From c96d180591ab433be380603145f3fecc5c40e463 Mon Sep 17 00:00:00 2001
From: Dream Hunter <dreamhunter2333@gmail.com>
Date: Mon, 14 Jul 2025 23:55:36 +0800
Subject: [PATCH] feat(oauth2): add default role assignment for new OAuth2
 users (#688)

- Add default role assignment logic in OAuth2 login flow
- Import getStringValue and getUserRoles utilities
- Validate default role exists in system before assignment
- Use ON CONFLICT DO NOTHING to preserve existing user roles
- Add proper error handling for role assignment failures
---
 CHANGELOG.md                  |  1 +
 worker/src/user_api/oauth2.ts | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 564c9208..1d7978e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 ## main(v1.0.1)
 
 - feat: |UI| 增加极简模式主页, 可在 `外观` 中切换
+- fix: 修复 oauth2 登录时，default role 不生效的问题
 
 ## v1.0.0
 
diff --git a/worker/src/user_api/oauth2.ts b/worker/src/user_api/oauth2.ts
index 6e9c19d8..402dc280 100644
--- a/worker/src/user_api/oauth2.ts
+++ b/worker/src/user_api/oauth2.ts
@@ -2,7 +2,7 @@ import { Context } from 'hono';
 import { Jwt } from 'hono/utils/jwt'
 
 import i18n from '../i18n';
-import { getJsonSetting } from '../utils';
+import { getJsonSetting, getStringValue, getUserRoles } from '../utils';
 import { UserOauth2Settings } from '../models';
 import { CONSTANTS } from '../constants';
 
@@ -110,6 +110,21 @@ export default {
         if (!user_id) {
             return c.text(msgs.UserNotFoundMsg, 400)
         }
+        const defaultRole = getStringValue(c.env.USER_DEFAULT_ROLE);
+        if (!defaultRole) return c.json({ success: true })
+        const user_roles = getUserRoles(c);
+        if (!user_roles.find((r) => r.role === defaultRole)) {
+            return c.text(msgs.InvalidUserDefaultRoleMsg, 500);
+        }
+        // update user roles
+        const { success: success2 } = await c.env.DB.prepare(
+            `INSERT INTO user_roles (user_id, role_text)`
+            + ` VALUES (?, ?)`
+            + ` ON CONFLICT(user_id) DO NOTHING`
+        ).bind(user_id, defaultRole).run();
+        if (!success2) {
+            return c.text(msgs.FailedUpdateUserDefaultRoleMsg, 500);
+        }
         // create jwt
         const jwt = await Jwt.sign({
             user_email: email,