From 66682584a5df1844391b4e6e7a5d478acfee5aa0 Mon Sep 17 00:00:00 2001
From: "1808837298@qq.com" <1808837298@qq.com>
Date: Tue, 11 Mar 2025 22:00:31 +0800
Subject: [PATCH] refactor: Migrate OIDC configuration to system settings
---
common/constants.go | 9 ---
controller/misc.go | 7 ++-
controller/oidc.go | 13 ++--
controller/option.go | 5 +-
model/option.go | 15 -----
setting/system_setting/oidc.go | 25 ++++++++
web/src/components/SystemSetting.js | 92 ++++++++++++++---------------
7 files changed, 85 insertions(+), 81 deletions(-)
create mode 100644 setting/system_setting/oidc.go
diff --git a/common/constants.go b/common/constants.go
index 8b6cafa1..48b5db3f 100644
--- a/common/constants.go
+++ b/common/constants.go
@@ -43,7 +43,6 @@ var PasswordLoginEnabled = true
var PasswordRegisterEnabled = true
var EmailVerificationEnabled = false
var GitHubOAuthEnabled = false
-var OIDCEnabled = false
var LinuxDOOAuthEnabled = false
var WeChatAuthEnabled = false
var TelegramOAuthEnabled = false
@@ -78,14 +77,6 @@ var SMTPToken = ""
var GitHubClientId = ""
var GitHubClientSecret = ""
-
-var OIDCClientId = ""
-var OIDCClientSecret = ""
-var OIDCWellKnown = ""
-var OIDCAuthorizationEndpoint = ""
-var OIDCTokenEndpoint = ""
-var OIDCUserInfoEndpoint = ""
-
var LinuxDOClientId = ""
var LinuxDOClientSecret = ""
diff --git a/controller/misc.go b/controller/misc.go
index 05819977..aff33a31 100644
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -8,6 +8,7 @@ import (
"one-api/model"
"one-api/setting"
"one-api/setting/operation_setting"
+ "one-api/setting/system_setting"
"strings"
"github.com/gin-gonic/gin"
@@ -68,9 +69,9 @@ func GetStatus(c *gin.Context) {
"chats": setting.Chats,
"demo_site_enabled": operation_setting.DemoSiteEnabled,
"self_use_mode_enabled": operation_setting.SelfUseModeEnabled,
- "oidc": common.OIDCEnabled,
- "oidc_client_id": common.OIDCClientId,
- "oidc_authorization_endpoint": common.OIDCAuthorizationEndpoint,
+ "oidc_enabled": system_setting.GetOIDCSettings().Enabled,
+ "oidc_client_id": system_setting.GetOIDCSettings().ClientId,
+ "oidc_authorization_endpoint": system_setting.GetOIDCSettings().AuthorizationEndpoint,
},
})
return
diff --git a/controller/oidc.go b/controller/oidc.go
index 6b8fd8c3..440e0964 100644
--- a/controller/oidc.go
+++ b/controller/oidc.go
@@ -9,6 +9,7 @@ import (
"one-api/common"
"one-api/model"
"one-api/setting"
+ "one-api/setting/system_setting"
"strconv"
"strings"
"time"
@@ -40,13 +41,13 @@ func getOidcUserInfoByCode(code string) (*OidcUser, error) {
}
values := url.Values{}
- values.Set("client_id", common.OIDCClientId)
- values.Set("client_secret", common.OIDCClientSecret)
+ values.Set("client_id", system_setting.GetOIDCSettings().ClientId)
+ values.Set("client_secret", system_setting.GetOIDCSettings().ClientSecret)
values.Set("code", code)
values.Set("grant_type", "authorization_code")
values.Set("redirect_uri", fmt.Sprintf("%s/oauth/oidc", setting.ServerAddress))
formData := values.Encode()
- req, err := http.NewRequest("POST", common.OIDCTokenEndpoint, strings.NewReader(formData))
+ req, err := http.NewRequest("POST", system_setting.GetOIDCSettings().TokenEndpoint, strings.NewReader(formData))
if err != nil {
return nil, err
}
@@ -72,7 +73,7 @@ func getOidcUserInfoByCode(code string) (*OidcUser, error) {
return nil, errors.New("OIDC 获取 Token 失败,请检查设置!")
}
- req, err = http.NewRequest("GET", common.OIDCUserInfoEndpoint, nil)
+ req, err = http.NewRequest("GET", system_setting.GetOIDCSettings().UserInfoEndpoint, nil)
if err != nil {
return nil, err
}
@@ -115,7 +116,7 @@ func OidcAuth(c *gin.Context) {
OidcBind(c)
return
}
- if !common.OIDCEnabled {
+ if !system_setting.GetOIDCSettings().Enabled {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": "管理员未开启通过 OIDC 登录以及注册",
@@ -184,7 +185,7 @@ func OidcAuth(c *gin.Context) {
}
func OidcBind(c *gin.Context) {
- if !common.OIDCEnabled {
+ if !system_setting.GetOIDCSettings().Enabled {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": "管理员未开启通过 OIDC 登录以及注册",
diff --git a/controller/option.go b/controller/option.go
index c7fbdb51..f1e28e0c 100644
--- a/controller/option.go
+++ b/controller/option.go
@@ -6,6 +6,7 @@ import (
"one-api/common"
"one-api/model"
"one-api/setting"
+ "one-api/setting/system_setting"
"strings"
"github.com/gin-gonic/gin"
@@ -51,8 +52,8 @@ func UpdateOption(c *gin.Context) {
})
return
}
- case "OIDCEnabled":
- if option.Value == "true" && common.OIDCClientId == "" {
+ case "oidc.enabled":
+ if option.Value == "true" && system_setting.GetOIDCSettings().Enabled {
c.JSON(http.StatusOK, gin.H{
"success": false,
"message": "无法启用 OIDC 登录,请先填入 OIDC Client Id 以及 OIDC Client Secret!",
diff --git a/model/option.go b/model/option.go
index d23f213b..640e96ac 100644
--- a/model/option.go
+++ b/model/option.go
@@ -35,7 +35,6 @@ func InitOptionMap() {
common.OptionMap["PasswordRegisterEnabled"] = strconv.FormatBool(common.PasswordRegisterEnabled)
common.OptionMap["EmailVerificationEnabled"] = strconv.FormatBool(common.EmailVerificationEnabled)
common.OptionMap["GitHubOAuthEnabled"] = strconv.FormatBool(common.GitHubOAuthEnabled)
- common.OptionMap["OIDCEnabled"] = strconv.FormatBool(common.OIDCEnabled)
common.OptionMap["LinuxDOOAuthEnabled"] = strconv.FormatBool(common.LinuxDOOAuthEnabled)
common.OptionMap["TelegramOAuthEnabled"] = strconv.FormatBool(common.TelegramOAuthEnabled)
common.OptionMap["WeChatAuthEnabled"] = strconv.FormatBool(common.WeChatAuthEnabled)
@@ -207,8 +206,6 @@ func updateOptionMap(key string, value string) (err error) {
common.EmailVerificationEnabled = boolValue
case "GitHubOAuthEnabled":
common.GitHubOAuthEnabled = boolValue
- case "OIDCEnabled":
- common.OIDCEnabled = boolValue
case "LinuxDOOAuthEnabled":
common.LinuxDOOAuthEnabled = boolValue
case "WeChatAuthEnabled":
@@ -307,18 +304,6 @@ func updateOptionMap(key string, value string) (err error) {
common.GitHubClientId = value
case "GitHubClientSecret":
common.GitHubClientSecret = value
- case "OIDCClientId":
- common.OIDCClientId = value
- case "OIDCClientSecret":
- common.OIDCClientSecret = value
- case "OIDCWellKnown":
- common.OIDCWellKnown = value
- case "OIDCAuthorizationEndpoint":
- common.OIDCAuthorizationEndpoint = value
- case "OIDCTokenEndpoint":
- common.OIDCTokenEndpoint = value
- case "OIDCUserInfoEndpoint":
- common.OIDCUserInfoEndpoint = value
case "LinuxDOClientId":
common.LinuxDOClientId = value
case "LinuxDOClientSecret":
diff --git a/setting/system_setting/oidc.go b/setting/system_setting/oidc.go
new file mode 100644
index 00000000..aed52ae0
--- /dev/null
+++ b/setting/system_setting/oidc.go
@@ -0,0 +1,25 @@
+package system_setting
+
+import "one-api/setting/config"
+
+type OIDCSettings struct {
+ Enabled bool `json:"enabled"`
+ ClientId string `json:"client_id"`
+ ClientSecret string `json:"client_secret"`
+ WellKnown string `json:"well_known"`
+ AuthorizationEndpoint string `json:"authorization_endpoint"`
+ TokenEndpoint string `json:"token_endpoint"`
+ UserInfoEndpoint string `json:"user_info_endpoint"`
+}
+
+// 默认配置
+var defaultOIDCSettings = OIDCSettings{}
+
+func init() {
+ // 注册到全局配置管理器
+ config.GlobalConfig.Register("oidc", &defaultOIDCSettings)
+}
+
+func GetOIDCSettings() *OIDCSettings {
+ return &defaultOIDCSettings
+}
diff --git a/web/src/components/SystemSetting.js b/web/src/components/SystemSetting.js
index 4a523e0b..cffa17e8 100644
--- a/web/src/components/SystemSetting.js
+++ b/web/src/components/SystemSetting.js
@@ -20,13 +20,13 @@ const SystemSetting = () => {
GitHubOAuthEnabled: '',
GitHubClientId: '',
GitHubClientSecret: '',
- OIDCEnabled: '',
- OIDCClientId: '',
- OIDCClientSecret: '',
- OIDCWellKnown: '',
- OIDCAuthorizationEndpoint: '',
- OIDCTokenEndpoint: '',
- OIDCUserInfoEndpoint: '',
+ 'oidc.enabled': '',
+ 'oidc.client_id': '',
+ 'oidc.client_secret': '',
+ 'oidc.well_known': '',
+ 'oidc.authorization_endpoint': '',
+ 'oidc.token_endpoint': '',
+ 'oidc.user_info_endpoint': '',
Notice: '',
SMTPServer: '',
SMTPPort: '',
@@ -113,7 +113,7 @@ const SystemSetting = () => {
case 'PasswordRegisterEnabled':
case 'EmailVerificationEnabled':
case 'GitHubOAuthEnabled':
- case 'OIDCEnabled':
+ case 'oidc.enabled':
case 'LinuxDOOAuthEnabled':
case 'WeChatAuthEnabled':
case 'TelegramOAuthEnabled':
@@ -167,12 +167,12 @@ const SystemSetting = () => {
name === 'PayAddress' ||
name === 'GitHubClientId' ||
name === 'GitHubClientSecret' ||
- name === 'OIDCWellKnown' ||
- name === 'OIDCClientId' ||
- name === 'OIDCClientSecret' ||
- name === 'OIDCAuthorizationEndpoint' ||
- name === 'OIDCTokenEndpoint' ||
- name === 'OIDCUserInfoEndpoint' ||
+ name === 'oidc.well_known' ||
+ name === 'oidc.client_id' ||
+ name === 'oidc.client_secret' ||
+ name === 'oidc.authorization_endpoint' ||
+ name === 'oidc.token_endpoint' ||
+ name === 'oidc.user_info_endpoint' ||
name === 'WeChatServerAddress' ||
name === 'WeChatServerToken' ||
name === 'WeChatAccountQRCodeImageURL' ||
@@ -301,39 +301,39 @@ const SystemSetting = () => {
};
const submitOIDCSettings = async () => {
- if (inputs.OIDCWellKnown !== '') {
- if (!inputs.OIDCWellKnown.startsWith('http://') && !inputs.OIDCWellKnown.startsWith('https://')) {
+ if (inputs['oidc.well_known'] !== '') {
+ if (!inputs['oidc.well_known'].startsWith('http://') && !inputs['oidc.well_known'].startsWith('https://')) {
showError('Well-Known URL 必须以 http:// 或 https:// 开头');
return;
}
try {
- const res = await API.get(inputs.OIDCWellKnown);
- inputs.OIDCAuthorizationEndpoint = res.data['authorization_endpoint'];
- inputs.OIDCTokenEndpoint = res.data['token_endpoint'];
- inputs.OIDCUserInfoEndpoint = res.data['userinfo_endpoint'];
+ const res = await API.get(inputs['oidc.well_known']);
+ inputs['oidc.authorization_endpoint'] = res.data['authorization_endpoint'];
+ inputs['oidc.token_endpoint'] = res.data['token_endpoint'];
+ inputs['oidc.user_info_endpoint'] = res.data['userinfo_endpoint'];
showSuccess('获取 OIDC 配置成功!');
} catch (err) {
showError("获取 OIDC 配置失败,请检查网络状况和 Well-Known URL 是否正确");
}
}
- if (originInputs['OIDCWellKnown'] !== inputs.OIDCWellKnown) {
- await updateOption('OIDCWellKnown', inputs.OIDCWellKnown);
+ if (originInputs['oidc.well_known'] !== inputs['oidc.well_known']) {
+ await updateOption('oidc.well_known', inputs['oidc.well_known']);
}
- if (originInputs['OIDCClientId'] !== inputs.OIDCClientId) {
- await updateOption('OIDCClientId', inputs.OIDCClientId);
+ if (originInputs['oidc.client_id'] !== inputs['oidc.client_id']) {
+ await updateOption('oidc.client_id', inputs['oidc.client_id']);
}
- if (originInputs['OIDCClientSecret'] !== inputs.OIDCClientSecret && inputs.OIDCClientSecret !== '') {
- await updateOption('OIDCClientSecret', inputs.OIDCClientSecret);
+ if (originInputs['oidc.client_secret'] !== inputs['oidc.client_secret'] && inputs['oidc.client_secret'] !== '') {
+ await updateOption('oidc.client_secret', inputs['oidc.client_secret']);
}
- if (originInputs['OIDCAuthorizationEndpoint'] !== inputs.OIDCAuthorizationEndpoint) {
- await updateOption('OIDCAuthorizationEndpoint', inputs.OIDCAuthorizationEndpoint);
+ if (originInputs['oidc.authorization_endpoint'] !== inputs['oidc.authorization_endpoint']) {
+ await updateOption('oidc.authorization_endpoint', inputs['oidc.authorization_endpoint']);
}
- if (originInputs['OIDCTokenEndpoint'] !== inputs.OIDCTokenEndpoint) {
- await updateOption('OIDCTokenEndpoint', inputs.OIDCTokenEndpoint);
+ if (originInputs['oidc.token_endpoint'] !== inputs['oidc.token_endpoint']) {
+ await updateOption('oidc.token_endpoint', inputs['oidc.token_endpoint']);
}
- if (originInputs['OIDCUserInfoEndpoint'] !== inputs.OIDCUserInfoEndpoint) {
- await updateOption('OIDCUserInfoEndpoint', inputs.OIDCUserInfoEndpoint);
+ if (originInputs['oidc.user_info_endpoint'] !== inputs['oidc.user_info_endpoint']) {
+ await updateOption('oidc.user_info_endpoint', inputs['oidc.user_info_endpoint']);
}
}
@@ -570,9 +570,9 @@ const SystemSetting = () => {
onChange={handleInputChange}
/>
{