feat: support face ID provider (#3666)

2025-07-02 03:00:18 +08:00 · 2025-03-19 22:57:35 +08:00
parent 15a037ca74
commit 141372cb86
15 changed files with 598 additions and 23 deletions
--- a/object/application.go
+++ b/object/application.go
@ -541,7 +541,7 @@ func GetMaskedApplication(application *Application, userId string) *Application

 	providerItems := []*ProviderItem{}
 	for _, providerItem := range application.Providers {
-		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML") {
+		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML" || providerItem.Provider.Category == "Face ID") {
 			providerItems = append(providerItems, providerItem)
 		}
 	}
--- a/object/provider.go
+++ b/object/provider.go
@ -384,6 +384,44 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 	return nil, nil
 }

+func GetFaceIdProviderByOwnerName(applicationId, lang string) (*Provider, error) {
+	owner, name := util.GetOwnerAndNameFromId(applicationId)
+	provider := Provider{Owner: owner, Name: name, Category: "Face ID"}
+	existed, err := ormer.Engine.Get(&provider)
+	if err != nil {
+		return nil, err
+	}
+
+	if !existed {
+		return nil, fmt.Errorf(i18n.Translate(lang, "provider:the provider: %s does not exist"), applicationId)
+	}
+
+	return &provider, nil
+}
+
+func GetFaceIdProviderByApplication(applicationId, isCurrentProvider, lang string) (*Provider, error) {
+	if isCurrentProvider == "true" {
+		return GetFaceIdProviderByOwnerName(applicationId, lang)
+	}
+	application, err := GetApplication(applicationId)
+	if err != nil {
+		return nil, err
+	}
+
+	if application == nil || len(application.Providers) == 0 {
+		return nil, fmt.Errorf(i18n.Translate(lang, "provider:Invalid application id"))
+	}
+	for _, provider := range application.Providers {
+		if provider.Provider == nil {
+			continue
+		}
+		if provider.Provider.Category == "Face ID" {
+			return GetFaceIdProviderByOwnerName(util.GetId(provider.Provider.Owner, provider.Provider.Name), lang)
+		}
+	}
+	return nil, nil
+}
+
 func providerChangeTrigger(oldName string, newName string) error {
 	session := ormer.Engine.NewSession()
 	defer session.Close()
--- a/object/user.go
+++ b/object/user.go
@ -15,13 +15,17 @@
 package object

 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io"
 	"reflect"
 	"strconv"
 	"strings"

 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/faceId"
+	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/xorm-io/builder"
@ -244,6 +248,7 @@ type MfaAccount struct {
 type FaceId struct {
 	Name       string    `xorm:"varchar(100) notnull pk" json:"name"`
 	FaceIdData []float64 `json:"faceIdData"`
+	ImageUrl   string    `json:"ImageUrl"`
 }

 func GetUserFieldStringValue(user *User, fieldName string) (bool, string, error) {
@ -1179,6 +1184,40 @@ func (user *User) IsGlobalAdmin() bool {
 	return user.Owner == "built-in"
 }

+func (user *User) CheckUserFace(faceIdImage []string, provider *Provider) (bool, error) {
+	faceIdChecker := faceId.GetFaceIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Endpoint)
+	httpClient := proxy.DefaultHttpClient
+	errList := []error{}
+	for _, userFaceId := range user.FaceIds {
+		if userFaceId.ImageUrl != "" {
+			imgResp, err := httpClient.Get(userFaceId.ImageUrl)
+			if err != nil {
+				continue
+			}
+			imgByte, err := io.ReadAll(imgResp.Body)
+			if err != nil {
+				continue
+			}
+
+			base64Img := base64.StdEncoding.EncodeToString(imgByte)
+			for _, imgBase64 := range faceIdImage {
+				isSuccess, err := faceIdChecker.Check(imgBase64, base64Img)
+				if err != nil {
+					errList = append(errList, err)
+					continue
+				}
+				if isSuccess {
+					return true, nil
+				}
+			}
+		}
+	}
+	if len(errList) > 0 {
+		return false, errList[0]
+	}
+	return false, nil
+}
+
 func GenerateIdForNewUser(application *Application) (string, error) {
 	if application == nil || application.GetSignupItemRule("ID") != "Incremental" {
 		return util.GenerateId(), nil