Merge pull request #337 from actiontech/feat-OAuth2-logout-ce

Feat o auth2 logout ce
actiontech · Dec 12, 2024 · 1f4dd43 · 1f4dd43
2 parents 8d71133 + f8dbf83
commit 1f4dd43
Show file tree

Hide file tree

Showing 12 changed files with 240 additions and 91 deletions.
diff --git a/api/dms/service/v1/configuration.go b/api/dms/service/v1/configuration.go
@@ -11,6 +11,7 @@ type GetOauth2ConfigurationResData struct {
 	ServerAuthUrl   string   `json:"server_auth_url"`
 	ServerTokenUrl  string   `json:"server_token_url"`
 	ServerUserIdUrl string   `json:"server_user_id_url"`
+	ServerLogoutUrl string   `json:"server_logout_url"`
 	Scopes          []string `json:"scopes"`
 	AccessTokenTag  string   `json:"access_token_tag"`
 	UserIdTag       string   `json:"user_id_tag"`
@@ -32,20 +33,22 @@ type Oauth2ConfigurationReq struct {
 	Oauth2Configuration Oauth2Configuration `json:"oauth2" validate:"required"`
 }
 type Oauth2Configuration struct {
-	EnableOauth2    *bool     `json:"enable_oauth2"`
-	SkipCheckState  *bool     `json:"skip_check_state"`
-	AutoCreateUser  *bool     `json:"auto_create_user"`
-	ClientID        *string   `json:"client_id"`
-	ClientKey       *string   `json:"client_key"`
-	ClientHost      *string   `json:"client_host"`
-	ServerAuthUrl   *string   `json:"server_auth_url"`
-	ServerTokenUrl  *string   `json:"server_token_url"`
-	ServerUserIdUrl *string   `json:"server_user_id_url"`
-	Scopes          *[]string `json:"scopes"`
-	AccessTokenTag  *string   `json:"access_token_tag"`
-	UserIdTag       *string   `json:"user_id_tag"`
-	UserEmailTag    *string   `json:"user_email_tag"`
-	UserWeChatTag   *string   `json:"user_wechat_tag"`
+	EnableOauth2      *bool     `json:"enable_oauth2"`
+	SkipCheckState    *bool     `json:"skip_check_state"`
+	AutoCreateUser    *bool     `json:"auto_create_user"`
+	AutoCreateUserPWD *string   `json:"auto_create_user_pwd"`
+	ClientID          *string   `json:"client_id"`
+	ClientKey         *string   `json:"client_key"`
+	ClientHost        *string   `json:"client_host"`
+	ServerAuthUrl     *string   `json:"server_auth_url"`
+	ServerTokenUrl    *string   `json:"server_token_url"`
+	ServerUserIdUrl   *string   `json:"server_user_id_url"`
+	ServerLogoutUrl   *string   `json:"server_logout_url"`
+	Scopes            *[]string `json:"scopes"`
+	AccessTokenTag    *string   `json:"access_token_tag"`
+	UserIdTag         *string   `json:"user_id_tag"`
+	UserEmailTag      *string   `json:"user_email_tag"`
+	UserWeChatTag     *string   `json:"user_wechat_tag"`
 	// Maximum: 28
 	LoginTip *string `json:"login_tip" validate:"max=28"`
 }
@@ -68,6 +71,7 @@ type BindOauth2UserReq struct {
 	UserName    string `json:"user_name" form:"user_name" validate:"required"`
 	Pwd         string `json:"pwd" form:"pwd" validate:"required"`
 	Oauth2Token string `json:"oauth2_token" form:"oauth2_token" validate:"required"`
+	IdToken     string `json:"id_token" form:"id_token"`
 }
 
 // swagger:model BindOauth2UserReply

diff --git a/api/dms/service/v1/session.go b/api/dms/service/v1/session.go
@@ -29,6 +29,18 @@ type AddSessionReply struct {
 	base.GenericResp
 }
 
+// swagger:model DelSessionReply
+type DelSessionReply struct {
+	// Del session reply
+	Data struct {
+		// Session token
+		Location string `json:"location"`
+	} `json:"data"`
+
+	// Generic reply
+	base.GenericResp
+}
+
 // swagger:parameters GetUserBySession
 type GetUserBySessionReq struct {
 	UserUid string `json:"user_uid" validate:"required"`

diff --git a/api/swagger.json b/api/swagger.json
@@ -3969,9 +3969,9 @@
         "operationId": "DelSession",
         "responses": {
           "200": {
-            "description": "GenericResp",
+            "description": "DelSessionReply",
             "schema": {
-              "$ref": "#/definitions/GenericResp"
+              "$ref": "#/definitions/DelSessionReply"
             }
           },
           "default": {
@@ -6019,6 +6019,35 @@
       },
       "x-go-package": "github.com/actiontech/dms/api/dms/service/v1"
     },
+    "DelSessionReply": {
+      "type": "object",
+      "properties": {
+        "code": {
+          "description": "code",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "Code"
+        },
+        "data": {
+          "description": "Del session reply",
+          "type": "object",
+          "properties": {
+            "location": {
+              "description": "Session token",
+              "type": "string",
+              "x-go-name": "Location"
+            }
+          },
+          "x-go-name": "Data"
+        },
+        "message": {
+          "description": "message",
+          "type": "string",
+          "x-go-name": "Message"
+        }
+      },
+      "x-go-package": "github.com/actiontech/dms/api/dms/service/v1"
+    },
     "FeishuConfigurationResData": {
       "type": "object",
       "properties": {
@@ -6520,6 +6549,10 @@
           "type": "string",
           "x-go-name": "ServerAuthUrl"
         },
+        "server_logout_url": {
+          "type": "string",
+          "x-go-name": "ServerLogoutUrl"
+        },
         "server_token_url": {
           "type": "string",
           "x-go-name": "ServerTokenUrl"
@@ -8856,6 +8889,10 @@
           "type": "boolean",
           "x-go-name": "AutoCreateUser"
         },
+        "auto_create_user_pwd": {
+          "type": "string",
+          "x-go-name": "AutoCreateUserPWD"
+        },
         "client_host": {
           "type": "string",
           "x-go-name": "ClientHost"
@@ -8888,6 +8925,10 @@
           "type": "string",
           "x-go-name": "ServerAuthUrl"
         },
+        "server_logout_url": {
+          "type": "string",
+          "x-go-name": "ServerLogoutUrl"
+        },
         "server_token_url": {
           "type": "string",
           "x-go-name": "ServerTokenUrl"

diff --git a/api/swagger.yaml b/api/swagger.yaml
@@ -1121,6 +1121,28 @@ definitions:
                 x-go-name: DBServiceUid
         type: object
         x-go-package: github.com/actiontech/dms/api/dms/service/v1
+    DelSessionReply:
+        properties:
+            code:
+                description: code
+                format: int64
+                type: integer
+                x-go-name: Code
+            data:
+                description: Del session reply
+                properties:
+                    location:
+                        description: Session token
+                        type: string
+                        x-go-name: Location
+                type: object
+                x-go-name: Data
+            message:
+                description: message
+                type: string
+                x-go-name: Message
+        type: object
+        x-go-package: github.com/actiontech/dms/api/dms/service/v1
     FeishuConfigurationResData:
         properties:
             app_id:
@@ -1502,6 +1524,9 @@ definitions:
             server_auth_url:
                 type: string
                 x-go-name: ServerAuthUrl
+            server_logout_url:
+                type: string
+                x-go-name: ServerLogoutUrl
             server_token_url:
                 type: string
                 x-go-name: ServerTokenUrl
@@ -3406,6 +3431,9 @@ definitions:
             auto_create_user:
                 type: boolean
                 x-go-name: AutoCreateUser
+            auto_create_user_pwd:
+                type: string
+                x-go-name: AutoCreateUserPWD
             client_host:
                 type: string
                 x-go-name: ClientHost
@@ -3430,6 +3458,9 @@ definitions:
             server_auth_url:
                 type: string
                 x-go-name: ServerAuthUrl
+            server_logout_url:
+                type: string
+                x-go-name: ServerLogoutUrl
             server_token_url:
                 type: string
                 x-go-name: ServerTokenUrl
@@ -7391,9 +7422,9 @@ paths:
             operationId: DelSession
             responses:
                 "200":
-                    description: GenericResp
+                    description: DelSessionReply
                     schema:
-                        $ref: '#/definitions/GenericResp'
+                        $ref: '#/definitions/DelSessionReply'
                 default:
                     description: GenericResp
                     schema:

diff --git a/internal/apiserver/service/dms_controller.go b/internal/apiserver/service/dms_controller.go
@@ -1,7 +1,9 @@
 package service
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -566,9 +568,18 @@ func (a *DMSController) AddSession(c echo.Context) error {
 // del a session.
 //
 //	responses:
-//	  200: body:GenericResp
+//	  200: body:DelSessionReply
 //	  default: body:GenericResp
 func (a *DMSController) DelSession(c echo.Context) error {
+	uid, err := jwt.GetUserUidStrFromContext(c)
+	if err != nil {
+		return NewErrResp(c, err, apiError.BadRequestErr)
+	}
+	redirectUri, err := a.DMS.Oauth2ConfigurationUsecase.Logout(c.Request().Context(), uid)
+	if err != nil {
+		return NewErrResp(c, err, apiError.DMSServiceErr)
+	}
+
 	cookie, err := c.Cookie(constant.DMSToken)
 	if err != nil {
 		return NewErrResp(c, err, apiError.DMSServiceErr)
@@ -577,7 +588,18 @@ func (a *DMSController) DelSession(c echo.Context) error {
 	cookie.Path = "/"
 	c.SetCookie(cookie)
 	a.CloudbeaverService.Logout(cookie.Value)
-	return NewOkResp(c)
+
+	reply := &aV1.DelSessionReply{Data: struct {
+		Location string `json:"location"`
+	}{Location: redirectUri}}
+	buf := &bytes.Buffer{}
+	enc := json.NewEncoder(buf)
+	enc.SetEscapeHTML(false) // 避免将location中的 & 编码为 \u0026
+	if err = enc.Encode(reply); err != nil {
+		return NewErrResp(c, err, apiError.APIServerErr)
+	}
+
+	return c.JSONBlob(http.StatusOK, buf.Bytes())
 }
 
 // swagger:route GET /v1/dms/sessions/user Session GetUserBySession

diff --git a/internal/apiserver/service/router.go b/internal/apiserver/service/router.go
@@ -5,6 +5,7 @@ import (
 	"compress/gzip"
 	"fmt"
 	"io"
+	"net/http"
 	"strings"
 
 	dmsMiddleware "github.com/actiontech/dms/internal/apiserver/middleware"
@@ -305,7 +306,7 @@ func (s *APIServer) installMiddleware() error {
 	s.echo.Use(echojwt.WithConfig(echojwt.Config{
 		Skipper: middleware.Skipper(func(c echo.Context) bool {
 			logger := log.NewHelper(log.With(pkgLog.NewKLogWrapper(s.logger), "middleware", "jwt"))
-			if strings.HasSuffix(c.Request().RequestURI, dmsV1.SessionRouterGroup) ||
+			if strings.HasSuffix(c.Request().RequestURI, dmsV1.SessionRouterGroup) && c.Request().Method != http.MethodDelete ||
 				strings.HasPrefix(c.Request().RequestURI, "/v1/dms/oauth2" /* TODO 使用统一方法skip */) ||
 				strings.HasPrefix(c.Request().RequestURI, "/v1/dms/personalization/logo") ||
 				strings.HasPrefix(c.Request().RequestURI, "/v1/dms/configurations/license" /* TODO 使用统一方法skip */) ||

diff --git a/internal/dms/biz/oauth2_configuration.go b/internal/dms/biz/oauth2_configuration.go
@@ -15,23 +15,26 @@ import (
 type Oauth2Configuration struct {
 	Base
 
-	UID             string
-	EnableOauth2    bool
-	SkipCheckState  bool
-	AutoCreateUser  bool
-	ClientID        string
-	ClientKey       string
-	ClientSecret    string
-	ClientHost      string
-	ServerAuthUrl   string
-	ServerTokenUrl  string
-	ServerUserIdUrl string
-	Scopes          []string
-	AccessTokenTag  string
-	UserIdTag       string
-	UserEmailTag    string
-	UserWeChatTag   string
-	LoginTip        string
+	UID                  string
+	EnableOauth2         bool
+	SkipCheckState       bool
+	AutoCreateUser       bool
+	AutoCreateUserPWD    string
+	AutoCreateUserSecret string
+	ClientID             string
+	ClientKey            string
+	ClientSecret         string
+	ClientHost           string
+	ServerAuthUrl        string
+	ServerTokenUrl       string
+	ServerUserIdUrl      string
+	ServerLogoutUrl      string
+	Scopes               []string
+	AccessTokenTag       string
+	UserIdTag            string
+	UserEmailTag         string
+	UserWeChatTag        string
+	LoginTip             string
 }
 
 func initOauth2Configuration() (*Oauth2Configuration, error) { //nolint

diff --git a/internal/dms/biz/oauth2_configuration_ce.go b/internal/dms/biz/oauth2_configuration_ce.go
@@ -9,7 +9,7 @@ import (
 
 var errNotSupportOauth2 = errors.New("oauth2 related functions are enterprise version functions")
 
-func (d *Oauth2ConfigurationUsecase) UpdateOauth2Configuration(ctx context.Context, enableOauth2, skipCheckState, autoCreateUser *bool, clientID, clientKey, clientHost, serverAuthUrl, serverTokenUrl, serverUserIdUrl,
+func (d *Oauth2ConfigurationUsecase) UpdateOauth2Configuration(ctx context.Context, enableOauth2, skipCheckState, autoCreateUser *bool, autoCreateUserPWD, clientID, clientKey, clientHost, serverAuthUrl, serverTokenUrl, serverUserIdUrl, serverLogoutUrl,
 	accessTokenTag, userIdTag, userWechatTag, userEmailTag, loginTip *string, scopes *[]string) error {
 
 	return errNotSupportOauth2
@@ -27,6 +27,10 @@ func (d *Oauth2ConfigurationUsecase) GenerateCallbackUri(ctx context.Context, st
 	return "", "", errNotSupportOauth2
 }
 
-func (d *Oauth2ConfigurationUsecase) BindOauth2User(ctx context.Context, oauth2Token, userName, password string) (token string, err error) {
+func (d *Oauth2ConfigurationUsecase) BindOauth2User(ctx context.Context, oauth2Token, idToken, userName, password string) (token string, err error) {
 	return "", errNotSupportOauth2
 }
+
+func (d *Oauth2ConfigurationUsecase) Logout(ctx context.Context, uid string) (string, error) {
+	return "", nil
+}
diff --git a/internal/dms/biz/user.go b/internal/dms/biz/user.go
@@ -76,6 +76,7 @@ type User struct {
 	Password               string
 	ThirdPartyUserID       string
 	ThirdPartyUserInfo     string
+	ThirdPartyIdToken      string
 	Email                  string
 	Phone                  string
 	WxID                   string
@@ -144,6 +145,7 @@ func newUser(args *CreateUserArgs) (*User, error) {
 		UserAuthenticationType: args.UserAuthenticationType,
 		ThirdPartyUserID:       args.ThirdPartyUserID,
 		ThirdPartyUserInfo:     args.ThirdPartyUserInfo,
+		ThirdPartyIdToken:      args.ThirdPartyIdToken,
 		Stat:                   UserStatOK,
 	}, nil
 }
@@ -422,6 +424,7 @@ type CreateUserArgs struct {
 	Password               string
 	ThirdPartyUserID       string
 	ThirdPartyUserInfo     string
+	ThirdPartyIdToken      string
 	Email                  string
 	Phone                  string
 	WxID                   string