345 lines
13 KiB
Go
345 lines
13 KiB
Go
package oauth
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/perfect-panel/server/internal/config"
|
|
"github.com/perfect-panel/server/internal/model/auth"
|
|
"github.com/perfect-panel/server/internal/model/user"
|
|
"github.com/perfect-panel/server/internal/svc"
|
|
"github.com/perfect-panel/server/internal/types"
|
|
"github.com/perfect-panel/server/pkg/jwt"
|
|
"github.com/perfect-panel/server/pkg/logger"
|
|
"github.com/perfect-panel/server/pkg/oauth/apple"
|
|
"github.com/perfect-panel/server/pkg/oauth/google"
|
|
"github.com/perfect-panel/server/pkg/oauth/telegram"
|
|
"github.com/perfect-panel/server/pkg/tool"
|
|
"github.com/perfect-panel/server/pkg/uuidx"
|
|
"github.com/perfect-panel/server/pkg/xerr"
|
|
"github.com/pkg/errors"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type googleRequest struct {
|
|
Code string `json:"code"`
|
|
State string `json:"state"`
|
|
}
|
|
type OAuthLoginGetTokenLogic struct {
|
|
logger.Logger
|
|
ctx context.Context
|
|
svcCtx *svc.ServiceContext
|
|
}
|
|
|
|
// NewOAuthLoginGetTokenLogic OAuth login get token
|
|
func NewOAuthLoginGetTokenLogic(ctx context.Context, svcCtx *svc.ServiceContext) *OAuthLoginGetTokenLogic {
|
|
return &OAuthLoginGetTokenLogic{
|
|
Logger: logger.WithContext(ctx),
|
|
ctx: ctx,
|
|
svcCtx: svcCtx,
|
|
}
|
|
}
|
|
|
|
func (l *OAuthLoginGetTokenLogic) OAuthLoginGetToken(req *types.OAuthLoginGetTokenRequest, ip, userAgent string) (resp *types.LoginResponse, err error) {
|
|
loginStatus := false
|
|
var userInfo *user.User
|
|
// Record login status
|
|
defer func(svcCtx *svc.ServiceContext) {
|
|
if userInfo != nil && userInfo.Id != 0 {
|
|
if err := svcCtx.UserModel.InsertLoginLog(l.ctx, &user.LoginLog{
|
|
UserId: userInfo.Id,
|
|
LoginIP: ip,
|
|
UserAgent: userAgent,
|
|
Success: &loginStatus,
|
|
}); err != nil {
|
|
l.Errorw("error insert login log: %v", logger.Field("error", err.Error()))
|
|
}
|
|
}
|
|
}(l.svcCtx)
|
|
switch req.Method {
|
|
case "google":
|
|
userInfo, err = l.google(req)
|
|
case "apple":
|
|
userInfo, err = l.apple(req)
|
|
case "telegram":
|
|
userInfo, err = l.telegram(req)
|
|
default:
|
|
l.Errorw("oauth login method not support: %v", logger.Field("method", req.Method))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "oauth login method not support: %v", req.Method)
|
|
}
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// Generate session id
|
|
sessionId := uuidx.NewUUID().String()
|
|
// Generate token
|
|
token, err := jwt.NewJwtToken(
|
|
l.svcCtx.Config.JwtAuth.AccessSecret,
|
|
time.Now().Unix(),
|
|
l.svcCtx.Config.JwtAuth.AccessExpire,
|
|
jwt.WithOption("UserId", userInfo.Id),
|
|
jwt.WithOption("SessionId", sessionId),
|
|
)
|
|
if err != nil {
|
|
l.Logger.Error("[UserLogin] token generate error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "token generate error: %v", err.Error())
|
|
}
|
|
|
|
sessionIdCacheKey := fmt.Sprintf("%v:%v", config.SessionIdKey, sessionId)
|
|
if err = l.svcCtx.Redis.Set(l.ctx, sessionIdCacheKey, userInfo.Id, time.Duration(l.svcCtx.Config.JwtAuth.AccessExpire)*time.Second).Err(); err != nil {
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "set session id error: %v", err.Error())
|
|
}
|
|
loginStatus = true
|
|
return &types.LoginResponse{
|
|
Token: token,
|
|
}, nil
|
|
}
|
|
|
|
func (l *OAuthLoginGetTokenLogic) google(req *types.OAuthLoginGetTokenRequest) (*user.User, error) {
|
|
var request googleRequest
|
|
err := tool.CloneMapToStruct(req.Callback.(map[string]interface{}), &request)
|
|
if err != nil {
|
|
l.Errorw("error CloneMapToStruct: %v", logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
// validate the state code
|
|
redirect, err := l.svcCtx.Redis.Get(l.ctx, fmt.Sprintf("google:%s", request.State)).Result()
|
|
if err != nil {
|
|
l.Errorw("error get google state code: %v", logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
// get google config
|
|
authMethod, err := l.svcCtx.AuthModel.FindOneByMethod(l.ctx, "google")
|
|
if err != nil {
|
|
l.Errorw("error find google auth method: %v", logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
var cfg auth.GoogleAuthConfig
|
|
err = cfg.Unmarshal(authMethod.Config)
|
|
if err != nil {
|
|
l.Errorw("error unmarshal google config: %v", logger.Field("config", authMethod.Config), logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
client := google.New(&google.Config{
|
|
ClientID: cfg.ClientId,
|
|
ClientSecret: cfg.ClientSecret,
|
|
RedirectURL: redirect,
|
|
})
|
|
token, err := client.Exchange(l.ctx, request.Code)
|
|
if err != nil {
|
|
l.Errorw("error exchange google token: %v", logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
googleUserInfo, err := client.GetUserInfo(token.AccessToken)
|
|
if err != nil {
|
|
l.Errorw("error get google user info: %v", logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
// query user info
|
|
userAuthMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "google", googleUserInfo.OpenID)
|
|
if err != nil {
|
|
if errors.As(err, &gorm.ErrRecordNotFound) {
|
|
return l.register(googleUserInfo.Email, googleUserInfo.Picture, "google", googleUserInfo.OpenID)
|
|
}
|
|
return nil, err
|
|
}
|
|
return l.svcCtx.UserModel.FindOne(l.ctx, userAuthMethod.UserId)
|
|
}
|
|
|
|
func (l *OAuthLoginGetTokenLogic) apple(req *types.OAuthLoginGetTokenRequest) (*user.User, error) {
|
|
// validate the state code
|
|
_, err := l.svcCtx.Redis.Get(l.ctx, fmt.Sprintf("apple:%s", req.Callback.(map[string]interface{})["state"])).Result()
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] Get State code error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "get apple state code failed: %v", err.Error())
|
|
}
|
|
appleAuth, err := l.svcCtx.AuthModel.FindOneByMethod(l.ctx, "apple")
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] FindOneByMethod error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find apple auth method failed: %v", err.Error())
|
|
}
|
|
var appleCfg auth.AppleAuthConfig
|
|
err = appleCfg.Unmarshal(appleAuth.Config)
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] Unmarshal error", logger.Field("error", err.Error()), logger.Field("config", appleAuth.Config))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "unmarshal apple config failed: %v", err.Error())
|
|
}
|
|
|
|
client, err := apple.New(apple.Config{
|
|
ClientID: appleCfg.ClientId,
|
|
TeamID: appleCfg.TeamID,
|
|
KeyID: appleCfg.KeyID,
|
|
ClientSecret: appleCfg.ClientSecret,
|
|
RedirectURI: appleCfg.RedirectURL,
|
|
})
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] New apple client error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "new apple client failed: %v", err.Error())
|
|
}
|
|
// verify web token
|
|
resp, err := client.VerifyWebToken(l.ctx, req.Callback.(map[string]interface{})["code"].(string))
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] VerifyWebToken error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "verify web token failed: %v", err.Error())
|
|
}
|
|
if resp.Error != "" {
|
|
l.Errorw("[AppleLoginCallback] VerifyWebToken error", logger.Field("error", resp.Error))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "verify web token failed: %v", resp.Error)
|
|
}
|
|
// query apple user unique id
|
|
appleUnique, err := apple.GetUniqueID(resp.IDToken)
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] GetUniqueID error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "get apple unique id failed: %v", err.Error())
|
|
}
|
|
// get apple user info
|
|
appleUserInfo, err := apple.GetClaims(resp.AccessToken)
|
|
if err != nil {
|
|
l.Errorw("[AppleLoginCallback] GetClaims error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "get apple user info failed: %v", err.Error())
|
|
}
|
|
// query user by apple unique id
|
|
userAuthMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "apple", appleUnique)
|
|
if err != nil {
|
|
// if user not exist, handle register
|
|
if errors.Is(err, gorm.ErrRecordNotFound) {
|
|
return l.register((*appleUserInfo)["email"].(string), "", "apple", appleUnique)
|
|
}
|
|
l.Errorw("[AppleLoginCallback] FindUserAuthMethodByOpenID error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find user auth method by openid failed: %v", err.Error())
|
|
}
|
|
// query user info
|
|
userInfo, err := l.svcCtx.UserModel.FindOne(l.ctx, userAuthMethod.UserId)
|
|
|
|
if err != nil {
|
|
l.Errorw(
|
|
"[AppleLoginCallback] FindOne error",
|
|
logger.Field("error", err.Error()),
|
|
)
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find user info failed: %v", err.Error())
|
|
}
|
|
|
|
return userInfo, nil
|
|
}
|
|
|
|
func (l *OAuthLoginGetTokenLogic) telegram(req *types.OAuthLoginGetTokenRequest) (*user.User, error) {
|
|
appleAuth, err := l.svcCtx.AuthModel.FindOneByMethod(l.ctx, "telegram")
|
|
if err != nil {
|
|
l.Errorw("[OAuthLoginGetToken] FindOneByMethod error", logger.Field("error", err.Error()))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find telegram auth method failed: %v", err.Error())
|
|
}
|
|
var telegramCfg auth.TelegramAuthConfig
|
|
err = json.Unmarshal([]byte(appleAuth.Config), &telegramCfg)
|
|
if err != nil {
|
|
l.Errorw("[OAuthLoginGetToken] Unmarshal error", logger.Field("error", err.Error()), logger.Field("config", appleAuth.Config))
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "unmarshal telegram config failed: %v", err.Error())
|
|
}
|
|
encodeText := req.Callback.(map[string]interface{})["tgAuthResult"].(string)
|
|
// base64 decode
|
|
callbackData, err := telegram.ParseAndValidateBase64([]byte(encodeText), telegramCfg.BotToken)
|
|
if err != nil {
|
|
l.Errorw("[TelegramLoginCallback] ParseAndValidateBase64 error", logger.Field("error", err.Error()))
|
|
return nil, err
|
|
}
|
|
// 验证数据有效期
|
|
if time.Now().Unix()-*callbackData.AuthDate > 86400 {
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "auth date expired")
|
|
}
|
|
// query user auth info
|
|
userAuthMethod, err := l.svcCtx.UserModel.FindUserAuthMethodByOpenID(l.ctx, "telegram", fmt.Sprintf("%v", *callbackData.Id))
|
|
if err != nil {
|
|
if errors.As(err, &gorm.ErrRecordNotFound) {
|
|
return l.register(fmt.Sprintf("%v@%s", *callbackData.Id, "qq.com"), *callbackData.PhotoUrl, "telegram", fmt.Sprintf("%v", callbackData.Id))
|
|
}
|
|
}
|
|
// query user info
|
|
userInfo, err := l.svcCtx.UserModel.FindOne(l.ctx, userAuthMethod.UserId)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "find user info failed: %v", err.Error())
|
|
}
|
|
return userInfo, nil
|
|
}
|
|
|
|
func (l *OAuthLoginGetTokenLogic) register(email, avatar, method, openid string) (*user.User, error) {
|
|
if l.svcCtx.Config.Invite.ForcedInvite {
|
|
return nil, errors.Wrapf(xerr.NewErrCode(xerr.InviteCodeError), "invite code is required")
|
|
}
|
|
var userInfo *user.User
|
|
err := l.svcCtx.UserModel.Transaction(l.ctx, func(db *gorm.DB) error {
|
|
err := db.Model(&user.User{}).Where("email = ?", email).First(&userInfo).Error
|
|
if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
|
|
return err
|
|
}
|
|
if userInfo.Id != 0 {
|
|
return errors.Wrapf(xerr.NewErrCode(xerr.UserExist), "user email exist: %v", email)
|
|
}
|
|
userInfo = &user.User{
|
|
Avatar: avatar,
|
|
}
|
|
if err := db.Create(userInfo).Error; err != nil {
|
|
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create user info failed: %v", err.Error())
|
|
}
|
|
// Generate ReferCode
|
|
userInfo.ReferCode = uuidx.UserInviteCode(userInfo.Id)
|
|
// Update ReferCode
|
|
err = db.Where("id = ?", userInfo.Id).Update("refer_code", userInfo.ReferCode).Error
|
|
if err != nil {
|
|
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "update refer code failed: %v", err.Error())
|
|
}
|
|
authMethod := &user.AuthMethods{
|
|
UserId: userInfo.Id,
|
|
AuthType: method,
|
|
AuthIdentifier: openid,
|
|
Verified: true,
|
|
}
|
|
if err = db.Create(authMethod).Error; err != nil {
|
|
l.Errorw("error create auth method: %v", logger.Field("error", err.Error()))
|
|
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create auth method failed: %v", err.Error())
|
|
}
|
|
if email != "" {
|
|
authMethod = &user.AuthMethods{
|
|
UserId: userInfo.Id,
|
|
AuthType: "email",
|
|
AuthIdentifier: email,
|
|
Verified: true,
|
|
}
|
|
if err := db.Create(authMethod).Error; err != nil {
|
|
l.Errorw("error create auth method: %v", logger.Field("error", err.Error()))
|
|
return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseInsertError), "create auth method failed: %v", err.Error())
|
|
}
|
|
}
|
|
if l.svcCtx.Config.Register.EnableTrial {
|
|
// Active trial
|
|
if err = l.activeTrial(userInfo.Id); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
return userInfo, err
|
|
}
|
|
|
|
func (l *OAuthLoginGetTokenLogic) activeTrial(uid int64) error {
|
|
sub, err := l.svcCtx.SubscribeModel.FindOne(l.ctx, l.svcCtx.Config.Register.TrialSubscribe)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
userSub := &user.Subscribe{
|
|
Id: 0,
|
|
UserId: uid,
|
|
OrderId: 0,
|
|
SubscribeId: sub.Id,
|
|
StartTime: time.Now(),
|
|
ExpireTime: tool.AddTime(l.svcCtx.Config.Register.TrialTimeUnit, l.svcCtx.Config.Register.TrialTime, time.Now()),
|
|
Traffic: sub.Traffic,
|
|
Download: 0,
|
|
Upload: 0,
|
|
Token: uuidx.SubscribeToken(fmt.Sprintf("Trial-%v", uid)),
|
|
UUID: uuidx.NewUUID().String(),
|
|
Status: 1,
|
|
}
|
|
return l.svcCtx.UserModel.InsertSubscribe(l.ctx, userSub)
|
|
}
|