mirror of
https://github.com/certd/certd.git
synced 2026-04-20 09:50:50 +08:00
xiaojunnuo
103 lines
2.7 KiB
TypeScript
103 lines
2.7 KiB
TypeScript
import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
|
|
import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
|
|
|
|
@IsAddon({
|
|
addonType: "oauth",
|
|
name: 'google',
|
|
title: 'Google认证',
|
|
desc: 'Google OAuth2登录',
|
|
icon:"simple-icons:google",
|
|
showTest: false,
|
|
})
|
|
export class GoogleOauthProvider extends BaseAddon implements IOauthProvider {
|
|
|
|
@AddonInput({
|
|
title: "ClientId",
|
|
helper: "[Google Cloud Console](https://console.cloud.google.com/apis/credentials)创建应用后获取",
|
|
required: true,
|
|
})
|
|
clientId = "";
|
|
|
|
@AddonInput({
|
|
title: "ClientSecretKey",
|
|
component: {
|
|
placeholder: "ClientSecretKey / appSecretKey",
|
|
},
|
|
required: true,
|
|
})
|
|
clientSecretKey = "";
|
|
|
|
async buildLoginUrl(params: BuildLoginUrlReq) {
|
|
|
|
let scope = "email profile" // Scope of the access request
|
|
let state:any = {
|
|
forType: params.forType || 'login',
|
|
}
|
|
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
|
|
|
const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth"
|
|
const redirectUrl = encodeURIComponent(params.redirectUri)
|
|
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
|
return {
|
|
loginUrl,
|
|
ticketValue: {
|
|
state,
|
|
},
|
|
};
|
|
}
|
|
|
|
async onCallback(req: OnCallbackReq) {
|
|
|
|
const code = req.code || ""
|
|
|
|
const tokenEndpoint = "https://oauth2.googleapis.com/token"
|
|
|
|
const uri = new URL(req.currentURL)
|
|
const redirectUri = `${uri.origin}${uri.pathname}`
|
|
const res = await this.ctx.utils.http.request( {
|
|
url: tokenEndpoint,
|
|
method: "post",
|
|
headers: {
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
},
|
|
data:{
|
|
client_id: this.clientId,
|
|
client_secret: this.clientSecretKey,
|
|
code,
|
|
redirect_uri: redirectUri,
|
|
grant_type: "authorization_code"
|
|
}
|
|
})
|
|
|
|
const tokens = res
|
|
|
|
const userInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo"
|
|
|
|
// 获取用户信息
|
|
const userInfoRes = await this.ctx.utils.http.request( {
|
|
url: userInfoEndpoint,
|
|
method: "get",
|
|
headers: {
|
|
"Authorization": `Bearer ${tokens.access_token}`
|
|
}
|
|
})
|
|
const userInfo = userInfoRes
|
|
|
|
return {
|
|
token:{
|
|
accessToken: tokens.access_token,
|
|
refreshToken: tokens.refresh_token,
|
|
expiresIn: tokens.expires_in,
|
|
},
|
|
userInfo: {
|
|
openId: userInfo.sub,
|
|
nickName: userInfo.name || userInfo.email || "",
|
|
avatar: userInfo.picture,
|
|
},
|
|
}
|
|
};
|
|
|
|
async buildLogoutUrl(params: BuildLogoutUrlReq) {
|
|
return {};
|
|
}
|
|
} |