feat: add Space aggregate login

2026-05-27 20:39:46 +08:00
parent e725db79a9
commit 056948612a
136 changed files with 2405 additions and 322 deletions
--- a/routes/api_auth.py
+++ b/routes/api_auth.py
@@ -30,6 +30,7 @@ from services.passkeys import (
    normalize_device_name,
    verify_authentication,
 )
+from services.social_login import parse_providers, provider_label
 from services.state import (
    check_ip_request_rate,
    check_email_rate_limit,
@@ -228,6 +229,7 @@ def register():
    email = data.get("email", "").strip().lower()
    captcha_session = data.get("captcha_session", "")
    captcha_code = data.get("captcha", "").strip()
+    social_bind_token = str(data.get("social_bind_token") or "").strip()

    if not username or not password:
        return jsonify({"error": "用户名和密码不能为空"}), 400
@@ -273,6 +275,26 @@ def register():

    user_id = database.create_user(username, password, email)
    if user_id:
+        social_bind_message = ""
+        if social_bind_token:
+            pending = database.get_social_pending_bind(social_bind_token)
+            if pending:
+                provider = str(pending.get("provider") or "").strip().lower()
+                social_uid = str(pending.get("social_uid") or "").strip()
+                enabled_providers = parse_providers((database.get_system_config() or {}).get("social_login_providers"))
+                existing_identity = database.find_social_login_binding(provider, social_uid)
+                if provider in enabled_providers and social_uid and not existing_identity:
+                    binding = database.upsert_social_login_binding(
+                        user_id=user_id,
+                        provider=provider,
+                        social_uid=social_uid,
+                        nickname=pending.get("nickname") or "",
+                        avatar_url=pending.get("avatar_url") or "",
+                    )
+                    if binding:
+                        database.delete_social_pending_bind(social_bind_token)
+                        social_bind_message = f"，已绑定{provider_label(provider)}"
+
        if auto_approve_enabled:
            if auto_approve_vip_days > 0:
                database.set_user_vip(user_id, auto_approve_vip_days)
@@ -281,7 +303,7 @@ def register():
            result = email_service.send_register_verification_email(email=email, username=username, user_id=user_id)
            if result["success"]:
                message = _with_vip_suffix(
-                    "注册成功！验证邮件已发送（可直接登录，建议完成邮箱验证）",
+                    f"注册成功！验证邮件已发送（可直接登录，建议完成邮箱验证）{social_bind_message}",
                    auto_approve_enabled,
                    auto_approve_vip_days,
                )
@@ -289,13 +311,15 @@ def register():

            logger.error(f"注册验证邮件发送失败: {result['error']}")
            message = _with_vip_suffix(
-                f"注册成功，但验证邮件发送失败({result['error']})。你仍可直接登录",
+                f"注册成功，但验证邮件发送失败({result['error']})。你仍可直接登录{social_bind_message}",
                auto_approve_enabled,
                auto_approve_vip_days,
            )
            return jsonify({"success": True, "message": message, "need_verify": True})

        message = _with_vip_suffix("注册成功！可直接登录", auto_approve_enabled, auto_approve_vip_days)
+        if social_bind_message:
+            message = f"{message}{social_bind_message}"
        return jsonify({"success": True, "message": message})
    return jsonify({"error": "用户名已存在"}), 400