mirror of
https://github.com/nagisa77/OpenIsle.git
synced 2026-07-16 09:36:08 +00:00
feat: 各种登录方式传入invite_token
This commit is contained in:
@@ -20,7 +20,8 @@ async function generateCodeChallenge(codeVerifier) {
|
||||
.replace(/=+$/, '')
|
||||
}
|
||||
|
||||
export async function twitterAuthorize(state = '') {
|
||||
// 邀请码明文放入 state;同时生成 csrf 放入 state 并在回调校验
|
||||
export async function twitterAuthorize(inviteToken = '') {
|
||||
const config = useRuntimeConfig()
|
||||
const WEBSITE_BASE_URL = config.public.websiteBaseUrl
|
||||
const TWITTER_CLIENT_ID = config.public.twitterClientId
|
||||
@@ -28,17 +29,30 @@ export async function twitterAuthorize(state = '') {
|
||||
toast.error('Twitter 登录不可用')
|
||||
return
|
||||
}
|
||||
if (state === '') {
|
||||
state = Math.random().toString(36).substring(2, 15)
|
||||
}
|
||||
|
||||
const redirectUri = `${WEBSITE_BASE_URL}/twitter-callback`
|
||||
|
||||
// PKCE
|
||||
const codeVerifier = generateCodeVerifier()
|
||||
sessionStorage.setItem('twitter_code_verifier', codeVerifier)
|
||||
const codeChallenge = await generateCodeChallenge(codeVerifier)
|
||||
|
||||
// CSRF + 邀请码一起放入 state
|
||||
const csrf = Math.random().toString(36).slice(2)
|
||||
sessionStorage.setItem('twitter_csrf_state', csrf)
|
||||
const state = new URLSearchParams({
|
||||
csrf,
|
||||
invite_token: inviteToken || '',
|
||||
}).toString()
|
||||
|
||||
const url =
|
||||
`https://x.com/i/oauth2/authorize?response_type=code&client_id=${TWITTER_CLIENT_ID}` +
|
||||
`&redirect_uri=${encodeURIComponent(redirectUri)}&scope=tweet.read%20users.read` +
|
||||
`&state=${state}&code_challenge=${codeChallenge}&code_challenge_method=S256`
|
||||
`https://x.com/i/oauth2/authorize?response_type=code&client_id=${encodeURIComponent(TWITTER_CLIENT_ID)}` +
|
||||
`&redirect_uri=${encodeURIComponent(redirectUri)}` +
|
||||
`&scope=${encodeURIComponent('tweet.read users.read')}` +
|
||||
`&state=${encodeURIComponent(state)}` +
|
||||
`&code_challenge=${encodeURIComponent(codeChallenge)}` +
|
||||
`&code_challenge_method=S256`
|
||||
|
||||
window.location.href = url
|
||||
}
|
||||
|
||||
@@ -46,8 +60,29 @@ export async function twitterExchange(code, state, reason) {
|
||||
try {
|
||||
const config = useRuntimeConfig()
|
||||
const API_BASE_URL = config.public.apiBaseUrl
|
||||
|
||||
// 取出并清理 PKCE/CSRF
|
||||
const codeVerifier = sessionStorage.getItem('twitter_code_verifier')
|
||||
sessionStorage.removeItem('twitter_code_verifier')
|
||||
|
||||
const savedCsrf = sessionStorage.getItem('twitter_csrf_state')
|
||||
sessionStorage.removeItem('twitter_csrf_state')
|
||||
|
||||
// 从 state 解析 csrf 与 invite_token
|
||||
let parsedCsrf = ''
|
||||
let inviteToken = ''
|
||||
try {
|
||||
const sp = new URLSearchParams(state || '')
|
||||
parsedCsrf = sp.get('csrf') || ''
|
||||
inviteToken = sp.get('invite_token') || sp.get('invitetoken') || ''
|
||||
} catch {}
|
||||
|
||||
// 简单 CSRF 校验(存在才校验,避免误杀老会话)
|
||||
if (savedCsrf && parsedCsrf && savedCsrf !== parsedCsrf) {
|
||||
toast.error('登录状态校验失败,请重试')
|
||||
return { success: false, needReason: false, error: 'state mismatch' }
|
||||
}
|
||||
|
||||
const res = await fetch(`${API_BASE_URL}/api/auth/twitter`, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
@@ -57,8 +92,10 @@ export async function twitterExchange(code, state, reason) {
|
||||
reason,
|
||||
state,
|
||||
codeVerifier,
|
||||
inviteToken,
|
||||
}),
|
||||
})
|
||||
|
||||
const data = await res.json()
|
||||
if (res.ok && data.token) {
|
||||
setToken(data.token)
|
||||
@@ -77,6 +114,7 @@ export async function twitterExchange(code, state, reason) {
|
||||
return { success: false, needReason: false, error: data.error || '登录失败' }
|
||||
}
|
||||
} catch (e) {
|
||||
console.error(e)
|
||||
toast.error('登录失败')
|
||||
return { success: false, needReason: false, error: '登录失败' }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user