@@ -1 +1,91 @@
|
||||
package data
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"nixcn-cms/internal/cryptography"
|
||||
"strings"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/spf13/viper"
|
||||
"gorm.io/datatypes"
|
||||
)
|
||||
|
||||
type Client struct {
|
||||
Id uint `json:"id" gorm:"primaryKey;autoIncrement"`
|
||||
UUID uuid.UUID `json:"uuid" gorm:"type:uuid;uniqueIndex;not null"`
|
||||
ClientId string `json:"client_id" gorm:"type:varchar(255);uniqueIndex;not null"`
|
||||
ClientSecret string `json:"client_secret" gorm:"type:varchar(255);not null"`
|
||||
ClientName string `json:"client_name" gorm:"type:varchar(255);uniqueIndex;not null"`
|
||||
RedirectUri datatypes.JSON `json:"redirect_uri" gorm:"type:json;not null"`
|
||||
}
|
||||
|
||||
func (self *Client) GetClientByClientId(clientId string) (*Client, error) {
|
||||
var client Client
|
||||
if err := Database.
|
||||
Where("client_id = ?", clientId).
|
||||
First(&client).Error; err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &client, nil
|
||||
}
|
||||
|
||||
func (self *Client) GetDecryptedSecret() (string, error) {
|
||||
secretKey := viper.GetString("secrets.client_secret_key")
|
||||
secret, err := cryptography.AESCBCDecrypt(self.ClientSecret, []byte(secretKey))
|
||||
return string(secret), err
|
||||
}
|
||||
|
||||
type ClientParams struct {
|
||||
ClientId string
|
||||
ClientName string
|
||||
RedirectUri []string
|
||||
}
|
||||
|
||||
func (self *Client) Create(params *ClientParams) (*Client, error) {
|
||||
jsonRedirectUri, err := json.Marshal(params.RedirectUri)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
encKey := viper.GetString("secrets.client_secret_key")
|
||||
b := make([]byte, 32)
|
||||
if _, err := rand.Read(b); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
clientSecret := base64.RawURLEncoding.EncodeToString(b)
|
||||
encryptedSecret, err := cryptography.AESCBCEncrypt([]byte(clientSecret), []byte(encKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
client := &Client{
|
||||
UUID: uuid.New(),
|
||||
ClientId: params.ClientId,
|
||||
ClientSecret: encryptedSecret,
|
||||
ClientName: params.ClientName,
|
||||
RedirectUri: jsonRedirectUri,
|
||||
}
|
||||
|
||||
if err := Database.Create(&client).Error; err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return client, nil
|
||||
}
|
||||
|
||||
func (self *Client) ValidateRedirectURI(redirectURI string) error {
|
||||
var uris []string
|
||||
if err := json.Unmarshal(self.RedirectUri, &uris); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, prefix := range uris {
|
||||
if strings.HasPrefix(redirectURI, prefix) {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return errors.New("redirect uri not match")
|
||||
}
|
||||
|
||||
@@ -35,7 +35,7 @@ func Init() {
|
||||
}
|
||||
|
||||
// Auto migrate
|
||||
err = db.AutoMigrate(&User{}, &Event{}, &Attendance{})
|
||||
err = db.AutoMigrate(&User{}, &Event{}, &Attendance{}, &Client{})
|
||||
if err != nil {
|
||||
log.Error("[Database] Error migrating database: ", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user