From cd93491d98c46b3ab1976bc1fcfe06bc18814d79 Mon Sep 17 00:00:00 2001 From: Asai Neko Date: Tue, 20 Jan 2026 18:51:15 +0800 Subject: [PATCH] Add exchange api endpoint, fix jwt authtoken var type error Signed-off-by: Asai Neko --- data/client.go | 4 +-- middleware/jwt.go | 9 ++--- pkgs/authtoken/authtoken.go | 1 + service/auth/exchange.go | 65 +++++++++++++++++++++++++++++++++++++ service/auth/handler.go | 3 +- service/auth/redirect.go | 37 --------------------- service/event/handler.go | 2 +- service/user/handler.go | 2 +- 8 files changed, 75 insertions(+), 48 deletions(-) create mode 100644 service/auth/exchange.go diff --git a/data/client.go b/data/client.go index e372a30..f0a024e 100644 --- a/data/client.go +++ b/data/client.go @@ -32,10 +32,10 @@ func (self *Client) GetClientByClientId(clientId string) (*Client, error) { return &client, nil } -func (self *Client) GetDecryptedSecret() (string, error) { +func (self *Client) GetDecryptedSecret() ([]byte, error) { secretKey := viper.GetString("secrets.client_secret_key") secret, err := cryptography.AESCBCDecrypt(self.ClientSecret, []byte(secretKey)) - return string(secret), err + return secret, err } type ClientParams struct { diff --git a/middleware/jwt.go b/middleware/jwt.go index ace983c..f97249b 100644 --- a/middleware/jwt.go +++ b/middleware/jwt.go @@ -1,13 +1,14 @@ package middleware import ( + "fmt" "nixcn-cms/pkgs/authtoken" "nixcn-cms/utils" "github.com/gin-gonic/gin" ) -func JWTAuth(required bool) gin.HandlerFunc { +func JWTAuth() gin.HandlerFunc { return func(c *gin.Context) { auth := c.GetHeader("Authorization") @@ -15,11 +16,7 @@ func JWTAuth(required bool) gin.HandlerFunc { authtoken := new(authtoken.Token) uid, err := authtoken.HeaderVerify(auth) if err != nil { - utils.HttpAbort(c, 401, "", "unauthorized") - return - } - - if required == true && uid == "" { + fmt.Println(err) utils.HttpAbort(c, 401, "", "unauthorized") return } diff --git a/pkgs/authtoken/authtoken.go b/pkgs/authtoken/authtoken.go index ee06931..ac135c8 100644 --- a/pkgs/authtoken/authtoken.go +++ b/pkgs/authtoken/authtoken.go @@ -288,6 +288,7 @@ func (self *Token) HeaderVerify(header string) (string, error) { ) if err != nil || !token.Valid { + fmt.Println(err) return "", errors.New("invalid or expired token") } diff --git a/service/auth/exchange.go b/service/auth/exchange.go new file mode 100644 index 0000000..cd51d80 --- /dev/null +++ b/service/auth/exchange.go @@ -0,0 +1,65 @@ +package auth + +import ( + "net/url" + "nixcn-cms/data" + "nixcn-cms/pkgs/authcode" + "nixcn-cms/utils" + + "github.com/gin-gonic/gin" + "github.com/google/uuid" +) + +func Exchange(c *gin.Context) { + var exchangeReq struct { + ClientId string `json:"client_id"` + RedirectUri string `json:"redirect_uri"` + State string `json:"state"` + } + + err := c.BindJSON(exchangeReq) + if err != nil { + utils.HttpResponse(c, 400, "", "invalid request") + return + } + + userIdOrig, ok := c.Get("user_id") + if !ok { + utils.HttpResponse(c, 401, "", "unauthorized") + return + } + + userId, err := uuid.Parse(userIdOrig.(string)) + if err != nil { + utils.HttpResponse(c, 500, "", "failed to parse uuid") + return + } + + userData := new(data.User) + user, err := userData.GetByUserId(userId) + if err != nil { + utils.HttpResponse(c, 500, "", "failed to get user id") + return + } + + code, err := authcode.NewAuthCode(exchangeReq.ClientId, user.Email) + if err != nil { + utils.HttpResponse(c, 500, "", "code gen failed") + return + } + + url, err := url.Parse(exchangeReq.RedirectUri) + if err != nil { + utils.HttpResponse(c, 400, "", "invalid redirect uri") + return + } + query := url.Query() + query.Set("code", code) + url.RawQuery = query.Encode() + + exchangeResp := struct { + RedirectUri string `json:"redirect_uri"` + }{url.String()} + + utils.HttpResponse(c, 200, "", "success", exchangeResp) +} diff --git a/service/auth/handler.go b/service/auth/handler.go index 47ad5cb..a421d6d 100644 --- a/service/auth/handler.go +++ b/service/auth/handler.go @@ -7,8 +7,9 @@ import ( ) func Handler(r *gin.RouterGroup) { - r.GET("/redirect", middleware.JWTAuth(false), Redirect) + r.GET("/redirect", Redirect) r.POST("/magic", middleware.ApiVersionCheck(), Magic) r.POST("/token", middleware.ApiVersionCheck(), Token) r.POST("/refresh", middleware.ApiVersionCheck(), Refresh) + r.POST("/exchange", middleware.ApiVersionCheck(), middleware.JWTAuth(), Exchange) } diff --git a/service/auth/redirect.go b/service/auth/redirect.go index dce3d7f..01106a6 100644 --- a/service/auth/redirect.go +++ b/service/auth/redirect.go @@ -31,43 +31,6 @@ func Redirect(c *gin.Context) { } code := c.Query("code") - if code == "" { - userIdOrig, ok := c.Get("user_id") - if !ok || userIdOrig == "" { - utils.HttpResponse(c, 401, "", "unauthorized") - return - } - - userId, err := uuid.Parse(userIdOrig.(string)) - if err != nil { - utils.HttpResponse(c, 500, "", "failed to parse uuid") - return - } - - userData := new(data.User) - user, err := userData.GetByUserId(userId) - if err != nil { - utils.HttpResponse(c, 500, "", "failed to get user id") - return - } - - code, err := authcode.NewAuthCode(clientId, user.Email) - if err != nil { - utils.HttpResponse(c, 500, "", "code gen failed") - return - } - - url, err := url.Parse(redirectUri) - if err != nil { - utils.HttpResponse(c, 400, "", "invalid redirect uri") - return - } - query := url.Query() - query.Set("code", code) - url.RawQuery = query.Encode() - - c.Redirect(302, url.String()) - } // Verify email token authCode, ok := authcode.VerifyAuthCode(code) diff --git a/service/event/handler.go b/service/event/handler.go index a83ac32..875c9f3 100644 --- a/service/event/handler.go +++ b/service/event/handler.go @@ -7,7 +7,7 @@ import ( ) func Handler(r *gin.RouterGroup) { - r.Use(middleware.JWTAuth(true), middleware.Permission(10)) + r.Use(middleware.JWTAuth(), middleware.Permission(10)) r.GET("/info", Info) r.GET("/checkin", Checkin) r.GET("/checkin/query", CheckinQuery) diff --git a/service/user/handler.go b/service/user/handler.go index 7a79a63..350c297 100644 --- a/service/user/handler.go +++ b/service/user/handler.go @@ -7,7 +7,7 @@ import ( ) func Handler(r *gin.RouterGroup) { - r.Use(middleware.JWTAuth(true), middleware.Permission(5)) + r.Use(middleware.JWTAuth(), middleware.Permission(5)) r.GET("/info", Info) r.PATCH("/update", Update) r.GET("/list", middleware.Permission(20), List)