support wechat_h5 as oauth2 idp.

yiwen-ai · Sep 20, 2023 · adfff3c · adfff3c
1 parent 0afdfbb
commit adfff3c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 7 deletions.
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/aliyun/aliyun-oss-go-sdk v2.2.9+incompatible
 	github.com/fxamacker/cbor/v2 v2.5.0
 	github.com/google/uuid v1.3.1
-	github.com/klauspost/compress v1.16.7
+	github.com/klauspost/compress v1.17.0
 	github.com/ldclabs/cose v1.1.2
 	github.com/mssola/useragent v1.0.0
 	github.com/rs/xid v1.5.0

diff --git a/go.sum b/go.sum
@@ -22,8 +22,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
-github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
+github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/ldclabs/cose v1.1.2 h1:kq8IkpCiTM2jcynmPbEUH4dPQ4tM8+qQewKMvuC/ljo=
 github.com/ldclabs/cose v1.1.2/go.mod h1:M52HratClumnAkI1icUIUljX4fWfZL7kF80hh6ijGrQ=
 github.com/mssola/useragent v1.0.0 h1:WRlDpXyxHDNfvZaPEut5Biveq86Ze4o4EMffyMxmH5o=

diff --git a/src/api/authn.go b/src/api/authn.go
@@ -56,6 +56,11 @@ func NewAuth(blls *bll.Blls, cfg *conf.ConfigTpl) *AuthN {
 				AuthURL:  "https://open.weixin.qq.com/connect/qrconnect",
 				TokenURL: "https://api.weixin.qq.com/sns/oauth2/access_token",
 			}
+		case "wechat_h5":
+			endpoint = oauth2.Endpoint{
+				AuthURL:  "https://open.weixin.qq.com/connect/oauth2/authorize",
+				TokenURL: "https://api.weixin.qq.com/sns/oauth2/access_token",
+			}
 		case "google":
 			endpoint = endpoints.Google
 		default:
@@ -253,12 +258,12 @@ func (a *AuthN) getAuthCodeURL(idp, state string) string {
 	provider := a.providers[idp]
 	uri := provider.AuthCodeURL(state)
 	switch idp {
-	case "wechat":
+	case "wechat", "wechat_h5":
 		// https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
 		uri = strings.Replace(uri, "client_id", "appid", 1)
 		uri += "#wechat_redirect"
 	}
-	fmt.Println(idp, uri)
+
 	return uri
 }
 
@@ -269,14 +274,15 @@ func (a *AuthN) exchange(ctx context.Context, idp, code string) (*bll.AuthNInput
 	rt := &bll.AuthNInput{}
 
 	switch idp {
-	case "wechat":
+	case "wechat", "wechat_h5":
 		v := url.Values{
 			"appid":      {provider.ClientID},
 			"secret":     {provider.ClientSecret},
 			"code":       {code},
 			"grant_type": {"authorization_code"},
 		}
 		// https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
+		// https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/Wechat_webpage_authorization.html
 		uri := provider.Endpoint.TokenURL + "?" + v.Encode()
 
 		type wechatToken struct {

diff --git a/src/bll/authn.go b/src/bll/authn.go
@@ -28,7 +28,7 @@ func (b *AuthN) LoginOrNew(ctx context.Context, input *AuthNInput) (*AuthNSessio
 
 func (b *AuthN) updateUserPicture(gctx context.Context, input *AuthNSessionOutput, imgUrl string) {
 	picture := input.Sub.Base64()
-	if imgUrl == "" || (input.Picture != "" && !strings.HasSuffix(input.Picture, picture)) {
+	if imgUrl == "" || (input.Picture != "" && strings.HasPrefix(input.Picture, conf.Config.OSS.UrlBase) && !strings.HasSuffix(input.Picture, picture)) {
 		return
 	}