feat: add Oauth2 Login (#420)

2026-05-24 09:39:49 +08:00 · 2024-08-18 14:39:50 +08:00
parent 6d4783e1cd
commit b5b59acdb3
27 changed files with 614 additions and 17 deletions
--- a/worker/src/admin_api/index.ts
+++ b/worker/src/admin_api/index.ts
@@ -9,6 +9,7 @@ import cleanup_api from './cleanup_api'
 import admin_user_api from './admin_user_api'
 import webhook_settings from './webhook_settings'
 import mail_webhook_settings from './mail_webhook_settings'
+import oauth2_settings from './oauth2_settings'

 export const api = new Hono<HonoCustomType>()

@@ -313,6 +314,10 @@ api.post('/admin/users/:user_id/reset_password', admin_user_api.resetPassword)
 api.get('/admin/user_roles', async (c) => c.json(getUserRoles(c)))
 api.post('/admin/user_roles', admin_user_api.updateUserRoles)

+// user oauth2 settings
+api.get('/admin/user_oauth2_settings', oauth2_settings.getUserOauth2Settings)
+api.post('/admin/user_oauth2_settings', oauth2_settings.saveUserOauth2Settings)
+
 // webhook settings
 api.get("/admin/webhook/settings", webhook_settings.getWebhookSettings);
 api.post("/admin/webhook/settings", webhook_settings.saveWebhookSettings);
--- a/worker/src/admin_api/oauth2_settings.ts
+++ b/worker/src/admin_api/oauth2_settings.ts
@@ -0,0 +1,34 @@
+import { Context } from 'hono';
+
+import { CONSTANTS } from '../constants';
+import { UserOauth2Settings } from "../models";
+import { HonoCustomType } from '../types';
+import { getJsonSetting, saveSetting } from '../utils';
+
+async function getUserOauth2Settings(c: Context<HonoCustomType>): Promise<Response> {
+    const settings = await getJsonSetting<UserOauth2Settings[]>(c, CONSTANTS.OAUTH2_SETTINGS_KEY);
+    return c.json(settings || []);
+}
+
+async function saveUserOauth2Settings(c: Context<HonoCustomType>): Promise<Response> {
+    const settings = await c.req.json<UserOauth2Settings[]>();
+    for (const setting of settings) {
+        if (!setting.name || !setting.clientID || !setting.clientSecret
+            || !setting.authorizationURL || !setting.accessTokenURL
+            || !setting.accessTokenFormat
+            || !setting.userInfoURL || !setting.redirectURL
+            || !setting.userEmailKey || !setting.scope) {
+            return c.text(`${setting.name} is missing required fields`, 400);
+        }
+        if (setting.enableMailAllowList && (setting.mailAllowList?.length || 0) < 1) {
+            return c.text(`${setting.name} is missing mail allow list`, 400);
+        }
+    }
+    await saveSetting(c, CONSTANTS.OAUTH2_SETTINGS_KEY, JSON.stringify(settings));
+    return c.json({ success: true })
+}
+
+export default {
+    getUserOauth2Settings,
+    saveUserOauth2Settings,
+}