From 4a170d1d56dbcd08c6b305e086253cbb3210d9e0 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Mon, 15 Mar 2021 00:49:16 +0800
Subject: [PATCH] Change /api/auth/login to POST.

---
 controllers/account.go       |  9 +++++++++
 controllers/auth.go          | 24 ++++++++++++------------
 routers/router.go            |  2 +-
 web/src/auth/AuthBackend.js  |  9 +++++----
 web/src/auth/AuthCallback.js | 27 ++++++++++++---------------
 5 files changed, 39 insertions(+), 32 deletions(-)

diff --git a/controllers/account.go b/controllers/account.go
index 9cb26a59..ebe52567 100644
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -9,12 +9,21 @@ import (
 )
 
 type RegisterForm struct {
+	Type string `json:"type"`
+
 	Organization string `json:"organization"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
 	Name         string `json:"name"`
 	Email        string `json:"email"`
 	Phone        string `json:"phone"`
+
+	Application string `json:"application"`
+	Provider    string `json:"provider"`
+	Code        string `json:"code"`
+	State       string `json:"state"`
+	RedirectUri string `json:"redirectUri"`
+	Method      string `json:"method"`
 }
 
 type Response struct {
diff --git a/controllers/auth.go b/controllers/auth.go
index 8552211b..4cfc02d0 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 
 	"github.com/astaxie/beego"
@@ -26,27 +27,26 @@ import (
 )
 
 func (c *ApiController) AuthLogin() {
-	applicationName := c.Input().Get("application")
-	providerName := c.Input().Get("provider")
-	code := c.Input().Get("code")
-	state := c.Input().Get("state")
-	method := c.Input().Get("method")
-	redirectUri := c.Input().Get("redirect_uri")
+	var form RegisterForm
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
+	if err != nil {
+		panic(err)
+	}
 
-	application := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
-	provider := object.GetProvider(fmt.Sprintf("admin/%s", providerName))
+	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+	provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
 
 	idProvider := idp.GetIdProvider(provider.Type)
 	oauthConfig := idProvider.GetConfig()
 	oauthConfig.ClientID = provider.ClientId
 	oauthConfig.ClientSecret = provider.ClientSecret
-	oauthConfig.RedirectURL = redirectUri
+	oauthConfig.RedirectURL = form.RedirectUri
 
 	var resp Response
 	var res authResponse
 	res.IsAuthenticated = true
 
-	if state != beego.AppConfig.String("AuthState") {
+	if form.State != beego.AppConfig.String("AuthState") {
 		res.IsAuthenticated = false
 		resp = Response{Status: "error", Msg: "unauthorized", Data: res}
 		c.ServeJSON()
@@ -55,7 +55,7 @@ func (c *ApiController) AuthLogin() {
 
 	// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
 	ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, httpClient)
-	token, err := oauthConfig.Exchange(ctx, code)
+	token, err := oauthConfig.Exchange(ctx, form.Code)
 	if err != nil {
 		res.IsAuthenticated = false
 		panic(err)
@@ -76,7 +76,7 @@ func (c *ApiController) AuthLogin() {
 		return
 	}
 
-	if method == "signup" {
+	if form.Method == "signup" {
 		userId := ""
 		if provider.Type == "github" {
 			userId = object.GetUserIdByField(application, "github", res.Method)
diff --git a/routers/router.go b/routers/router.go
index 470b4577..f571e156 100644
--- a/routers/router.go
+++ b/routers/router.go
@@ -37,7 +37,7 @@ func initAPI() {
 	beego.Router("/api/login", &controllers.ApiController{}, "POST:Login")
 	beego.Router("/api/logout", &controllers.ApiController{}, "POST:Logout")
 	beego.Router("/api/get-account", &controllers.ApiController{}, "GET:GetAccount")
-	beego.Router("/api/auth/login", &controllers.ApiController{}, "GET:AuthLogin")
+	beego.Router("/api/auth/login", &controllers.ApiController{}, "POST:AuthLogin")
 
 	beego.Router("/api/get-organizations", &controllers.ApiController{}, "GET:GetOrganizations")
 	beego.Router("/api/get-organization", &controllers.ApiController{}, "GET:GetOrganization")
diff --git a/web/src/auth/AuthBackend.js b/web/src/auth/AuthBackend.js
index b1629ff9..96a275d5 100644
--- a/web/src/auth/AuthBackend.js
+++ b/web/src/auth/AuthBackend.js
@@ -44,10 +44,11 @@ export function logout() {
   }).then(res => res.json());
 }
 
-export function authLogin(applicationName, providerName, code, state, redirectUri, method) {
-  return fetch(`${authConfig.serverUrl}/api/auth/login?application=${applicationName}&provider=${providerName}&code=${code}&state=${state}&redirect_url=${redirectUri}&method=${method}`, {
-    method: 'GET',
-    credentials: 'include',
+export function authLogin(values) {
+  return fetch(`${authConfig.serverUrl}/api/auth/login`, {
+    method: 'POST',
+    credentials: "include",
+    body: JSON.stringify(values),
   }).then(res => res.json());
 }
 
diff --git a/web/src/auth/AuthCallback.js b/web/src/auth/AuthCallback.js
index 858eb038..26f6a443 100644
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@@ -13,9 +13,10 @@
 // limitations under the License.
 
 import React from "react";
-import {message, Spin} from "antd";
+import {Spin} from "antd";
 import {withRouter} from "react-router-dom";
 import * as AuthBackend from "./AuthBackend";
+import * as Util from "./Util";
 
 class AuthCallback extends React.Component {
   constructor(props) {
@@ -35,26 +36,22 @@ class AuthCallback extends React.Component {
   }
 
   componentWillMount() {
-    this.authLogin();
-  }
-
-  showMessage(type, text) {
-    if (type === "success") {
-      message.success(text);
-    } else if (type === "error") {
-      message.error(text);
-    }
-  }
-
-  authLogin() {
     let redirectUri;
     redirectUri = `${window.location.origin}/callback/${this.state.applicationName}/${this.state.providerName}/${this.state.method}`;
-    AuthBackend.authLogin(this.state.applicationName, this.state.providerName, this.state.code, this.state.state, redirectUri, this.state.method)
+    const body = {
+      application: this.state.applicationName,
+      provider: this.state.providerName,
+      code: this.state.code,
+      state: this.state.state,
+      redirectUri: redirectUri,
+      method: this.state.method,
+    };
+    AuthBackend.authLogin(body)
       .then((res) => {
         if (res.status === "ok") {
           window.location.href = '/';
         } else {
-          this.showMessage("error", res?.msg);
+          Util.showMessage("error", res?.msg);
         }
       });
   }