khaledmahfouz5/Maqtaa
1
0
نسخ 1
الشفرة المشكلات طلبات السحب Actions Packages المشاريع الإصدارات الويكي النشاط

Support Github and Gitea OAuth providers

تصفح المصدر
هذا الالتزام موجود في:
Thomas Miceli
2023-04-17 14:25:39 +02:00
الأصل 47cbf5e7ef
التزام a6c5696ceb
10 ملفات معدلة مع 641 إضافات و20 حذوفات
تنزيل ملف التصحيح تنزيل ملف الاختلاف توسيع جميع الملفات طي جميع الملفات

144
internal/web/auth.go
عرض الملف

@@ -1,11 +1,18 @@
package web
import (
"context"
"crypto/md5"
"errors"
"fmt"
"github.com/labstack/echo/v4"
"github.com/markbates/goth/gothic"
"github.com/rs/zerolog/log"
"gorm.io/gorm"
"io"
"net/http"
"opengist/internal/models"
"strings"
)
func register(ctx echo.Context) error {
@@ -106,6 +113,143 @@ func processLogin(ctx echo.Context) error {
return redirect(ctx, "/")
}
func oauthCallback(ctx echo.Context) error {
user, err := gothic.CompleteUserAuth(ctx.Response(), ctx.Request())
if err != nil {
return errorRes(400, "Cannot complete user auth", err)
}
currUser := getUserLogged(ctx)
if currUser != nil {
// if user is logged in, link account to user
switch user.Provider {
case "github":
currUser.GithubID = user.UserID
case "gitea":
currUser.GiteaID = user.UserID
}
if err = currUser.Update(); err != nil {
return errorRes(500, "Cannot update user "+strings.Title(user.Provider)+" id", err)
}
addFlash(ctx, "Account linked to "+strings.Title(user.Provider), "success")
return redirect(ctx, "/settings")
}
// if user is not in database, create it
userDB, err := models.GetUserByProvider(user.UserID, user.Provider)
if err != nil {
if !errors.Is(err, gorm.ErrRecordNotFound) {
return errorRes(500, "Cannot get user", err)
}
userDB = &models.User{
Username: user.NickName,
Email: user.Email,
MD5Hash: fmt.Sprintf("%x", md5.Sum([]byte(strings.ToLower(strings.TrimSpace(user.Email))))),
}
switch user.Provider {
case "github":
userDB.GithubID = user.UserID
case "gitea":
userDB.GiteaID = user.UserID
}
if err = userDB.Create(); err != nil {
if models.IsUniqueConstraintViolation(err) {
addFlash(ctx, "Username "+user.NickName+" already exists in opengist", "error")
return redirect(ctx, "/login")
}
return errorRes(500, "Cannot create user", err)
}
var resp *http.Response
switch user.Provider {
case "github":
resp, err = http.Get("https://github.com/" + user.NickName + ".keys")
case "gitea":
resp, err = http.Get("https://gitea.com/" + user.NickName + ".keys")
}
if err == nil {
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
addFlash(ctx, "Could not get user keys", "error")
log.Error().Err(err).Msg("Could not get user keys")
}
keys := strings.Split(string(body), "\n")
if len(keys[len(keys)-1]) == 0 {
keys = keys[:len(keys)-1]
}
for _, key := range keys {
sshKey := models.SSHKey{
Title: "Added from " + user.Provider,
Content: key,
User: *userDB,
}
if err = sshKey.Create(); err != nil {
addFlash(ctx, "Could not create ssh key", "error")
log.Error().Err(err).Msg("Could not create ssh key")
}
}
}
}
sess := getSession(ctx)
sess.Values["user"] = userDB.ID
saveSession(sess, ctx)
deleteCsrfCookie(ctx)
return redirect(ctx, "/")
}
func oauth(ctx echo.Context) error {
provider := ctx.Param("provider")
currUser := getUserLogged(ctx)
if currUser != nil {
isDelete := false
var err error
switch provider {
case "github":
if currUser.GithubID != "" {
isDelete = true
err = currUser.DeleteProvider(provider)
}
case "gitea":
if currUser.GiteaID != "" {
isDelete = true
err = currUser.DeleteProvider(provider)
}
}
if err != nil {
return errorRes(500, "Cannot unlink account from "+strings.Title(provider), err)
}
if isDelete {
addFlash(ctx, "Account unlinked from "+strings.Title(provider), "success")
return redirect(ctx, "/settings")
}
}
ctxValue := context.WithValue(ctx.Request().Context(), "provider", provider)
ctx.SetRequest(ctx.Request().WithContext(ctxValue))
if provider != "github" && provider != "gitea" {
return errorRes(400, "Unsupported provider", nil)
}
gothic.BeginAuthHandler(ctx.Response(), ctx.Request())
return nil
}
func logout(ctx echo.Context) error {
deleteSession(ctx)
deleteCsrfCookie(ctx)

7
internal/web/config.go
عرض الملف

@@ -2,8 +2,6 @@ package web
import (
"crypto/md5"
"crypto/sha256"
"encoding/base64"
"fmt"
"github.com/labstack/echo/v4"
"golang.org/x/crypto/ssh"
@@ -76,15 +74,12 @@ func sshKeysProcess(ctx echo.Context) error {
key.UserID = user.ID
pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))
_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))
if err != nil {
addFlash(ctx, "Invalid SSH key", "error")
return redirect(ctx, "/settings")
}
sha := sha256.Sum256(pubKey.Marshal())
key.SHA = base64.StdEncoding.EncodeToString(sha[:])
if err := key.Create(); err != nil {
return errorRes(500, "Cannot add SSH key", err)
}

17
internal/web/run.go
عرض الملف

@@ -8,6 +8,10 @@ import (
"github.com/gorilla/sessions"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
"github.com/markbates/goth"
"github.com/markbates/goth/gothic"
"github.com/markbates/goth/providers/gitea"
"github.com/markbates/goth/providers/github"
"github.com/rs/zerolog/log"
"html/template"
"io"
@@ -96,6 +100,17 @@ func (t *Template) Render(w io.Writer, name string, data interface{}, _ echo.Con
func Start() {
store = sessions.NewCookieStore([]byte("opengist"))
gothic.Store = store
goth.UseProviders(
github.New("d92c7e165383b2804407", "ffc450216b9776a752cdb0e533f953f65ce632a3", "http://localhost:6157/oauth/github/callback"),
gitea.NewCustomisedURL(
"efdd0fed-6972-42ce-8f9f-e65b9fd0ca09",
"gto_dwilh6ia4nic4f4dt5owv4h7rvuss5ajw2ctqqa44xcpwevyg6wq",
"http://localhost:6157/oauth/gitea/callback",
"http://localhost:3000/login/oauth/authorize",
"http://localhost:3000/login/oauth/access_token",
"http://localhost:3000/api/v1/user"),
)
assetsFS := echo.MustSubFS(EmbedFS, "public/assets")
e := echo.New()
@@ -166,6 +181,8 @@ func Start() {
g1.GET("/login", login)
g1.POST("/login", processLogin)
g1.GET("/logout", logout)
g1.GET("/oauth/:provider", oauth)
g1.GET("/oauth/:provider/callback", oauthCallback)
g1.GET("/settings", userSettings, logged)
g1.POST("/settings/email", emailProcess, logged)