"`
			`dbModel "github.com/synctv-org/synctv/internal/model"`
Feat: use oauth2 2 years ago			`"github.com/synctv-org/synctv/internal/op"`
			`"github.com/synctv-org/synctv/internal/provider"`
Feat: settings 2 years ago			`"github.com/synctv-org/synctv/internal/provider/providers"`
Opt: global user signup review setting 2 years ago			`"github.com/synctv-org/synctv/internal/settings"`
Feat: use oauth2 2 years ago			`"github.com/synctv-org/synctv/server/middlewares"`
			`"github.com/synctv-org/synctv/server/model"`
Feat: oauth2 api 2 years ago			`"github.com/synctv-org/synctv/utils"`
Feat: use oauth2 2 years ago			`)`

Feat: user bind unbind providers 2 years ago			`// GET`
Feat: use oauth2 2 years ago			`// /oauth2/login/:type`
			`func OAuth2(ctx *gin.Context) {`
Feat: user bind unbind providers 2 years ago			`pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))`
Feat: use oauth2 2 years ago			`if err != nil {`
			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
Feat: boot init provider 2 years ago			`return`
Feat: use oauth2 2 years ago			`}`

Feat: oauth2 api 2 years ago			`state := utils.RandString(16)`
Feat: user bind unbind providers 2 years ago			`states.Store(state, stateMeta{`
			`OAuth2Req: model.OAuth2Req{`
			`Redirect: ctx.Query("redirect"),`
			`},`
			`}, time.Minute*5)`
Feat: oauth2 api 2 years ago
Feat: oauth2 provider plugins 2 years ago			`RenderRedirect(ctx, pi.NewAuthURL(state))`
Feat: oauth2 api 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`// POST`
Feat: oauth2 api 2 years ago			`func OAuth2Api(ctx *gin.Context) {`
Feat: user bind unbind providers 2 years ago			`pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))`
Feat: oauth2 api 2 years ago			`if err != nil {`
			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
			`}`

Feat: user bind unbind providers 2 years ago			`meta := model.OAuth2Req{}`
			`if err := model.Decode(ctx, &meta); err != nil {`
			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
			`return`
			`}`

Feat: oauth2 api 2 years ago			`state := utils.RandString(16)`
Feat: user bind unbind providers 2 years ago			`states.Store(state, stateMeta{`
			`OAuth2Req: meta,`
			`}, time.Minute*5)`
Feat: oauth2 api 2 years ago
			`ctx.JSON(http.StatusOK, model.NewApiDataResp(gin.H{`
Feat: oauth2 provider plugins 2 years ago			`"url": pi.NewAuthURL(state),`
Feat: oauth2 api 2 years ago			`}))`
Feat: use oauth2 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`// GET`
Feat: use oauth2 2 years ago			`// /oauth2/callback/:type`
			`func OAuth2Callback(ctx *gin.Context) {`
Fix: callback api 2 years ago			`code := ctx.Query("code")`
			`if code == "" {`
			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorStringResp("invalid oauth2 code"))`
Feat: oauth2 api 2 years ago			`return`
			`}`

Feat: user bind unbind providers 2 years ago			`pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))`
Feat: oauth2 api 2 years ago			`if err != nil {`
			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
Feat: impl baidu netdisk oauth2 2 years ago			`return`
Feat: oauth2 api 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`ld, err := login(ctx, ctx.Query("state"), code, pi)`
Feat: oauth2 provider plugins 2 years ago			`if err != nil {`
Feat: user password and admin user 2 years ago			`if err == op.ErrUserBanned \|\| err == op.ErrUserPending {`
			`ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))`
			`return`
			`}`
Feat: oauth2 provider plugins 2 years ago			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
			`return`
			`}`

Feat: user bind unbind providers 2 years ago			`RenderToken(ctx, ld.redirect, ld.token)`
			`}`

			`// POST`
			`// /oauth2/callback/:type`
			`func OAuth2CallbackApi(ctx *gin.Context) {`
			`req := model.OAuth2CallbackReq{}`
			`if err := req.Decode(ctx); err != nil {`
Feat: oauth2 api 2 years ago			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
			`return`
			`}`

Feat: user bind unbind providers 2 years ago			`pi, err := providers.GetProvider(provider.OAuth2Provider(ctx.Param("type")))`
Feat: oauth2 api 2 years ago			`if err != nil {`
Feat: user bind unbind providers 2 years ago			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
Feat: oauth2 api 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`ld, err := login(ctx, req.State, req.Code, pi)`
Feat: oauth2 api 2 years ago			`if err != nil {`
Feat: user password and admin user 2 years ago			`if err == op.ErrUserBanned \|\| err == op.ErrUserPending {`
			`ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))`
			`return`
			`}`
Feat: user bind unbind providers 2 years ago			`ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))`
Feat: oauth2 api 2 years ago			`return`
			`}`

Feat: user bind unbind providers 2 years ago			`ctx.JSON(http.StatusOK, model.NewApiDataResp(gin.H{`
			`"token": ld.token,`
			`"redirect": ld.redirect,`
			`}))`
Feat: oauth2 api 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`type loginData struct {`
			`token, redirect string`
			`}`
Feat: use oauth2 2 years ago
Feat: user bind unbind providers 2 years ago			`func login(ctx context.Context, state, code string, pi provider.ProviderInterface) (*loginData, error) {`
			`meta, loaded := states.LoadAndDelete(state)`
Feat: use oauth2 2 years ago			`if !loaded {`
Feat: user bind unbind providers 2 years ago			`return nil, errors.New("invalid oauth2 state")`
Feat: use oauth2 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`t, err := pi.GetToken(ctx, code)`
Feat: use oauth2 2 years ago			`if err != nil {`
Feat: user bind unbind providers 2 years ago			`return nil, err`
Feat: oauth2 provider plugins 2 years ago			`}`

			`ui, err := pi.GetUserInfo(ctx, t)`
Feat: use oauth2 2 years ago			`if err != nil {`
Feat: user bind unbind providers 2 years ago			`return nil, err`
Feat: use oauth2 2 years ago			`}`

Feat: provider enable sign up or review 2 years ago			`pgs, loaded := bootstrap.ProviderGroupSettings[dbModel.SettingGroup(fmt.Sprintf("%s_%s", dbModel.SettingGroupOauth2, pi.Provider()))]`
			`if !loaded {`
			`return nil, errors.New("invalid oauth2 provider")`
			`}`

Feat: disable user signup setting 2 years ago			`var user *op.User`
Feat: user bind unbind providers 2 years ago			`if meta.Value().BindUserId != "" {`
Feat: user password and admin user 2 years ago			`user, err = op.LoadOrInitUserByID(meta.Value().BindUserId)`
Opt: global user signup review setting 2 years ago			`} else if settings.DisableUserSignup.Get() \|\| pgs.DisableUserSignup.Get() {`
Feat: user bind unbind providers 2 years ago			`user, err = op.GetUserByProvider(pi.Provider(), ui.ProviderUserID)`
Feat: disable user signup setting 2 years ago			`} else {`
Opt: global user signup review setting 2 years ago			`if settings.SignupNeedReview.Get() \|\| pgs.SignupNeedReview.Get() {`
Feat: user password and admin user 2 years ago			`user, err = op.CreateOrLoadUserWithProvider(ui.Username, utils.RandString(16), pi.Provider(), ui.ProviderUserID, db.WithRole(dbModel.RolePending))`
Feat: user bind unbind providers 2 years ago			`} else {`
Feat: user password and admin user 2 years ago			`user, err = op.CreateOrLoadUserWithProvider(ui.Username, utils.RandString(16), pi.Provider(), ui.ProviderUserID)`
Feat: user bind unbind providers 2 years ago			`}`
Feat: disable user signup setting 2 years ago			`}`
Feat: use oauth2 2 years ago			`if err != nil {`
Feat: user bind unbind providers 2 years ago			`return nil, err`
			`}`

			`if meta.Value().BindUserId != "" {`
Feat: user password and admin user 2 years ago			`err = user.BindProvider(pi.Provider(), ui.ProviderUserID)`
Feat: user bind unbind providers 2 years ago			`if err != nil {`
			`return nil, err`
			`}`
Feat: use oauth2 2 years ago			`}`

			`token, err := middlewares.NewAuthUserToken(user)`
			`if err != nil {`
Feat: user bind unbind providers 2 years ago			`return nil, err`
Feat: use oauth2 2 years ago			`}`

Feat: user bind unbind providers 2 years ago			`return &loginData{`
			`token: token,`
Fix: auth Redirect url 2 years ago			`redirect: meta.Value().Redirect,`
Feat: user bind unbind providers 2 years ago			`}, nil`
Feat: use oauth2 2 years ago			`}`