feat: integrate alist with casdoor (#1453)

* feat: integrate alist with casdoor

* fix: casdoor as an option for login

Co-authored-by: wenxuan70 <t736660416@gmail.com>

server/common/check.go

@@ -4,14 +4,9 @@ import (
 	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/model"
 	"github.com/Xhofe/alist/utils"
-	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
 )
 
-func Login(c *gin.Context) {
-	SuccessResp(c)
-}
-
 func CheckParent(path string, password string) bool {
 	meta, err := model.GetMetaByPath(path)
 	if err == nil {

server/controllers/auth.go

@@ -0,0 +1,69 @@
+package controllers
+
+import (
+	"fmt"
+	"github.com/Xhofe/alist/conf"
+	"github.com/Xhofe/alist/server/common"
+	"github.com/Xhofe/alist/utils"
+	"github.com/casdoor/casdoor-go-sdk/casdoorsdk"
+	"github.com/gin-gonic/gin"
+	"net/http"
+)
+
+type OAuthReq struct {
+	Code  string `json:"code"`
+	State string `json:"state"`
+}
+
+func Verify(c *gin.Context) {
+	token := c.GetHeader("Authorization")
+	if token != conf.Token {
+		common.ErrorStrResp(c, "Invalid token", 401)
+		return
+	}
+	common.SuccessResp(c)
+}
+func GetRedirectUrl(c *gin.Context) {
+	if !conf.GetBool("Enable Casdoor") {
+		common.ErrorStrResp(c, "Casdoor is not enabled", 1001)
+		return
+	}
+	redirectUri := generateRedirectUri(c.Request)
+	common.SuccessResp(c, utils.GetSignInUrl(redirectUri))
+}
+
+func generateRedirectUri(r *http.Request) string {
+	protocol := "http"
+	host := r.Host
+	if r.TLS != nil {
+		protocol = "https"
+	}
+	return fmt.Sprintf("%s://%s/@manage", protocol, host)
+}
+
+func OAuth(c *gin.Context) {
+	var req OAuthReq
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 401)
+		return
+	}
+
+	if req.Code == "" || req.State == "" {
+		common.ErrorStrResp(c, "Invalid code or state", 400)
+		return
+	}
+
+	token, err := casdoorsdk.GetOAuthToken(req.Code, req.State)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		return
+	}
+
+	_, err = casdoorsdk.ParseJwtToken(token.AccessToken)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		return
+	}
+
+	common.SuccessResp(c, conf.Token)
+}

server/middlewares/auth.go

@@ -8,16 +8,6 @@ import (
 
 func Auth(c *gin.Context) {
 	token := c.GetHeader("Authorization")
-	//password, err := model.GetSettingByKey("password")
-	//if err != nil {
-	//	if err == gorm.ErrRecordNotFound {
-	//		common.ErrorResp(c, fmt.Errorf("password not set"), 400)
-	//		return
-	//	}
-	//	common.ErrorResp(c, err, 500)
-	//	return
-	//}
-	//if token != utils.GetMD5Encode(password.Value) {
 	if token != conf.Token {
 		common.ErrorStrResp(c, "Invalid token", 401)
 		return

server/router.go

@@ -1,7 +1,6 @@
 package server
 
 import (
-	"github.com/Xhofe/alist/server/common"
 	"github.com/Xhofe/alist/server/controllers"
 	"github.com/Xhofe/alist/server/controllers/file"
 	"github.com/Xhofe/alist/server/middlewares"
@@ -35,8 +34,11 @@ func InitApiRouter(r *gin.Engine) {
 
 	admin := api.Group("/admin")
 	{
+		admin.GET("/verify", controllers.Verify)
+		admin.GET("/get_redirect_url", controllers.GetRedirectUrl)
+		admin.POST("/oauth", controllers.OAuth)
+
 		admin.Use(middlewares.Auth)
-		admin.Any("/login", common.Login)
 		admin.GET("/settings", controllers.GetSettings)
 		admin.POST("/settings", controllers.SaveSettings)
 		admin.DELETE("/setting", controllers.DeleteSetting)