feat: add Discord OAuth

2025-11-16 21:23:44 +08:00 · 2023-07-24 12:20:52 +08:00
parent bc2f48b1f2
commit 4908a9eddc
14 changed files with 461 additions and 11 deletions
--- a/controller/discord.go
+++ b/controller/discord.go
@@ -0,0 +1,244 @@
+package controller
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"one-api/common"
+	"one-api/model"
+	"strconv"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+)
+
+type DiscordOAuthResponse struct {
+	AccessToken string `json:"access_token"`
+	Scope       string `json:"scope"`
+	TokenType   string `json:"token_type"`
+}
+
+type DiscordUser struct {
+	Id       string `json:"id"`
+	Verified bool   `json:"verified"`
+	Username string `json:"username"`
+}
+
+func getDiscordUserInfoByCode(codeFromURLParamaters string, host string) (*DiscordUser, error) {
+	if codeFromURLParamaters == "" {
+		return nil, errors.New("无效参数")
+	}
+
+	RequestClient := &http.Client{}
+
+	accessTokenBody := bytes.NewBuffer([]byte(fmt.Sprintf(
+		"client_id=%s&client_secret=%s&grant_type=authorization_code&redirect_uri=%s/oauth/discord&code=%s&scope=identify",
+		common.DiscordClientId, common.DiscordClientSecret, host, codeFromURLParamaters,
+	)))
+
+	req, _ := http.NewRequest("POST",
+		"https://discordapp.com/api/oauth2/token",
+		accessTokenBody,
+	)
+
+	req.Header = http.Header{
+		"Content-Type": []string{"application/x-www-form-urlencoded"},
+		"Accept":       []string{"application/json"},
+	}
+
+	resp, err := RequestClient.Do(req)
+
+	if resp.StatusCode != 200 || err != nil {
+		return nil, errors.New("访问令牌无效")
+	}
+
+	var discordOAuthResponse DiscordOAuthResponse
+
+	json.NewDecoder(resp.Body).Decode(&discordOAuthResponse)
+
+	accessToken := fmt.Sprintf("Bearer %s", discordOAuthResponse.AccessToken)
+
+	// Get User Info
+	req, _ = http.NewRequest("GET", "https://discord.com/api/users/@me", nil)
+
+	req.Header = http.Header{
+		"Content-Type":  []string{"application/json"},
+		"Authorization": []string{accessToken},
+	}
+
+	defer resp.Body.Close()
+
+	resp, err = RequestClient.Do(req)
+
+	if resp.StatusCode != 200 || err != nil {
+		return nil, errors.New("Discord 用户信息无效")
+	}
+
+	var discordUser DiscordUser
+
+	json.NewDecoder(resp.Body).Decode(&discordUser)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if discordUser.Id == "" {
+		return nil, errors.New("返回值无效，用户字段为空，请稍后再试！")
+	}
+
+	if discordUser.Verified == false {
+		return nil, errors.New("Discord 帐户未经验证！")
+	}
+
+	defer resp.Body.Close()
+
+	return &discordUser, nil
+}
+
+func DiscordOAuth(c *gin.Context) {
+	session := sessions.Default(c)
+	username := session.Get("username")
+	if username != nil {
+		DiscordBind(c)
+		return
+	}
+
+	if !common.DiscordOAuthEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 Discord 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+
+	// Get protocal whether http or https and host
+	host := c.Request.Host
+	if c.Request.TLS == nil {
+		host = "http://" + host
+	} else {
+		host = "https://" + host
+	}
+
+	discordUser, err := getDiscordUserInfoByCode(code, host)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		DiscordId: discordUser.Id,
+	}
+	if model.IsDiscordIdAlreadyTaken(user.DiscordId) {
+		err := user.FillUserByDiscordId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	} else {
+		if common.RegisterEnabled {
+			user.Username = "discord_" + strconv.Itoa(model.GetMaxUserId()+1)
+			if discordUser.Username != "" {
+				user.DisplayName = discordUser.Username
+			} else {
+				user.DisplayName = "Discord User"
+			}
+			user.Role = common.RoleCommonUser
+			user.Status = common.UserStatusEnabled
+
+			if err := user.Insert(0); err != nil {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": err.Error(),
+				})
+				return
+			}
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员关闭了新用户注册",
+			})
+			return
+		}
+	}
+
+	if user.Status != common.UserStatusEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "用户已被封禁",
+			"success": false,
+		})
+		return
+	}
+	setupLogin(&user, c)
+}
+
+func DiscordBind(c *gin.Context) {
+	if !common.DiscordOAuthEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 Discord 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+
+	// Get protocal whether http or https and host
+	host := c.Request.Host
+	if c.Request.TLS == nil {
+		host = "http://" + host
+	} else {
+		host = "https://" + host
+	}
+
+	discordUser, err := getDiscordUserInfoByCode(code, host)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		DiscordId: discordUser.Id,
+	}
+	if model.IsDiscordIdAlreadyTaken(user.DiscordId) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "该 Discord 账户已被绑定",
+		})
+		return
+	}
+	session := sessions.Default(c)
+	id := session.Get("id")
+	// id := c.GetInt("id")  // critical bug!
+	user.Id = id.(int)
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.DiscordId = discordUser.Id
+	err = user.Update(false)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "bind",
+	})
+	return
+}
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -3,10 +3,11 @@ package controller
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"net/http"
 	"one-api/common"
 	"one-api/model"
+
+	"github.com/gin-gonic/gin"
 )

 func GetStatus(c *gin.Context) {
@@ -19,6 +20,8 @@ func GetStatus(c *gin.Context) {
 			"email_verification":  common.EmailVerificationEnabled,
 			"github_oauth":        common.GitHubOAuthEnabled,
 			"github_client_id":    common.GitHubClientId,
+			"discord_oauth":       common.DiscordOAuthEnabled,
+			"discord_client_id":   common.DiscordClientId,
 			"system_name":         common.SystemName,
 			"logo":                common.Logo,
 			"footer_html":         common.Footer,
--- a/controller/option.go
+++ b/controller/option.go
@@ -2,11 +2,12 @@ package controller

 import (
 	"encoding/json"
-	"github.com/gin-gonic/gin"
 	"net/http"
 	"one-api/common"
 	"one-api/model"
 	"strings"
+
+	"github.com/gin-gonic/gin"
 )

 func GetOptions(c *gin.Context) {
@@ -49,6 +50,14 @@ func UpdateOption(c *gin.Context) {
 			})
 			return
 		}
+	case "DiscordOAuthEnabled":
+		if option.Value == "true" && common.DiscordClientId == "" {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法启用 Discord OAuth，请先填入 Discord Client ID 以及 Discord Client Secret！",
+			})
+			return
+		}
 	case "WeChatAuthEnabled":
 		if option.Value == "true" && common.WeChatServerAddress == "" {
 			c.JSON(http.StatusOK, gin.H{