From adfff3cbe395cf442b5c73c3527097aa7fe01453 Mon Sep 17 00:00:00 2001 From: 0xZensh Date: Wed, 20 Sep 2023 11:14:13 +0800 Subject: [PATCH] support wechat_h5 as oauth2 idp. --- go.mod | 2 +- go.sum | 4 ++-- src/api/authn.go | 12 +++++++++--- src/bll/authn.go | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index a67bc42..5d927cf 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/aliyun/aliyun-oss-go-sdk v2.2.9+incompatible github.com/fxamacker/cbor/v2 v2.5.0 github.com/google/uuid v1.3.1 - github.com/klauspost/compress v1.16.7 + github.com/klauspost/compress v1.17.0 github.com/ldclabs/cose v1.1.2 github.com/mssola/useragent v1.0.0 github.com/rs/xid v1.5.0 diff --git a/go.sum b/go.sum index fda954c..3eca02f 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= +github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/ldclabs/cose v1.1.2 h1:kq8IkpCiTM2jcynmPbEUH4dPQ4tM8+qQewKMvuC/ljo= github.com/ldclabs/cose v1.1.2/go.mod h1:M52HratClumnAkI1icUIUljX4fWfZL7kF80hh6ijGrQ= github.com/mssola/useragent v1.0.0 h1:WRlDpXyxHDNfvZaPEut5Biveq86Ze4o4EMffyMxmH5o= diff --git a/src/api/authn.go b/src/api/authn.go index 7678547..506d9a8 100644 --- a/src/api/authn.go +++ b/src/api/authn.go @@ -56,6 +56,11 @@ func NewAuth(blls *bll.Blls, cfg *conf.ConfigTpl) *AuthN { AuthURL: "https://open.weixin.qq.com/connect/qrconnect", TokenURL: "https://api.weixin.qq.com/sns/oauth2/access_token", } + case "wechat_h5": + endpoint = oauth2.Endpoint{ + AuthURL: "https://open.weixin.qq.com/connect/oauth2/authorize", + TokenURL: "https://api.weixin.qq.com/sns/oauth2/access_token", + } case "google": endpoint = endpoints.Google default: @@ -253,12 +258,12 @@ func (a *AuthN) getAuthCodeURL(idp, state string) string { provider := a.providers[idp] uri := provider.AuthCodeURL(state) switch idp { - case "wechat": + case "wechat", "wechat_h5": // https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html uri = strings.Replace(uri, "client_id", "appid", 1) uri += "#wechat_redirect" } - fmt.Println(idp, uri) + return uri } @@ -269,7 +274,7 @@ func (a *AuthN) exchange(ctx context.Context, idp, code string) (*bll.AuthNInput rt := &bll.AuthNInput{} switch idp { - case "wechat": + case "wechat", "wechat_h5": v := url.Values{ "appid": {provider.ClientID}, "secret": {provider.ClientSecret}, @@ -277,6 +282,7 @@ func (a *AuthN) exchange(ctx context.Context, idp, code string) (*bll.AuthNInput "grant_type": {"authorization_code"}, } // https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html + // https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/Wechat_webpage_authorization.html uri := provider.Endpoint.TokenURL + "?" + v.Encode() type wechatToken struct { diff --git a/src/bll/authn.go b/src/bll/authn.go index 4ddcfce..4898361 100644 --- a/src/bll/authn.go +++ b/src/bll/authn.go @@ -28,7 +28,7 @@ func (b *AuthN) LoginOrNew(ctx context.Context, input *AuthNInput) (*AuthNSessio func (b *AuthN) updateUserPicture(gctx context.Context, input *AuthNSessionOutput, imgUrl string) { picture := input.Sub.Base64() - if imgUrl == "" || (input.Picture != "" && !strings.HasSuffix(input.Picture, picture)) { + if imgUrl == "" || (input.Picture != "" && strings.HasPrefix(input.Picture, conf.Config.OSS.UrlBase) && !strings.HasSuffix(input.Picture, picture)) { return }