136 lines
3.9 KiB
Go
136 lines
3.9 KiB
Go
package handler
|
||
|
||
import (
|
||
"net/http"
|
||
"time"
|
||
|
||
"gitee.ltd/lxh/wechat-robot/internal/types"
|
||
"github.com/gofiber/fiber/v2"
|
||
"github.com/gofiber/fiber/v2/middleware/session"
|
||
logtoClient "github.com/logto-io/go/v2/client"
|
||
"github.com/valyala/fasthttp/fasthttpadaptor"
|
||
|
||
"gitee.ltd/lxh/wechat-robot/internal/config"
|
||
)
|
||
|
||
// 实现Logto会话存储接口
|
||
var store = session.New(session.Config{
|
||
KeyLookup: "cookie:logto-session",
|
||
CookieSecure: false, // 开发环境可设成false
|
||
})
|
||
|
||
// LogtoLogin 重定向到Logto登录页面
|
||
func LogtoLogin(c *fiber.Ctx) error {
|
||
// 加载配置
|
||
cfg, err := config.Load()
|
||
if err != nil {
|
||
return c.Redirect("/error?error=系统错误,无法加载配置")
|
||
}
|
||
|
||
// 构建回调URL
|
||
callbackURL := c.Protocol() + "://" + c.Hostname() + "/auth/logto/callback"
|
||
//callbackURL := "https://wechat.0bug.dev/auth/logto/callback"
|
||
|
||
// 创建Logto客户端配置
|
||
logtoConfig := &logtoClient.LogtoConfig{
|
||
Endpoint: cfg.Auth.Logto.Endpoint,
|
||
AppId: cfg.Auth.Logto.AppId,
|
||
AppSecret: cfg.Auth.Logto.AppSecret,
|
||
}
|
||
// 获取会话
|
||
fiberSessionStorage := &types.LogtoSessionStorage{Store: store, Ctx: c}
|
||
|
||
// 创建Logto客户端
|
||
client := logtoClient.NewLogtoClient(logtoConfig, fiberSessionStorage)
|
||
// 获取登录链接
|
||
signInUri, err := client.SignInWithRedirectUri(callbackURL)
|
||
if err != nil {
|
||
return c.Redirect("/error?error=Logto登录错误: " + err.Error() + "。请在Logto控制台确认回调URI为: " + callbackURL)
|
||
}
|
||
// 去登录
|
||
return c.Redirect(signInUri)
|
||
}
|
||
|
||
// LogtoCallback 处理Logto登录回调
|
||
func LogtoCallback(c *fiber.Ctx) error {
|
||
// 加载配置
|
||
cfg, err := config.Load()
|
||
if err != nil {
|
||
return c.Redirect("/error?error=系统错误,无法加载配置")
|
||
}
|
||
|
||
// 创建Logto客户端配置
|
||
logtoConfig := &logtoClient.LogtoConfig{
|
||
Endpoint: cfg.Auth.Logto.Endpoint,
|
||
AppId: cfg.Auth.Logto.AppId,
|
||
AppSecret: cfg.Auth.Logto.AppSecret,
|
||
}
|
||
// 获取会话
|
||
fiberSessionStorage := &types.LogtoSessionStorage{Store: store, Ctx: c}
|
||
// 创建Logto客户端
|
||
client := logtoClient.NewLogtoClient(logtoConfig, fiberSessionStorage)
|
||
|
||
r := &http.Request{}
|
||
if err = fasthttpadaptor.ConvertRequest(c.Context(), r, true); err != nil {
|
||
return c.Redirect("/error?error=转换请求错误: " + err.Error())
|
||
}
|
||
|
||
// 处理回调
|
||
if err = client.HandleSignInCallback(r); err != nil {
|
||
return c.Redirect("/error?error=Logto回调处理错误: " + err.Error())
|
||
}
|
||
|
||
// 设置auth_token cookie,使用logto前缀
|
||
cookie := new(fiber.Cookie)
|
||
cookie.Name = "auth_token"
|
||
cookie.Value = "logto:auth" // 设置auth_token带有logto前缀
|
||
cookie.Expires = time.Now().Add(24 * time.Hour) // 24小时过期
|
||
cookie.HTTPOnly = true
|
||
cookie.Path = "/"
|
||
c.Cookie(cookie)
|
||
|
||
// 重定向到机器人列表页面
|
||
return c.Redirect("/admin/robots")
|
||
}
|
||
|
||
// LogtoLogout 处理Logto退出登录
|
||
func LogtoLogout(c *fiber.Ctx) error {
|
||
// 加载配置
|
||
cfg, err := config.Load()
|
||
if err != nil {
|
||
return c.Redirect("/error?error=系统错误,无法加载配置")
|
||
}
|
||
|
||
// 创建Logto客户端配置
|
||
logtoConfig := &logtoClient.LogtoConfig{
|
||
Endpoint: cfg.Auth.Logto.Endpoint,
|
||
AppId: cfg.Auth.Logto.AppId,
|
||
AppSecret: cfg.Auth.Logto.AppSecret,
|
||
}
|
||
// 获取会话
|
||
fiberSessionStorage := &types.LogtoSessionStorage{Store: store, Ctx: c}
|
||
// 创建Logto客户端
|
||
client := logtoClient.NewLogtoClient(logtoConfig, fiberSessionStorage)
|
||
|
||
// 构建登出后重定向URL
|
||
postLogoutRedirectURL := c.Protocol() + "://" + c.Hostname()
|
||
|
||
// 获取登出链接
|
||
signOutUri, err := client.SignOut(postLogoutRedirectURL)
|
||
if err != nil {
|
||
return c.Redirect("/error?error=Logto登出错误: " + err.Error())
|
||
}
|
||
|
||
// 清除本地Cookie
|
||
cookie := new(fiber.Cookie)
|
||
cookie.Name = "auth_token"
|
||
cookie.Value = ""
|
||
cookie.Expires = time.Now().Add(-time.Hour) // 设置为过期
|
||
cookie.HTTPOnly = true
|
||
cookie.Path = "/"
|
||
c.Cookie(cookie)
|
||
|
||
// 重定向到Logto登出页面
|
||
return c.Redirect(signOutUri)
|
||
}
|