fix: add admin social login
This commit is contained in:
237899745
@@ -259,8 +259,7 @@ def register():
|
||||
social_uid = str(pending.get("social_uid") or "").strip()
|
||||
enabled_providers = parse_providers((database.get_system_config() or {}).get("social_login_providers"))
|
||||
existing_identity = database.find_social_login_binding(provider, social_uid)
|
||||
existing_admin_identity = database.find_admin_social_login_binding_by_identity(provider, social_uid)
|
||||
if provider in enabled_providers and social_uid and not existing_identity and not existing_admin_identity:
|
||||
if provider in enabled_providers and social_uid and not existing_identity:
|
||||
binding = database.upsert_social_login_binding(
|
||||
user_id=user_id,
|
||||
provider=provider,
|
||||
|
||||
@@ -3,10 +3,13 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from datetime import timedelta
|
||||
from io import BytesIO
|
||||
import time
|
||||
import database
|
||||
from app_config import get_config
|
||||
from app_logger import get_logger
|
||||
from db.utils import get_cst_now, get_cst_now_str
|
||||
from flask import Blueprint, jsonify, request, session
|
||||
from flask import Blueprint, jsonify, request, send_file, session
|
||||
from flask_login import current_user, login_required, login_user
|
||||
from services.accounts_service import load_user_accounts
|
||||
from services.models import User
|
||||
@@ -70,6 +73,20 @@ def _login_user_id(user_id: int) -> None:
|
||||
load_user_accounts(user_id)
|
||||
|
||||
|
||||
def _login_admin_id(admin_id: int) -> dict | None:
|
||||
admin = database.get_admin_by_id(int(admin_id))
|
||||
if not admin:
|
||||
return None
|
||||
session.pop("admin_id", None)
|
||||
session.pop("admin_username", None)
|
||||
session["admin_id"] = admin["id"]
|
||||
session["admin_username"] = admin["username"]
|
||||
session["admin_reauth_until"] = time.time() + int(get_config().ADMIN_REAUTH_WINDOW_SECONDS)
|
||||
session.permanent = True
|
||||
session.modified = True
|
||||
return admin
|
||||
|
||||
|
||||
def _binding_row(provider: str, binding: dict | None) -> dict:
|
||||
return {
|
||||
"provider": provider,
|
||||
@@ -147,9 +164,6 @@ def social_callback():
|
||||
return _social_error(error)
|
||||
|
||||
binding = database.find_social_login_binding(profile.provider, profile.social_uid)
|
||||
admin_binding = database.find_admin_social_login_binding_by_identity(profile.provider, profile.social_uid)
|
||||
if admin_binding:
|
||||
return jsonify({"error": "该第三方账号已绑定管理员账号"}), 409
|
||||
|
||||
if binding:
|
||||
if mode == "bind":
|
||||
@@ -220,9 +234,6 @@ def bind_social_account():
|
||||
existing_identity = database.find_social_login_binding(provider, social_uid)
|
||||
if existing_identity and int(existing_identity.get("user_id") or 0) != int(current_user.id):
|
||||
return jsonify({"error": "该第三方账号已绑定其他用户"}), 409
|
||||
existing_admin_identity = database.find_admin_social_login_binding_by_identity(provider, social_uid)
|
||||
if existing_admin_identity:
|
||||
return jsonify({"error": "该第三方账号已绑定管理员账号"}), 409
|
||||
|
||||
existing_provider = database.find_user_social_login_binding(int(current_user.id), provider)
|
||||
if existing_provider and str(existing_provider.get("social_uid") or "") != social_uid:
|
||||
@@ -261,6 +272,98 @@ def admin_social_config():
|
||||
return protected()
|
||||
|
||||
|
||||
@api_social_bp.route("/yuyx/api/admin-auth/social/login-url", methods=["POST"])
|
||||
def admin_auth_social_login_url():
|
||||
data = _get_json_payload()
|
||||
provider = str(data.get("provider") or "").strip().lower()
|
||||
redirect_uri = str(data.get("redirect_uri") or "").strip()
|
||||
try:
|
||||
result = fetch_social_login_url(
|
||||
database.get_system_config(),
|
||||
provider=provider,
|
||||
mode="login",
|
||||
redirect_uri=redirect_uri,
|
||||
allowed_hosts=_allowed_redirect_hosts(),
|
||||
)
|
||||
except SocialLoginError as error:
|
||||
logger.warning(f"[admin-auth/social/login-url] provider={provider or '-'} failed: {error.message}")
|
||||
return _social_error(error)
|
||||
return jsonify(result)
|
||||
|
||||
|
||||
@api_social_bp.route("/yuyx/api/admin-auth/social/poll", methods=["POST"])
|
||||
def admin_auth_social_poll():
|
||||
data = _get_json_payload()
|
||||
provider = str(data.get("provider") or "").strip().lower()
|
||||
state = str(data.get("state") or "").strip()
|
||||
try:
|
||||
result = poll_social_scan(database.get_system_config(), provider=provider, state=state)
|
||||
except SocialLoginError as error:
|
||||
logger.warning(f"[admin-auth/social/poll] provider={provider or '-'} failed: {error.message}")
|
||||
return _social_error(error)
|
||||
return jsonify(result)
|
||||
|
||||
|
||||
@api_social_bp.route("/yuyx/api/admin-auth/social/callback", methods=["POST"])
|
||||
def admin_auth_social_callback():
|
||||
data = _get_json_payload()
|
||||
provider = str(data.get("provider") or data.get("type") or "").strip().lower()
|
||||
code = str(data.get("code") or "").strip()
|
||||
|
||||
try:
|
||||
profile = fetch_space_profile(database.get_system_config(), provider=provider, code=code)
|
||||
except SocialLoginError as error:
|
||||
logger.warning(f"[admin-auth/social/callback] provider={provider or '-'} failed: {error.message}")
|
||||
return _social_error(error)
|
||||
|
||||
binding = database.find_admin_social_login_binding_by_identity(profile.provider, profile.social_uid)
|
||||
if not binding:
|
||||
return jsonify({"error": "该第三方账号未绑定管理员,请先使用账号密码登录后在设置中绑定"}), 404
|
||||
|
||||
admin = _login_admin_id(int(binding.get("admin_id") or 0))
|
||||
if not admin:
|
||||
return jsonify({"error": "绑定管理员账号不存在"}), 401
|
||||
|
||||
database.update_admin_social_login_binding_profile(
|
||||
int(binding["id"]),
|
||||
nickname=profile.nickname,
|
||||
avatar_url=profile.avatar_url,
|
||||
)
|
||||
logger.info(f"[admin-auth/social/login] admin_id={admin['id']} provider={profile.provider}")
|
||||
return jsonify(
|
||||
{
|
||||
"success": True,
|
||||
"redirect": "/yuyx/admin",
|
||||
"provider": profile.provider,
|
||||
"provider_label": provider_label(profile.provider),
|
||||
"username": admin.get("username") or "",
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
@api_social_bp.route("/yuyx/api/admin-auth/social/qr", methods=["GET"])
|
||||
def admin_auth_social_qr():
|
||||
value = str(request.args.get("data") or "").strip()
|
||||
if not value:
|
||||
return jsonify({"error": "缺少二维码内容"}), 400
|
||||
if len(value) > 2048:
|
||||
return jsonify({"error": "二维码内容过长"}), 400
|
||||
|
||||
try:
|
||||
import qrcode
|
||||
except ImportError:
|
||||
logger.error("[admin-auth/social/qr] qrcode package is not installed")
|
||||
return jsonify({"error": "二维码组件未安装"}), 500
|
||||
|
||||
image = qrcode.make(value)
|
||||
buffer = BytesIO()
|
||||
image.save(buffer, format="PNG")
|
||||
buffer.seek(0)
|
||||
response = send_file(buffer, mimetype="image/png", max_age=0)
|
||||
response.headers["Cache-Control"] = "no-store"
|
||||
return response
|
||||
|
||||
|
||||
@api_social_bp.route("/yuyx/api/admin/social-bindings", methods=["GET"])
|
||||
def list_admin_social_bindings():
|
||||
from routes.decorators import admin_required
|
||||
@@ -347,10 +450,6 @@ def bind_admin_social_callback(provider):
|
||||
logger.warning(f"[admin/social/callback] provider={provider_value or '-'} failed: {error.message}")
|
||||
return _social_error(error)
|
||||
|
||||
user_identity = database.find_social_login_binding(profile.provider, profile.social_uid)
|
||||
if user_identity:
|
||||
return jsonify({"error": "该第三方账号已绑定普通用户"}), 409
|
||||
|
||||
existing_identity = database.find_admin_social_login_binding_by_identity(profile.provider, profile.social_uid)
|
||||
if existing_identity and int(existing_identity.get("admin_id") or 0) != admin_id:
|
||||
return jsonify({"error": "该第三方账号已绑定其他管理员"}), 409
|
||||
|
||||
Reference in New Issue
Block a user