jiazhizhong/OpenIsle
1
0
Fork 0
mirror of https://github.com/nagisa77/OpenIsle.git synced 2026-02-22 22:21:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: login logic

Browse Source
This commit is contained in:
Tim
2025-07-16 12:38:03 +08:00
parent ea90a6a7b8
commit ea85af4a52
11 changed files with 150 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
open-isle-cli/src/utils/github.js
View File

@@ -23,19 +23,37 @@ export async function githubExchange(code, state, reason) {
setToken(data.token)
await loadCurrentUser()
toast.success('登录成功')
return true
return {
success: true,
needReason: false
}
} else if (data.reason_code === 'NOT_APPROVED') {
toast.info('当前为注册审核模式,请填写注册理由')
sessionStorage.setItem('github_code', code)
return 'NEED_REASON'
return {
success: false,
needReason: true,
token: data.token
}
} else if (data.reason_code === 'IS_APPROVING') {
toast.info('您的注册理由正在审批中')
return true
return {
success: true,
needReason: false
}
} else {
toast.error(data.error || '登录失败')
return {
success: false,
needReason: false,
error: data.error || '登录失败'
}
}
} catch (e) {
toast.error('登录失败')
return {
success: false,
needReason: false,
error: '登录失败'
}
}
return false
}

9
open-isle-cli/src/utils/google.js
View File

@@ -17,12 +17,12 @@ export async function googleGetIdToken() {
})
}
export async function googleAuthWithToken(idToken, reason, redirect_success, redirect_not_approved) {
export async function googleAuthWithToken(idToken, redirect_success, redirect_not_approved) {
try {
const res = await fetch(`${API_BASE_URL}/api/auth/google`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ idToken, reason })
body: JSON.stringify({ idToken })
})
const data = await res.json()
if (res.ok && data.token) {
@@ -32,8 +32,7 @@ export async function googleAuthWithToken(idToken, reason, redirect_success, red
if (redirect_success) redirect_success()
} else if (data.reason_code === 'NOT_APPROVED') {
toast.info('当前为注册审核模式,请填写注册理由')
sessionStorage.setItem('google_id_token', idToken)
if (redirect_not_approved) redirect_not_approved()
if (redirect_not_approved) redirect_not_approved(data.token)
} else if (data.reason_code === 'IS_APPROVING') {
toast.info('您的注册理由正在审批中')
if (redirect_success) redirect_success()
@@ -46,7 +45,7 @@ export async function googleAuthWithToken(idToken, reason, redirect_success, red
export async function googleSignIn(redirect_success, redirect_not_approved) {
try {
const token = await googleGetIdToken()
await googleAuthWithToken(token, '', redirect_success, redirect_not_approved)
await googleAuthWithToken(token, redirect_success, redirect_not_approved)
} catch {
/* ignore */
}

5
open-isle-cli/src/views/GithubCallbackPageView.vue
View File

@@ -12,8 +12,9 @@ export default {
const code = url.searchParams.get('code')
const state = url.searchParams.get('state')
const result = await githubExchange(code, state, '')
if (result === 'NEED_REASON') {
this.$router.push('/signup-reason?github=1')
if (result.needReason) {
this.$router.push('/signup-reason?token=' + result.token)
} else {
this.$router.push('/')
}

14
open-isle-cli/src/views/LoginPageView.vue
View File

@@ -75,7 +75,6 @@ export default {
toast.success('登录成功')
this.$router.push('/')
} else if (data.reason_code === 'NOT_VERIFIED') {
sessionStorage.setItem('signup_username', data.username)
toast.info('当前邮箱未验证,已经为您重新发送验证码')
this.$router.push({ path: '/signup', query: { verify: 1, u: this.username } })
} else if (data.reason_code === 'NOT_APPROVED') {
@@ -89,11 +88,14 @@ export default {
}
},
loginWithGoogle() {
googleSignIn(() => {
this.$router.push('/')
}, () => {
this.$router.push('/signup-reason?google=1')
})
googleSignIn(
() => {
this.$router.push('/')
},
(token) => {
this.$router.push('/signup-reason?token=' + token)
}
)
},
loginWithGithub() {
githubAuthorize()

31
open-isle-cli/src/views/SignupPageView.vue
View File

@@ -86,7 +86,7 @@
<script>
import { API_BASE_URL, toast } from '../main'
import { googleSignIn, googleGetIdToken } from '../utils/google'
import { googleSignIn } from '../utils/google'
import { githubAuthorize } from '../utils/github'
import BaseInput from '../components/BaseInput.vue'
export default {
@@ -145,15 +145,7 @@ export default {
if (this.emailError || this.passwordError || this.usernameError) {
return
}
if (this.registerMode === 'WHITELIST') {
sessionStorage.setItem('signup_username', this.username)
sessionStorage.setItem('signup_email', this.email)
sessionStorage.setItem('signup_password', this.password)
this.$router.push('/signup-reason')
return
}
try {
console.log('base url: ', API_BASE_URL)
this.isWaitingForEmailSent = true
const res = await fetch(`${API_BASE_URL}/api/auth/register`, {
method: 'POST',
@@ -194,8 +186,12 @@ export default {
this.isWaitingForEmailVerified = false
const data = await res.json()
if (res.ok) {
toast.success('注册成功,请登录')
this.$router.push('/login')
if (this.registerMode === 'WHITELIST') {
this.$router.push('/signup-reason?token=' + data.token)
} else {
toast.success('注册成功,请登录')
this.$router.push('/login')
}
} else {
toast.error(data.error || '注册失败')
}
@@ -204,18 +200,11 @@ export default {
}
},
signupWithGoogle() {
if (this.registerMode === 'WHITELIST') {
googleGetIdToken().then(token => {
sessionStorage.setItem('google_id_token', token)
this.$router.push('/signup-reason?google=1')
}).catch(() => {})
} else {
googleSignIn(() => {
googleSignIn(() => {
this.$router.push('/')
}, () => {
this.$router.push('/signup-reason?google=1')
}, (token) => {
this.$router.push('/signup-reason?token=' + token)
})
}
},
signupWithGithub() {
githubAuthorize()

78
open-isle-cli/src/views/SignupReasonPageView.vue
View File

@@ -19,8 +19,6 @@
<script>
import BaseInput from '../components/BaseInput.vue'
import { API_BASE_URL, toast } from '../main'
import { googleAuthWithToken } from '../utils/google'
import { githubExchange } from '../utils/github'
export default {
name: 'SignupReasonPageView',
@@ -29,28 +27,14 @@ export default {
return {
reason: '',
error: '',
isGoogle: false,
isGithub: false,
isWaitingForRegister: false,
googleToken: '',
githubCode: ''
token: '',
}
},
mounted() {
this.isGoogle = this.$route.query.google === '1'
this.isGithub = this.$route.query.github === '1'
if (this.isGoogle) {
this.googleToken = sessionStorage.getItem('google_id_token') || ''
if (!this.googleToken) {
this.token = this.$route.query.token || ''
if (!this.token) {
this.$router.push('/signup')
}
} else if (this.isGithub) {
this.githubCode = sessionStorage.getItem('github_code') || ''
if (!this.githubCode) {
this.$router.push('/signup')
}
} else if (!sessionStorage.getItem('signup_username')) {
this.$router.push('/signup')
}
},
methods: {
@@ -59,61 +43,33 @@ export default {
this.error = '请至少输入20个字'
return
}
if (this.isGoogle) {
this.isWaitingForRegister = true
const token = this.googleToken || sessionStorage.getItem('google_id_token')
if (!token) {
toast.error('Google 登录失败')
return
}
await googleAuthWithToken(token, this.reason,
() => { this.$router.push('/') },
() => { this.error = 'Google 登录失败' }
)
this.isWaitingForRegister = false
sessionStorage.removeItem('google_id_token')
return
}
if (this.isGithub) {
this.isWaitingForRegister = true
const code = this.githubCode || sessionStorage.getItem('github_code')
if (!code) {
toast.error('GitHub 登录失败')
return
}
const result = await githubExchange(code, '', this.reason)
this.isWaitingForRegister = false
sessionStorage.removeItem('github_code')
if (result) {
this.$router.push('/')
} else {
this.error = 'GitHub 登录失败'
}
return
}
try {
this.isWaitingForRegister = true
const res = await fetch(`${API_BASE_URL}/api/auth/register`, {
const res = await fetch(`${API_BASE_URL}/api/auth/reason`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${this.token}`
},
body: JSON.stringify({
username: sessionStorage.getItem('signup_username'),
email: sessionStorage.getItem('signup_email'),
password: sessionStorage.getItem('signup_password'),
reason: this.reason
})
})
this.isWaitingForRegister = false
const data = await res.json()
if (res.ok) {
toast.success('验证码已发送,请查收邮箱')
this.$router.push({ path: '/signup', query: { verify: 1, u: sessionStorage.getItem('signup_username') } })
toast.success('注册理由已提交,请等待审核')
this.$router.push('/')
} else if (data.reason_code === 'INVALID_CREDENTIALS') {
toast.error('登录已过期,请重新登录')
this.$router.push('/login')
} else {
toast.error(data.error || '发送失败')
toast.error(data.error || '提交失败')
}
} catch (e) {
toast.error('发送失败')
} finally {
this.isWaitingForRegister = false
toast.error('提交失败')
}
}
}

66
src/main/java/com/openisle/controller/AuthController.java
View File

@@ -14,6 +14,7 @@ import com.openisle.repository.UserRepository;
import lombok.Data;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.*;
import org.springframework.beans.factory.annotation.Value;
import java.util.Map;
@@ -48,7 +49,7 @@ public class AuthController {
return ResponseEntity.badRequest().body(Map.of("error", "Invalid captcha"));
}
User user = userService.register(
req.getUsername(), req.getEmail(), req.getPassword(), req.getReason(), registerModeService.getRegisterMode());
req.getUsername(), req.getEmail(), req.getPassword(), "", registerModeService.getRegisterMode());
emailService.sendEmail(user.getEmail(), "Verification Code", "Your verification code is " + user.getVerificationCode());
if (!user.isApproved()) {
notificationService.createRegisterRequestNotifications(user, user.getRegisterReason());
@@ -60,7 +61,10 @@ public class AuthController {
public ResponseEntity<?> verify(@RequestBody VerifyRequest req) {
boolean ok = userService.verifyCode(req.getUsername(), req.getCode());
if (ok) {
return ResponseEntity.ok(Map.of("message", "Verified"));
return ResponseEntity.ok(Map.of(
"message", "Verified",
"token", jwtService.generateReasonToken(req.getUsername())
));
}
return ResponseEntity.badRequest().body(Map.of("error", "Invalid verification code"));
}
@@ -91,22 +95,20 @@ public class AuthController {
if (RegisterMode.WHITELIST.equals(registerModeService.getRegisterMode()) && !user.isApproved()) {
return ResponseEntity.badRequest().body(Map.of(
"error", "Register reason not approved",
"reason_code", "NOT_APPROVED"));
"reason_code", "NOT_APPROVED",
"token", jwtService.generateReasonToken(user.getUsername())));
}
return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.getUsername())));
}
@PostMapping("/google")
public ResponseEntity<?> loginWithGoogle(@RequestBody GoogleLoginRequest req) {
Optional<User> user = googleAuthService.authenticate(req.getIdToken(), req.getReason(), registerModeService.getRegisterMode());
Optional<User> user = googleAuthService.authenticate(req.getIdToken(), registerModeService.getRegisterMode());
if (user.isPresent()) {
if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
}
if (!user.get().isApproved()) {
if (req.reason != null && !req.reason.isEmpty()) {
notificationService.createRegisterRequestNotifications(user.get(), req.getReason());
}
if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
return ResponseEntity.badRequest().body(Map.of(
"error", "Account awaiting approval",
@@ -127,26 +129,55 @@ public class AuthController {
));
}
@PostMapping("/reason")
public ResponseEntity<?> reason(@RequestBody MakeReasonRequest req) {
String username = jwtService.validateAndGetSubjectForReason(req.getToken());
Optional<User> userOpt = userService.findByUsername(username);
if (userOpt.isEmpty()) {
return ResponseEntity.badRequest().body(Map.of(
"error", "Invalid token, Please re-login",
"reason_code", "INVALID_CREDENTIALS"
));
}
if (req.reason == null || req.reason.length() <= 20) {
return ResponseEntity.badRequest().body(Map.of(
"error", "Reason's length must longer than 20",
"reason_code", "INVALID_CREDENTIALS"
));
}
User user = userOpt.get();
if (user.isApproved() || registerModeService.getRegisterMode() == RegisterMode.DIRECT) {
return ResponseEntity.ok().body(Map.of("valid", true));
}
userService.register(user.getUsername(), user.getEmail(), user.getPassword(), req.getReason(), registerModeService.getRegisterMode());
notificationService.createRegisterRequestNotifications(user, req.getReason());
return ResponseEntity.ok().body(Map.of("valid", true));
}
@PostMapping("/github")
public ResponseEntity<?> loginWithGithub(@RequestBody GithubLoginRequest req) {
Optional<User> user = githubAuthService.authenticate(req.getCode(), req.getReason(), registerModeService.getRegisterMode(), req.getRedirectUri());
Optional<User> user = githubAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
if (user.isPresent()) {
if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
}
if (!user.get().isApproved()) {
if (req.reason != null && !req.reason.isEmpty()) {
notificationService.createRegisterRequestNotifications(user.get(), req.getReason());
}
if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
// 已填写注册理由
return ResponseEntity.badRequest().body(Map.of(
"error", "Account awaiting approval",
"reason_code", "IS_APPROVING"
"reason_code", "IS_APPROVING",
"token", jwtService.generateReasonToken(user.get().getUsername())
));
}
return ResponseEntity.badRequest().body(Map.of(
"error", "Account awaiting approval",
"reason_code", "NOT_APPROVED"
"reason_code", "NOT_APPROVED",
"token", jwtService.generateReasonToken(user.get().getUsername())
));
}
@@ -169,7 +200,6 @@ public class AuthController {
private String email;
private String password;
private String captcha;
private String reason;
}
@Data
@@ -182,14 +212,12 @@ public class AuthController {
@Data
private static class GoogleLoginRequest {
private String idToken;
private String reason;
}
@Data
private static class GithubLoginRequest {
private String code;
private String redirectUri;
private String reason;
}
@Data
@@ -197,4 +225,10 @@ public class AuthController {
private String username;
private String code;
}
@Data
private static class MakeReasonRequest {
private String token;
private String reason;
}
}

11
src/main/java/com/openisle/service/GithubAuthService.java
View File

@@ -28,7 +28,7 @@ public class GithubAuthService {
@Value("${github.client-secret:}")
private String clientSecret;
public Optional<User> authenticate(String code, String reason, com.openisle.model.RegisterMode mode, String redirectUri) {
public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
try {
String tokenUrl = "https://github.com/login/oauth/access_token";
HttpHeaders headers = new HttpHeaders();
@@ -83,13 +83,13 @@ public class GithubAuthService {
if (email == null) {
email = username + "@users.noreply.github.com";
}
return Optional.of(processUser(email, username, reason, mode));
return Optional.of(processUser(email, username, mode));
} catch (Exception e) {
return Optional.empty();
}
}
private User processUser(String email, String username, String reason, com.openisle.model.RegisterMode mode) {
private User processUser(String email, String username, com.openisle.model.RegisterMode mode) {
Optional<User> existing = userRepository.findByEmail(email);
if (existing.isPresent()) {
User user = existing.get();
@@ -98,10 +98,6 @@ public class GithubAuthService {
user.setVerificationCode(null);
userRepository.save(user);
}
if (!user.isApproved() && reason != null && !reason.isEmpty()) {
user.setRegisterReason(reason);
userRepository.save(user);
}
return user;
}
String baseUsername = username != null ? username : email.split("@")[0];
@@ -116,7 +112,6 @@ public class GithubAuthService {
user.setPassword("");
user.setRole(Role.USER);
user.setVerified(true);
user.setRegisterReason(reason);
user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
user.setAvatar("https://github.com/" + finalUsername + ".png");
return userRepository.save(user);

12
src/main/java/com/openisle/service/GoogleAuthService.java
View File

@@ -23,7 +23,7 @@ public class GoogleAuthService {
@Value("${google.client-id:}")
private String clientId;
public Optional<User> authenticate(String idTokenString, String reason, com.openisle.model.RegisterMode mode) {
public Optional<User> authenticate(String idTokenString, com.openisle.model.RegisterMode mode) {
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
.setAudience(Collections.singletonList(clientId))
.build();
@@ -35,13 +35,13 @@ public class GoogleAuthService {
GoogleIdToken.Payload payload = idToken.getPayload();
String email = payload.getEmail();
String name = (String) payload.get("name");
return Optional.of(processUser(email, name, reason, mode));
return Optional.of(processUser(email, name, mode));
} catch (Exception e) {
return Optional.empty();
}
}
private User processUser(String email, String name, String reason, com.openisle.model.RegisterMode mode) {
private User processUser(String email, String name, com.openisle.model.RegisterMode mode) {
Optional<User> existing = userRepository.findByEmail(email);
if (existing.isPresent()) {
User user = existing.get();
@@ -51,11 +51,6 @@ public class GoogleAuthService {
userRepository.save(user);
}
if (!user.isApproved() && reason != null && !reason.isEmpty()) {
user.setRegisterReason(reason);
userRepository.save(user);
}
return user;
}
User user = new User();
@@ -70,7 +65,6 @@ public class GoogleAuthService {
user.setPassword("");
user.setRole(Role.USER);
user.setVerified(true);
user.setRegisterReason(reason);
user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
user.setAvatar("https://github.com/identicons/" + username + ".png");
return userRepository.save(user);

31
src/main/java/com/openisle/service/JwtService.java
View File

@@ -18,13 +18,16 @@ public class JwtService {
@Value("${app.jwt.secret}")
private String secret;
@Value("${app.jwt.reason-secret}")
private String reasonSecret;
@Value("${app.jwt.expiration}")
private long expiration;
private Key getSigningKey() {
private Key getSigningKeyForSecret(String signSecret) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] keyBytes = digest.digest(secret.getBytes(StandardCharsets.UTF_8));
byte[] keyBytes = digest.digest(signSecret.getBytes(StandardCharsets.UTF_8));
return Keys.hmacShaKeyFor(keyBytes);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("SHA-256 not available", e);
@@ -38,13 +41,33 @@ public class JwtService {
.setSubject(subject)
.setIssuedAt(now)
.setExpiration(expiryDate)
.signWith(getSigningKey())
.signWith(getSigningKeyForSecret(secret))
.compact();
}
public String generateReasonToken(String subject) {
Date now = new Date();
Date expiryDate = new Date(now.getTime() + expiration);
return Jwts.builder()
.setSubject(subject)
.setIssuedAt(now)
.setExpiration(expiryDate)
.signWith(getSigningKeyForSecret(reasonSecret))
.compact();
}
public String validateAndGetSubject(String token) {
Claims claims = Jwts.parserBuilder()
.setSigningKey(getSigningKey())
.setSigningKey(getSigningKeyForSecret(secret))
.build()
.parseClaimsJws(token)
.getBody();
return claims.getSubject();
}
public String validateAndGetSubjectForReason(String token) {
Claims claims = Jwts.parserBuilder()
.setSigningKey(getSigningKeyForSecret(reasonSecret))
.build()
.parseClaimsJws(token)
.getBody();

3
src/main/resources/application.properties
View File

@@ -5,7 +5,8 @@ spring.datasource.password=${MYSQL_PASSWORD:password}
spring.jpa.hibernate.ddl-auto=update
# for jwt
app.jwt.secret=${JWT_SECRET:ChangeThisSecretKeyForJwt}
app.jwt.secret=${JWT_SECRET:jwt_sec}
app.jwt.reason-secret=${JWT_REASON_SECRET:jwt_reason_sec}
app.jwt.expiration=${JWT_EXPIRATION:86400000}
# Password strength: LOW, MEDIUM or HIGH
app.password.strength=${PASSWORD_STRENGTH:LOW}