refactor: Migrate OIDC configuration to system settings

common/constants.go

@@ -43,7 +43,6 @@ var PasswordLoginEnabled = true
 var PasswordRegisterEnabled = true
 var EmailVerificationEnabled = false
 var GitHubOAuthEnabled = false
-var OIDCEnabled = false
 var LinuxDOOAuthEnabled = false
 var WeChatAuthEnabled = false
 var TelegramOAuthEnabled = false
@@ -78,14 +77,6 @@ var SMTPToken = ""
 
 var GitHubClientId = ""
 var GitHubClientSecret = ""
-
-var OIDCClientId = ""
-var OIDCClientSecret = ""
-var OIDCWellKnown = ""
-var OIDCAuthorizationEndpoint = ""
-var OIDCTokenEndpoint = ""
-var OIDCUserInfoEndpoint = ""
-
 var LinuxDOClientId = ""
 var LinuxDOClientSecret = ""
 

controller/misc.go

@@ -8,6 +8,7 @@ import (
 	"one-api/model"
 	"one-api/setting"
 	"one-api/setting/operation_setting"
+	"one-api/setting/system_setting"
 	"strings"
 
 	"github.com/gin-gonic/gin"
@@ -68,9 +69,9 @@ func GetStatus(c *gin.Context) {
 			"chats":                       setting.Chats,
 			"demo_site_enabled":           operation_setting.DemoSiteEnabled,
 			"self_use_mode_enabled":       operation_setting.SelfUseModeEnabled,
-			"oidc":                        common.OIDCEnabled,
-			"oidc_client_id":              common.OIDCClientId,
-			"oidc_authorization_endpoint": common.OIDCAuthorizationEndpoint,
+			"oidc_enabled":                system_setting.GetOIDCSettings().Enabled,
+			"oidc_client_id":              system_setting.GetOIDCSettings().ClientId,
+			"oidc_authorization_endpoint": system_setting.GetOIDCSettings().AuthorizationEndpoint,
 		},
 	})
 	return

controller/oidc.go

@@ -9,6 +9,7 @@ import (
 	"one-api/common"
 	"one-api/model"
 	"one-api/setting"
+	"one-api/setting/system_setting"
 	"strconv"
 	"strings"
 	"time"
@@ -40,13 +41,13 @@ func getOidcUserInfoByCode(code string) (*OidcUser, error) {
 	}
 
 	values := url.Values{}
-	values.Set("client_id", common.OIDCClientId)
-	values.Set("client_secret", common.OIDCClientSecret)
+	values.Set("client_id", system_setting.GetOIDCSettings().ClientId)
+	values.Set("client_secret", system_setting.GetOIDCSettings().ClientSecret)
 	values.Set("code", code)
 	values.Set("grant_type", "authorization_code")
 	values.Set("redirect_uri", fmt.Sprintf("%s/oauth/oidc", setting.ServerAddress))
 	formData := values.Encode()
-	req, err := http.NewRequest("POST", common.OIDCTokenEndpoint, strings.NewReader(formData))
+	req, err := http.NewRequest("POST", system_setting.GetOIDCSettings().TokenEndpoint, strings.NewReader(formData))
 	if err != nil {
 		return nil, err
 	}
@@ -72,7 +73,7 @@ func getOidcUserInfoByCode(code string) (*OidcUser, error) {
 		return nil, errors.New("OIDC 获取 Token 失败，请检查设置！")
 	}
 
-	req, err = http.NewRequest("GET", common.OIDCUserInfoEndpoint, nil)
+	req, err = http.NewRequest("GET", system_setting.GetOIDCSettings().UserInfoEndpoint, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -115,7 +116,7 @@ func OidcAuth(c *gin.Context) {
 		OidcBind(c)
 		return
 	}
-	if !common.OIDCEnabled {
+	if !system_setting.GetOIDCSettings().Enabled {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "管理员未开启通过 OIDC 登录以及注册",
@@ -184,7 +185,7 @@ func OidcAuth(c *gin.Context) {
 }
 
 func OidcBind(c *gin.Context) {
-	if !common.OIDCEnabled {
+	if !system_setting.GetOIDCSettings().Enabled {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "管理员未开启通过 OIDC 登录以及注册",

controller/option.go

@@ -6,6 +6,7 @@ import (
 	"one-api/common"
 	"one-api/model"
 	"one-api/setting"
+	"one-api/setting/system_setting"
 	"strings"
 
 	"github.com/gin-gonic/gin"
@@ -51,8 +52,8 @@ func UpdateOption(c *gin.Context) {
 			})
 			return
 		}
-	case "OIDCEnabled":
-		if option.Value == "true" && common.OIDCClientId == "" {
+	case "oidc.enabled":
+		if option.Value == "true" && system_setting.GetOIDCSettings().Enabled {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "无法启用 OIDC 登录，请先填入 OIDC Client Id 以及 OIDC Client Secret！",

model/option.go

@@ -35,7 +35,6 @@ func InitOptionMap() {
 	common.OptionMap["PasswordRegisterEnabled"] = strconv.FormatBool(common.PasswordRegisterEnabled)
 	common.OptionMap["EmailVerificationEnabled"] = strconv.FormatBool(common.EmailVerificationEnabled)
 	common.OptionMap["GitHubOAuthEnabled"] = strconv.FormatBool(common.GitHubOAuthEnabled)
-	common.OptionMap["OIDCEnabled"] = strconv.FormatBool(common.OIDCEnabled)
 	common.OptionMap["LinuxDOOAuthEnabled"] = strconv.FormatBool(common.LinuxDOOAuthEnabled)
 	common.OptionMap["TelegramOAuthEnabled"] = strconv.FormatBool(common.TelegramOAuthEnabled)
 	common.OptionMap["WeChatAuthEnabled"] = strconv.FormatBool(common.WeChatAuthEnabled)
@@ -207,8 +206,6 @@ func updateOptionMap(key string, value string) (err error) {
 			common.EmailVerificationEnabled = boolValue
 		case "GitHubOAuthEnabled":
 			common.GitHubOAuthEnabled = boolValue
-		case "OIDCEnabled":
-			common.OIDCEnabled = boolValue
 		case "LinuxDOOAuthEnabled":
 			common.LinuxDOOAuthEnabled = boolValue
 		case "WeChatAuthEnabled":
@@ -307,18 +304,6 @@ func updateOptionMap(key string, value string) (err error) {
 		common.GitHubClientId = value
 	case "GitHubClientSecret":
 		common.GitHubClientSecret = value
-	case "OIDCClientId":
-		common.OIDCClientId = value
-	case "OIDCClientSecret":
-		common.OIDCClientSecret = value
-	case "OIDCWellKnown":
-		common.OIDCWellKnown = value
-	case "OIDCAuthorizationEndpoint":
-		common.OIDCAuthorizationEndpoint = value
-	case "OIDCTokenEndpoint":
-		common.OIDCTokenEndpoint = value
-	case "OIDCUserInfoEndpoint":
-		common.OIDCUserInfoEndpoint = value
 	case "LinuxDOClientId":
 		common.LinuxDOClientId = value
 	case "LinuxDOClientSecret":

setting/system_setting/oidc.go

@@ -0,0 +1,25 @@
+package system_setting
+
+import "one-api/setting/config"
+
+type OIDCSettings struct {
+	Enabled               bool   `json:"enabled"`
+	ClientId              string `json:"client_id"`
+	ClientSecret          string `json:"client_secret"`
+	WellKnown             string `json:"well_known"`
+	AuthorizationEndpoint string `json:"authorization_endpoint"`
+	TokenEndpoint         string `json:"token_endpoint"`
+	UserInfoEndpoint      string `json:"user_info_endpoint"`
+}
+
+// 默认配置
+var defaultOIDCSettings = OIDCSettings{}
+
+func init() {
+	// 注册到全局配置管理器
+	config.GlobalConfig.Register("oidc", &defaultOIDCSettings)
+}
+
+func GetOIDCSettings() *OIDCSettings {
+	return &defaultOIDCSettings
+}

web/src/components/SystemSetting.js

@@ -20,13 +20,13 @@ const SystemSetting = () => {
     GitHubOAuthEnabled: '',
     GitHubClientId: '',
     GitHubClientSecret: '',
-    OIDCEnabled: '',
-    OIDCClientId: '',
-    OIDCClientSecret: '',
-    OIDCWellKnown: '',
-    OIDCAuthorizationEndpoint: '',
-    OIDCTokenEndpoint: '',
-    OIDCUserInfoEndpoint: '',
+    'oidc.enabled': '',
+    'oidc.client_id': '',
+    'oidc.client_secret': '',
+    'oidc.well_known': '',
+    'oidc.authorization_endpoint': '',
+    'oidc.token_endpoint': '',
+    'oidc.user_info_endpoint': '',
     Notice: '',
     SMTPServer: '',
     SMTPPort: '',
@@ -113,7 +113,7 @@ const SystemSetting = () => {
       case 'PasswordRegisterEnabled':
       case 'EmailVerificationEnabled':
       case 'GitHubOAuthEnabled':
-      case 'OIDCEnabled':
+      case 'oidc.enabled':
       case 'LinuxDOOAuthEnabled':
       case 'WeChatAuthEnabled':
       case 'TelegramOAuthEnabled':
@@ -167,12 +167,12 @@ const SystemSetting = () => {
       name === 'PayAddress' ||
       name === 'GitHubClientId' ||
       name === 'GitHubClientSecret' ||
-      name === 'OIDCWellKnown' ||
-      name === 'OIDCClientId' ||
-      name === 'OIDCClientSecret' ||
-      name === 'OIDCAuthorizationEndpoint' ||
-      name === 'OIDCTokenEndpoint' ||
-      name === 'OIDCUserInfoEndpoint' ||
+      name === 'oidc.well_known' ||
+      name === 'oidc.client_id' ||
+      name === 'oidc.client_secret' ||
+      name === 'oidc.authorization_endpoint' ||
+      name === 'oidc.token_endpoint' ||
+      name === 'oidc.user_info_endpoint' ||
       name === 'WeChatServerAddress' ||
       name === 'WeChatServerToken' ||
       name === 'WeChatAccountQRCodeImageURL' ||
@@ -301,39 +301,39 @@ const SystemSetting = () => {
   };
 
   const submitOIDCSettings = async () => {
-    if (inputs.OIDCWellKnown !== '') {
-      if (!inputs.OIDCWellKnown.startsWith('http://') && !inputs.OIDCWellKnown.startsWith('https://')) {
+    if (inputs['oidc.well_known'] !== '') {
+      if (!inputs['oidc.well_known'].startsWith('http://') && !inputs['oidc.well_known'].startsWith('https://')) {
         showError('Well-Known URL 必须以 http:// 或 https:// 开头');
         return;
       }
       try {
-        const res = await API.get(inputs.OIDCWellKnown);
-        inputs.OIDCAuthorizationEndpoint = res.data['authorization_endpoint'];
-        inputs.OIDCTokenEndpoint = res.data['token_endpoint'];
-        inputs.OIDCUserInfoEndpoint = res.data['userinfo_endpoint'];
+        const res = await API.get(inputs['oidc.well_known']);
+        inputs['oidc.authorization_endpoint'] = res.data['authorization_endpoint'];
+        inputs['oidc.token_endpoint'] = res.data['token_endpoint'];
+        inputs['oidc.user_info_endpoint'] = res.data['userinfo_endpoint'];
         showSuccess('获取 OIDC 配置成功！');
       } catch (err) {
         showError("获取 OIDC 配置失败，请检查网络状况和 Well-Known URL 是否正确");
       }
     }
 
-    if (originInputs['OIDCWellKnown'] !== inputs.OIDCWellKnown) {
-      await updateOption('OIDCWellKnown', inputs.OIDCWellKnown);
+    if (originInputs['oidc.well_known'] !== inputs['oidc.well_known']) {
+      await updateOption('oidc.well_known', inputs['oidc.well_known']);
     }
-    if (originInputs['OIDCClientId'] !== inputs.OIDCClientId) {
-      await updateOption('OIDCClientId', inputs.OIDCClientId);
+    if (originInputs['oidc.client_id'] !== inputs['oidc.client_id']) {
+      await updateOption('oidc.client_id', inputs['oidc.client_id']);
     }
-    if (originInputs['OIDCClientSecret'] !== inputs.OIDCClientSecret && inputs.OIDCClientSecret !== '') {
-      await updateOption('OIDCClientSecret', inputs.OIDCClientSecret);
+    if (originInputs['oidc.client_secret'] !== inputs['oidc.client_secret'] && inputs['oidc.client_secret'] !== '') {
+      await updateOption('oidc.client_secret', inputs['oidc.client_secret']);
     }
-    if (originInputs['OIDCAuthorizationEndpoint'] !== inputs.OIDCAuthorizationEndpoint) {
-      await updateOption('OIDCAuthorizationEndpoint', inputs.OIDCAuthorizationEndpoint);
+    if (originInputs['oidc.authorization_endpoint'] !== inputs['oidc.authorization_endpoint']) {
+      await updateOption('oidc.authorization_endpoint', inputs['oidc.authorization_endpoint']);
     }
-    if (originInputs['OIDCTokenEndpoint'] !== inputs.OIDCTokenEndpoint) {
-      await updateOption('OIDCTokenEndpoint', inputs.OIDCTokenEndpoint);
+    if (originInputs['oidc.token_endpoint'] !== inputs['oidc.token_endpoint']) {
+      await updateOption('oidc.token_endpoint', inputs['oidc.token_endpoint']);
     }
-    if (originInputs['OIDCUserInfoEndpoint'] !== inputs.OIDCUserInfoEndpoint) {
-      await updateOption('OIDCUserInfoEndpoint', inputs.OIDCUserInfoEndpoint);
+    if (originInputs['oidc.user_info_endpoint'] !== inputs['oidc.user_info_endpoint']) {
+      await updateOption('oidc.user_info_endpoint', inputs['oidc.user_info_endpoint']);
     }
   }
 
@@ -570,9 +570,9 @@ const SystemSetting = () => {
               onChange={handleInputChange}
             />
             <Form.Checkbox
-                checked={inputs.OIDCEnabled === 'true'}
+                checked={inputs['oidc.enabled'] === 'true'}
                 label='允许通过 OIDC 登录 & 注册'
-                name='OIDCEnabled'
+                name='oidc.enabled'
                 onChange={handleInputChange}
             />
             <Form.Checkbox
@@ -938,45 +938,45 @@ const SystemSetting = () => {
           <Form.Group widths={3}>
             <Form.Input
                 label='Client ID'
-                name='OIDCClientId'
+                name='oidc.client_id'
                 onChange={handleInputChange}
-                value={inputs.OIDCClientId}
+                value={inputs['oidc.client_id']}
                 placeholder='输入 OIDC 的 Client ID'
             />
             <Form.Input
                 label='Client Secret'
-                name='OIDCClientSecret'
+                name='oidc.client_secret'
                 onChange={handleInputChange}
                 type='password'
-                value={inputs.OIDCClientSecret}
+                value={inputs['oidc.client_secret']}
                 placeholder='敏感信息不会发送到前端显示'
             />
             <Form.Input
                 label='Well-Known URL'
-                name='OIDCWellKnown'
+                name='oidc.well_known'
                 onChange={handleInputChange}
-                value={inputs.OIDCWellKnown}
+                value={inputs['oidc.well_known']}
                 placeholder='请输入 OIDC 的 Well-Known URL'
             />
             <Form.Input
                 label='Authorization Endpoint'
-                name='OIDCAuthorizationEndpoint'
+                name='oidc.authorization_endpoint'
                 onChange={handleInputChange}
-                value={inputs.OIDCAuthorizationEndpoint}
+                value={inputs['oidc.authorization_endpoint']}
                 placeholder='输入 OIDC 的 Authorization Endpoint'
             />
             <Form.Input
                 label='Token Endpoint'
-                name='OIDCTokenEndpoint'
+                name='oidc.token_endpoint'
                 onChange={handleInputChange}
-                value={inputs.OIDCTokenEndpoint}
+                value={inputs['oidc.token_endpoint']}
                 placeholder='输入 OIDC 的 Token Endpoint'
             />
             <Form.Input
                 label='Userinfo Endpoint'
-                name='OIDCUserInfoEndpoint'
+                name='oidc.user_info_endpoint'
                 onChange={handleInputChange}
-                value={inputs.OIDCUserInfoEndpoint}
+                value={inputs['oidc.user_info_endpoint']}
                 placeholder='输入 OIDC 的 Userinfo Endpoint'
             />
           </Form.Group>