170 lines
4.5 KiB
Go
170 lines
4.5 KiB
Go
package logic
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"fusenapi/utils/auth"
|
|
"fusenapi/utils/basic"
|
|
"io"
|
|
"net/http"
|
|
"time"
|
|
|
|
"context"
|
|
|
|
"fusenapi/server/auth/internal/svc"
|
|
"fusenapi/server/auth/internal/types"
|
|
|
|
"github.com/474420502/requests"
|
|
"github.com/google/uuid"
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|
"github.com/zeromicro/go-zero/rest/httpx"
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/google"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
type UserGoogleLoginLogic struct {
|
|
logx.Logger
|
|
ctx context.Context
|
|
svcCtx *svc.ServiceContext
|
|
|
|
token string // 登录 token
|
|
|
|
isRegistered bool // 是否注册
|
|
registerToken string // 注册邮箱的token
|
|
defaultEmail string // 能从第三方拿到的默认邮箱
|
|
registerInfo *auth.RegisterToken
|
|
}
|
|
|
|
func NewUserGoogleLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *UserGoogleLoginLogic {
|
|
return &UserGoogleLoginLogic{
|
|
Logger: logx.WithContext(ctx),
|
|
ctx: ctx,
|
|
svcCtx: svcCtx,
|
|
}
|
|
}
|
|
|
|
// 处理进入前逻辑w,r
|
|
// func (l *UserGoogleLoginLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
|
|
// }
|
|
|
|
func (l *UserGoogleLoginLogic) UserGoogleLogin(req *types.RequestGoogleLogin, userinfo *auth.UserInfo) (resp *basic.Response) {
|
|
// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
|
|
// userinfo 传入值时, 一定不为null
|
|
|
|
var googleOauthConfig = &oauth2.Config{
|
|
RedirectURL: fmt.Sprintf("%s/api/auth/oauth2/login/google", l.svcCtx.Config.MainAddress),
|
|
ClientID: l.svcCtx.Config.OAuth.Google.Appid,
|
|
ClientSecret: l.svcCtx.Config.OAuth.Google.Secret,
|
|
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"},
|
|
Endpoint: google.Endpoint,
|
|
}
|
|
|
|
token, err := googleOauthConfig.Exchange(l.ctx, req.Code)
|
|
if err != nil {
|
|
logx.Error(err)
|
|
return resp.SetStatus(basic.CodeApiErr, err.Error())
|
|
}
|
|
|
|
r, err := requests.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token.AccessToken).Execute()
|
|
if err != nil {
|
|
logx.Error(err)
|
|
return resp.SetStatus(basic.CodeOAuthGoogleApiErr, err.Error())
|
|
}
|
|
|
|
gresult := r.Json()
|
|
logx.Info(gresult)
|
|
|
|
googleId := gresult.Get("id").String()
|
|
user, err := l.svcCtx.AllModels.FsUser.FindUserByGoogleId(context.TODO(), googleId)
|
|
if err != nil {
|
|
if err != gorm.ErrRecordNotFound {
|
|
logx.Error(err)
|
|
return resp.SetStatus(basic.CodeDbSqlErr)
|
|
}
|
|
|
|
nonce := make([]byte, 16)
|
|
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
|
logx.Error(err)
|
|
return resp.SetStatus(basic.CodeOK)
|
|
}
|
|
gemail := gresult.Get("email").String()
|
|
l.registerInfo = &auth.RegisterToken{
|
|
Password: base64.RawURLEncoding.EncodeToString(nonce),
|
|
Platform: string(auth.PLATFORM_GOOGLE),
|
|
Email: gemail,
|
|
OperateType: auth.OpTypeRegister,
|
|
TraceId: uuid.NewString(),
|
|
CreateAt: time.Now().UTC(),
|
|
Extend: map[string]interface{}{
|
|
"oauth_id": googleId,
|
|
"first_name": gresult.Get("family_name").String(),
|
|
"last_name": gresult.Get("given_name").String(),
|
|
},
|
|
}
|
|
|
|
l.isRegistered = false
|
|
token, err := l.svcCtx.OAuthTokenManger.Encrypt(l.registerInfo)
|
|
if err != nil {
|
|
logx.Error(err)
|
|
return resp.SetStatus(basic.CodeOAuthRegisterTokenErr)
|
|
}
|
|
l.registerToken = token
|
|
l.defaultEmail = gemail
|
|
|
|
return resp.SetStatus(basic.CodeOK)
|
|
}
|
|
|
|
l.isRegistered = true
|
|
// 如果密码匹配,则生成 JWT Token。
|
|
jwtToken, err := auth.GenerateJwtTokenUint64(auth.StringToHash(*user.PasswordHash), l.svcCtx.Config.Auth.AccessExpire, time.Now().UTC().Unix(), user.Id, 0)
|
|
|
|
// 如果生成 JWT Token 失败,则抛出错误并返回未认证的状态码。
|
|
if err != nil {
|
|
logx.Error(err)
|
|
return resp.SetStatus(basic.CodeServiceErr)
|
|
}
|
|
|
|
l.token = jwtToken
|
|
|
|
return resp.SetStatus(basic.CodeOK)
|
|
}
|
|
|
|
// 处理逻辑后 w,r 如:重定向, resp 必须重新处理
|
|
func (l *UserGoogleLoginLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) {
|
|
|
|
if resp.Code == 200 {
|
|
|
|
logx.Info(l)
|
|
|
|
rurl := fmt.Sprintf(
|
|
"http://www.fusen.3718.cn"+"/oauth?token=%s&is_registered=%t®ister_token=%s&defaultEmail=%s",
|
|
l.token,
|
|
l.isRegistered,
|
|
l.registerToken,
|
|
l.registerInfo.Email,
|
|
)
|
|
|
|
html := fmt.Sprintf(`
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Redirect</title>
|
|
<script type="text/javascript">
|
|
window.onload = function() {
|
|
window.location = "%s";
|
|
}
|
|
</script>
|
|
</head>
|
|
<body>
|
|
</body>
|
|
</html>
|
|
`, rurl)
|
|
fmt.Fprintln(w, html)
|
|
} else {
|
|
httpx.OkJson(w, resp)
|
|
}
|
|
|
|
}
|