add google sso support

eja · Sep 4, 2024 · 5028d92 · 5028d92
1 parent b9cda22
commit 5028d92
Show file tree

Hide file tree

Showing 12 changed files with 74 additions and 4 deletions.
diff --git a/api/main.go b/api/main.go
@@ -39,6 +39,15 @@ func Run(eja TypeApi, sessionSave bool) (result TypeApi, err error) {
 			}
 		}
 	}
+	if eja.Values["googleSsoToken"] != "" {
+		ssoUsername := googleSsoEmail(eja.Values["googleSsoToken"])
+		if ssoUsername != "" {
+			user = db.UserGetAllByUsername(ssoUsername)
+		}
+		if len(user) > 0 {
+			eja.Session = db.SessionInit(db.Number(user["ejaId"]))
+		}
+	}
 	if eja.Session != "" {
 		if len(user) == 0 {
 			user = db.UserGetAllBySession(eja.Session)

diff --git a/api/misc.go b/api/misc.go
@@ -3,7 +3,10 @@
 package api
 
 import (
+	"encoding/json"
 	"fmt"
+	"net/http"
+
 	"github.com/eja/tibula/log"
 	"github.com/eja/tibula/sys"
 )
@@ -23,3 +26,19 @@ func alert(array *[]string, format string, args ...interface{}) {
 		log.Trace("[api] [alert]", row)
 	}
 }
+
+func googleSsoEmail(token string) (email string) {
+	resp, err := http.Get("https://oauth2.googleapis.com/tokeninfo?id_token=" + token)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusOK {
+		var result map[string]interface{}
+		if err := json.NewDecoder(resp.Body).Decode(&result); err == nil {
+			email, _ = result["email"].(string)
+		}
+	}
+	return
+}
diff --git a/api/types.go b/api/types.go
@@ -44,4 +44,5 @@ type TypeApi struct {
 	SqlQueryArgs       []interface{}       `json:"SqlQueryArgs,omitempty"`
 	Tree               []db.TypeModuleTree `json:"Tree,omitempty"`
 	Values             map[string]string   `json:"Values,omitempty"`
+	GoogleSsoId        string              `json:"GoogleSsoId,omitempty"`
 }
diff --git a/db/session.go b/db/session.go
@@ -86,6 +86,11 @@ func (session *TypeSession) SessionCleanSearch(userId int64) error {
 
 // SessionReset removes all session variables for a specified user from the database.
 func (session *TypeSession) SessionReset(userId int64) error {
-	_, err := session.Run("DELETE FROM ejaSessions WHERE ejaOwner=?", userId)
-	return err
+	if _, err := session.Run("DELETE FROM ejaSessions WHERE ejaOwner=?", userId); err != nil {
+		return err
+	}
+	if _, err := session.Run("UPDATE ejaUsers SET ejaSession='' WHERE ejaId=?", userId); err != nil {
+		return err
+	}
+	return nil
 }
diff --git a/db/user.go b/db/user.go
@@ -20,6 +20,12 @@ func (session *TypeSession) UserGetAllBySession(sessionHash string) TypeRow {
 	return result
 }
 
+// UserGetAllByUsername retrieves user information based on the provided username.
+func (session *TypeSession) UserGetAllByUsername(username string) TypeRow {
+	result, _ := session.Row("SELECT * FROM ejaUsers WHERE username=?", username)
+	return result
+}
+
 // UserPermissionCopy copies user permissions from one module to another.
 func (session *TypeSession) UserPermissionCopy(userId int64, moduleId int64) {
 	session.Run(`

diff --git a/sys/configure.go b/sys/configure.go
@@ -32,6 +32,7 @@ func Configure() error {
 	flag.StringVar(&Options.Language, "language", "en", "default language code")
 	flag.StringVar(&Options.LogFile, "log-file", "", "log file")
 	flag.IntVar(&Options.LogLevel, "log-level", 3, "set the log level (1-5): 1=Error, 2=Warn, 3=Info, 4=Debug, 5=Trace")
+	flag.StringVar(&Options.GoogleSsoId, "google-sso-id", "", "google sso client id")
 	flag.Parse()
 
 	parse := false

diff --git a/sys/main.go b/sys/main.go
@@ -3,7 +3,7 @@
 package sys
 
 const Name = "Tibula"
-const Version = "17.6.28"
+const Version = "17.9.4"
 
 var Options TypeConfig
 var Commands TypeCommand
diff --git a/sys/types.go b/sys/types.go
@@ -25,6 +25,7 @@ type TypeConfig struct {
 	Language      string `json:"language,omitempty"`
 	LogLevel      int    `json:"log_level,omitempty"`
 	LogFile       string `json:"log_file,omitempty"`
+	GoogleSsoId   string `json:"google_sso_id,omitempty"`
 }
 
 type TypeCommand struct {

diff --git a/web/assets/static/js/tibula.js b/web/assets/static/js/tibula.js
@@ -81,6 +81,17 @@ function fieldEditor(name) {
 	}
 }
 
+function googleSsoLogin() {
+	google.accounts.id.initialize({
+		client_id: document.getElementsByName('ejaGoogleSsoId')[0].value, 
+		callback: function(e) {
+			document.getElementsByName('ejaValues[googleSsoToken]')[0].value=e.credential
+			document.getElementById('ejaForm').submit()
+		}
+	})
+	google.accounts.id.prompt();
+}
+
 var editors = [];
 
 var toasts = document.querySelectorAll('.toast');
@@ -93,6 +104,12 @@ toasts.forEach(function (toast) {
 
 document.getElementById('ejaForm').addEventListener('submit', function(event) {
 	for (var key in editors) {
-		editors[key].save()
+		editors[key].save();
 	}
 });
+
+window.onload = function() {
+	if (document.getElementsByName('ejaGoogleSsoId').length > 0) {
+		googleSsoLogin();
+	}
+}
diff --git a/web/assets/templates/Login.html b/web/assets/templates/Login.html
@@ -13,6 +13,10 @@ <h2 class="text-center mt-2">Tibula</h2>
 				</div>
 				<div class="mb-3 text-center">
 					<button type="submit" name="ejaAction" value="login" class="btn btn-primary">Login</button>
+{{if .GoogleSsoId }}
+					<input type="hidden" name="ejaGoogleSsoId" value="{{.GoogleSsoId}}">
+					<input type="hidden" name="ejaValues[googleSsoToken]" value="">
+{{end}}
 				</div>
 			</div>
 		</div>

diff --git a/web/assets/templates/foot.html b/web/assets/templates/foot.html
@@ -2,5 +2,8 @@
 <script src="/static/js/bootstrap.js"></script>
 <script src="/static/js/suneditor.min.js"></script>
 <script src="/static/js/tibula.js"></script>
+{{if .GoogleSsoId}}
+<script src="https://accounts.google.com/gsi/client"></script>
+{{end}}
 </body>
 </html>
diff --git a/web/core.go b/web/core.go
@@ -133,6 +133,10 @@ func Core(w http.ResponseWriter, r *http.Request) {
 			templateFile = eja.ActionType + ".html"
 		}
 
+		if sys.Options.GoogleSsoId != "" {
+			eja.GoogleSsoId = sys.Options.GoogleSsoId
+		}
+
 		var tpl *template.Template
 		if sys.Options.WebPath != "" {
 			tpl, err = template.ParseGlob(filepath.Join(sys.Options.WebPath, "templates", "*.html"))