1
0
mirror of https://github.com/pocketbase/pocketbase.git synced 2024-12-01 02:56:49 +02:00

Added gitee OAuth

Signed-off-by: Yuxiang Gao <yuxiang-gao@outlook.com>
This commit is contained in:
Yuxiang Gao 2022-12-31 17:46:36 +08:00
parent 9033cd109e
commit 19ccc70fe5
No known key found for this signature in database
GPG Key ID: F8CB2E880C031722
6 changed files with 137 additions and 1 deletions

View File

@ -59,6 +59,7 @@ func TestSettingsList(t *testing.T) {
`"kakaoAuth":{`, `"kakaoAuth":{`,
`"twitchAuth":{`, `"twitchAuth":{`,
`"stravaAuth":{`, `"stravaAuth":{`,
`"giteeAuth":{`,
`"secret":"******"`, `"secret":"******"`,
`"clientSecret":"******"`, `"clientSecret":"******"`,
}, },
@ -127,6 +128,7 @@ func TestSettingsSet(t *testing.T) {
`"kakaoAuth":{`, `"kakaoAuth":{`,
`"twitchAuth":{`, `"twitchAuth":{`,
`"stravaAuth":{`, `"stravaAuth":{`,
`"giteeAuth":{`,
`"secret":"******"`, `"secret":"******"`,
`"clientSecret":"******"`, `"clientSecret":"******"`,
`"appName":"acme_test"`, `"appName":"acme_test"`,
@ -184,6 +186,7 @@ func TestSettingsSet(t *testing.T) {
`"kakaoAuth":{`, `"kakaoAuth":{`,
`"twitchAuth":{`, `"twitchAuth":{`,
`"stravaAuth":{`, `"stravaAuth":{`,
`"giteeAuth":{`,
`"secret":"******"`, `"secret":"******"`,
`"clientSecret":"******"`, `"clientSecret":"******"`,
`"appName":"update_test"`, `"appName":"update_test"`,

View File

@ -45,6 +45,7 @@ type Settings struct {
KakaoAuth AuthProviderConfig `form:"kakaoAuth" json:"kakaoAuth"` KakaoAuth AuthProviderConfig `form:"kakaoAuth" json:"kakaoAuth"`
TwitchAuth AuthProviderConfig `form:"twitchAuth" json:"twitchAuth"` TwitchAuth AuthProviderConfig `form:"twitchAuth" json:"twitchAuth"`
StravaAuth AuthProviderConfig `form:"stravaAuth" json:"stravaAuth"` StravaAuth AuthProviderConfig `form:"stravaAuth" json:"stravaAuth"`
GiteeAuth AuthProviderConfig `form:"giteeAuth" json:"giteeAuth"`
} }
// New creates and returns a new default Settings instance. // New creates and returns a new default Settings instance.
@ -128,6 +129,9 @@ func New() *Settings {
StravaAuth: AuthProviderConfig{ StravaAuth: AuthProviderConfig{
Enabled: false, Enabled: false,
}, },
GiteeAuth: AuthProviderConfig{
Enabled: false,
},
} }
} }
@ -158,6 +162,7 @@ func (s *Settings) Validate() error {
validation.Field(&s.KakaoAuth), validation.Field(&s.KakaoAuth),
validation.Field(&s.TwitchAuth), validation.Field(&s.TwitchAuth),
validation.Field(&s.StravaAuth), validation.Field(&s.StravaAuth),
validation.Field(&s.GiteeAuth),
) )
} }
@ -213,6 +218,7 @@ func (s *Settings) RedactClone() (*Settings, error) {
&clone.KakaoAuth.ClientSecret, &clone.KakaoAuth.ClientSecret,
&clone.TwitchAuth.ClientSecret, &clone.TwitchAuth.ClientSecret,
&clone.StravaAuth.ClientSecret, &clone.StravaAuth.ClientSecret,
&clone.GiteeAuth.ClientSecret,
} }
// mask all sensitive fields // mask all sensitive fields
@ -243,6 +249,7 @@ func (s *Settings) NamedAuthProviderConfigs() map[string]AuthProviderConfig {
auth.NameKakao: s.KakaoAuth, auth.NameKakao: s.KakaoAuth,
auth.NameTwitch: s.TwitchAuth, auth.NameTwitch: s.TwitchAuth,
auth.NameStrava: s.StravaAuth, auth.NameStrava: s.StravaAuth,
auth.NameGitee: s.GiteeAuth,
} }
} }

View File

@ -50,6 +50,8 @@ func TestSettingsValidate(t *testing.T) {
s.TwitchAuth.ClientId = "" s.TwitchAuth.ClientId = ""
s.StravaAuth.Enabled = true s.StravaAuth.Enabled = true
s.StravaAuth.ClientId = "" s.StravaAuth.ClientId = ""
s.GiteeAuth.Enabled = true
s.GiteeAuth.ClientId = ""
// check if Validate() is triggering the members validate methods. // check if Validate() is triggering the members validate methods.
err := s.Validate() err := s.Validate()
@ -79,6 +81,7 @@ func TestSettingsValidate(t *testing.T) {
`"kakaoAuth":{`, `"kakaoAuth":{`,
`"twitchAuth":{`, `"twitchAuth":{`,
`"stravaAuth":{`, `"stravaAuth":{`,
`"giteeAuth":{`,
} }
errBytes, _ := json.Marshal(err) errBytes, _ := json.Marshal(err)
@ -129,6 +132,8 @@ func TestSettingsMerge(t *testing.T) {
s2.TwitchAuth.ClientId = "twitch_test" s2.TwitchAuth.ClientId = "twitch_test"
s2.StravaAuth.Enabled = true s2.StravaAuth.Enabled = true
s2.StravaAuth.ClientId = "strava_test" s2.StravaAuth.ClientId = "strava_test"
s2.GiteeAuth.Enabled = true
s2.GiteeAuth.ClientId = "gitee_test"
if err := s1.Merge(s2); err != nil { if err := s1.Merge(s2); err != nil {
t.Fatal(err) t.Fatal(err)
@ -201,6 +206,7 @@ func TestSettingsRedactClone(t *testing.T) {
s1.KakaoAuth.ClientSecret = "test123" s1.KakaoAuth.ClientSecret = "test123"
s1.TwitchAuth.ClientSecret = "test123" s1.TwitchAuth.ClientSecret = "test123"
s1.StravaAuth.ClientSecret = "test123" s1.StravaAuth.ClientSecret = "test123"
s1.GiteeAuth.ClientSecret = "test123"
s2, err := s1.RedactClone() s2, err := s1.RedactClone()
if err != nil { if err != nil {
@ -212,7 +218,7 @@ func TestSettingsRedactClone(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
expected := `{"meta":{"appName":"test123","appUrl":"http://localhost:8090","hideControls":false,"senderName":"Support","senderAddress":"support@example.com","verificationTemplate":{"body":"\u003cp\u003eHello,\u003c/p\u003e\n\u003cp\u003eThank you for joining us at {APP_NAME}.\u003c/p\u003e\n\u003cp\u003eClick on the button below to verify your email address.\u003c/p\u003e\n\u003cp\u003e\n \u003ca class=\"btn\" href=\"{ACTION_URL}\" target=\"_blank\" rel=\"noopener\"\u003eVerify\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e\n Thanks,\u003cbr/\u003e\n {APP_NAME} team\n\u003c/p\u003e","subject":"Verify your {APP_NAME} email","actionUrl":"{APP_URL}/_/#/auth/confirm-verification/{TOKEN}"},"resetPasswordTemplate":{"body":"\u003cp\u003eHello,\u003c/p\u003e\n\u003cp\u003eClick on the button below to reset your password.\u003c/p\u003e\n\u003cp\u003e\n \u003ca class=\"btn\" href=\"{ACTION_URL}\" target=\"_blank\" rel=\"noopener\"\u003eReset password\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e\u003ci\u003eIf you didn't ask to reset your password, you can ignore this email.\u003c/i\u003e\u003c/p\u003e\n\u003cp\u003e\n Thanks,\u003cbr/\u003e\n {APP_NAME} team\n\u003c/p\u003e","subject":"Reset your {APP_NAME} password","actionUrl":"{APP_URL}/_/#/auth/confirm-password-reset/{TOKEN}"},"confirmEmailChangeTemplate":{"body":"\u003cp\u003eHello,\u003c/p\u003e\n\u003cp\u003eClick on the button below to confirm your new email address.\u003c/p\u003e\n\u003cp\u003e\n \u003ca class=\"btn\" href=\"{ACTION_URL}\" target=\"_blank\" rel=\"noopener\"\u003eConfirm new email\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e\u003ci\u003eIf you didn't ask to change your email address, you can ignore this email.\u003c/i\u003e\u003c/p\u003e\n\u003cp\u003e\n Thanks,\u003cbr/\u003e\n {APP_NAME} team\n\u003c/p\u003e","subject":"Confirm your {APP_NAME} new email address","actionUrl":"{APP_URL}/_/#/auth/confirm-email-change/{TOKEN}"}},"logs":{"maxDays":5},"smtp":{"enabled":false,"host":"smtp.example.com","port":587,"username":"","password":"******","authMethod":"","tls":true},"s3":{"enabled":false,"bucket":"","region":"","endpoint":"","accessKey":"","secret":"******","forcePathStyle":false},"adminAuthToken":{"secret":"******","duration":1209600},"adminPasswordResetToken":{"secret":"******","duration":1800},"recordAuthToken":{"secret":"******","duration":1209600},"recordPasswordResetToken":{"secret":"******","duration":1800},"recordEmailChangeToken":{"secret":"******","duration":1800},"recordVerificationToken":{"secret":"******","duration":604800},"emailAuth":{"enabled":false,"exceptDomains":null,"onlyDomains":null,"minPasswordLength":0},"googleAuth":{"enabled":false,"clientSecret":"******"},"facebookAuth":{"enabled":false,"clientSecret":"******"},"githubAuth":{"enabled":false,"clientSecret":"******"},"gitlabAuth":{"enabled":false,"clientSecret":"******"},"discordAuth":{"enabled":false,"clientSecret":"******"},"twitterAuth":{"enabled":false,"clientSecret":"******"},"microsoftAuth":{"enabled":false,"clientSecret":"******"},"spotifyAuth":{"enabled":false,"clientSecret":"******"},"kakaoAuth":{"enabled":false,"clientSecret":"******"},"twitchAuth":{"enabled":false,"clientSecret":"******"},"stravaAuth":{"enabled":false,"clientSecret":"******"}}` expected := `{"meta":{"appName":"test123","appUrl":"http://localhost:8090","hideControls":false,"senderName":"Support","senderAddress":"support@example.com","verificationTemplate":{"body":"\u003cp\u003eHello,\u003c/p\u003e\n\u003cp\u003eThank you for joining us at {APP_NAME}.\u003c/p\u003e\n\u003cp\u003eClick on the button below to verify your email address.\u003c/p\u003e\n\u003cp\u003e\n \u003ca class=\"btn\" href=\"{ACTION_URL}\" target=\"_blank\" rel=\"noopener\"\u003eVerify\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e\n Thanks,\u003cbr/\u003e\n {APP_NAME} team\n\u003c/p\u003e","subject":"Verify your {APP_NAME} email","actionUrl":"{APP_URL}/_/#/auth/confirm-verification/{TOKEN}"},"resetPasswordTemplate":{"body":"\u003cp\u003eHello,\u003c/p\u003e\n\u003cp\u003eClick on the button below to reset your password.\u003c/p\u003e\n\u003cp\u003e\n \u003ca class=\"btn\" href=\"{ACTION_URL}\" target=\"_blank\" rel=\"noopener\"\u003eReset password\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e\u003ci\u003eIf you didn't ask to reset your password, you can ignore this email.\u003c/i\u003e\u003c/p\u003e\n\u003cp\u003e\n Thanks,\u003cbr/\u003e\n {APP_NAME} team\n\u003c/p\u003e","subject":"Reset your {APP_NAME} password","actionUrl":"{APP_URL}/_/#/auth/confirm-password-reset/{TOKEN}"},"confirmEmailChangeTemplate":{"body":"\u003cp\u003eHello,\u003c/p\u003e\n\u003cp\u003eClick on the button below to confirm your new email address.\u003c/p\u003e\n\u003cp\u003e\n \u003ca class=\"btn\" href=\"{ACTION_URL}\" target=\"_blank\" rel=\"noopener\"\u003eConfirm new email\u003c/a\u003e\n\u003c/p\u003e\n\u003cp\u003e\u003ci\u003eIf you didn't ask to change your email address, you can ignore this email.\u003c/i\u003e\u003c/p\u003e\n\u003cp\u003e\n Thanks,\u003cbr/\u003e\n {APP_NAME} team\n\u003c/p\u003e","subject":"Confirm your {APP_NAME} new email address","actionUrl":"{APP_URL}/_/#/auth/confirm-email-change/{TOKEN}"}},"logs":{"maxDays":5},"smtp":{"enabled":false,"host":"smtp.example.com","port":587,"username":"","password":"******","authMethod":"","tls":true},"s3":{"enabled":false,"bucket":"","region":"","endpoint":"","accessKey":"","secret":"******","forcePathStyle":false},"adminAuthToken":{"secret":"******","duration":1209600},"adminPasswordResetToken":{"secret":"******","duration":1800},"recordAuthToken":{"secret":"******","duration":1209600},"recordPasswordResetToken":{"secret":"******","duration":1800},"recordEmailChangeToken":{"secret":"******","duration":1800},"recordVerificationToken":{"secret":"******","duration":604800},"emailAuth":{"enabled":false,"exceptDomains":null,"onlyDomains":null,"minPasswordLength":0},"googleAuth":{"enabled":false,"clientSecret":"******"},"facebookAuth":{"enabled":false,"clientSecret":"******"},"githubAuth":{"enabled":false,"clientSecret":"******"},"gitlabAuth":{"enabled":false,"clientSecret":"******"},"discordAuth":{"enabled":false,"clientSecret":"******"},"twitterAuth":{"enabled":false,"clientSecret":"******"},"microsoftAuth":{"enabled":false,"clientSecret":"******"},"spotifyAuth":{"enabled":false,"clientSecret":"******"},"kakaoAuth":{"enabled":false,"clientSecret":"******"},"twitchAuth":{"enabled":false,"clientSecret":"******"},"stravaAuth":{"enabled":false,"clientSecret":"******"},"giteeAuth":{"enabled":false,"clientSecret":"******"}}`
if encodedStr := string(encoded); encodedStr != expected { if encodedStr := string(encoded); encodedStr != expected {
t.Fatalf("Expected\n%v\ngot\n%v", expected, encodedStr) t.Fatalf("Expected\n%v\ngot\n%v", expected, encodedStr)
@ -234,6 +240,7 @@ func TestNamedAuthProviderConfigs(t *testing.T) {
s.KakaoAuth.ClientId = "kakao_test" s.KakaoAuth.ClientId = "kakao_test"
s.TwitchAuth.ClientId = "twitch_test" s.TwitchAuth.ClientId = "twitch_test"
s.StravaAuth.ClientId = "strava_test" s.StravaAuth.ClientId = "strava_test"
s.GiteeAuth.ClientId = "gitee_test"
result := s.NamedAuthProviderConfigs() result := s.NamedAuthProviderConfigs()
@ -255,6 +262,7 @@ func TestNamedAuthProviderConfigs(t *testing.T) {
`"kakao":{"enabled":false,"clientId":"kakao_test"}`, `"kakao":{"enabled":false,"clientId":"kakao_test"}`,
`"twitch":{"enabled":false,"clientId":"twitch_test"}`, `"twitch":{"enabled":false,"clientId":"twitch_test"}`,
`"strava":{"enabled":false,"clientId":"strava_test"}`, `"strava":{"enabled":false,"clientId":"strava_test"}`,
`"gitee":{"enabled":false,"clientId":"gitee_test"}`,
} }
for _, p := range expectedParts { for _, p := range expectedParts {
if !strings.Contains(encodedStr, p) { if !strings.Contains(encodedStr, p) {

View File

@ -107,6 +107,8 @@ func NewProviderByName(name string) (Provider, error) {
return NewTwitchProvider(), nil return NewTwitchProvider(), nil
case NameStrava: case NameStrava:
return NewStravaProvider(), nil return NewStravaProvider(), nil
case NameGitee:
return NewGiteeProvider(), nil
default: default:
return nil, errors.New("Missing provider " + name) return nil, errors.New("Missing provider " + name)
} }

View File

@ -117,4 +117,13 @@ func TestNewProviderByName(t *testing.T) {
if _, ok := p.(*auth.Strava); !ok { if _, ok := p.(*auth.Strava); !ok {
t.Error("Expected to be instance of *auth.Strava") t.Error("Expected to be instance of *auth.Strava")
} }
// gitee
p, err = auth.NewProviderByName(auth.NameGitee)
if err != nil {
t.Errorf("Expected nil, got error %v", err)
}
if _, ok := p.(*auth.Gitee); !ok {
t.Error("Expected to be instance of *auth.Gitee")
}
} }

107
tools/auth/gitee.go Normal file
View File

@ -0,0 +1,107 @@
package auth
import (
"encoding/json"
"io"
"strconv"
"golang.org/x/oauth2"
)
var _ Provider = (*Gitee)(nil)
// NameGitee is the unique name of the Gitee provider.
const NameGitee string = "gitee"
// Gitee allows authentication via Gitee OAuth2.
type Gitee struct {
*baseProvider
}
// NewGiteeProvider creates new Gitee provider instance with some defaults.
func NewGiteeProvider() *Gitee {
return &Gitee{&baseProvider{
scopes: []string{"user_info", "emails"},
authUrl: "https://gitee.com/oauth/authorize",
tokenUrl: "https://gitee.com/oauth/token",
userApiUrl: "https://gitee.com/api/v5/user",
}}
}
// FetchAuthUser returns an AuthUser instance based the Gitee's user api.
//
// API reference: https://gitee.com/api/v5/swagger#/getV5User
func (p *Gitee) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
data, err := p.FetchRawUserData(token)
if err != nil {
return nil, err
}
rawUser := map[string]any{}
if err := json.Unmarshal(data, &rawUser); err != nil {
return nil, err
}
extracted := struct {
Login string `json:"login"`
Id int `json:"id"`
Name string `json:"name"`
Email string `json:"email"`
AvatarUrl string `json:"avatar_url"`
}{}
if err := json.Unmarshal(data, &extracted); err != nil {
return nil, err
}
user := &AuthUser{
Id: strconv.Itoa(extracted.Id),
Name: extracted.Name,
Username: extracted.Login,
Email: extracted.Email,
AvatarUrl: extracted.AvatarUrl,
RawUser: rawUser,
AccessToken: token.AccessToken,
}
// in case user set "Keep my email address private",
// email should be retrieved via extra API request
if user.Email == "" {
client := p.Client(token)
response, err := client.Get("https://gitee.com/api/v5/emails")
if err != nil {
return user, err
}
defer response.Body.Close()
content, err := io.ReadAll(response.Body)
if err != nil {
return user, err
}
emails := []struct {
Email string
State string
Scope []string
}{}
if err := json.Unmarshal(content, &emails); err != nil {
return user, err
}
// extract the verified primary email
//
// API reference: https://gitee.com/api/v5/swagger#/getV5Emails
outer:
for _, email := range emails {
for _, scope := range email.Scope {
if email.State == "confirmed" && scope == "primary" {
user.Email = email.Email
break outer
}
}
}
}
return user, nil
}