From 9980ef1975a213b60fd8b49b0e31f67dfe829fce Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Sat, 20 Mar 2021 10:51:00 +0800
Subject: [PATCH] Add /api/get-app-login

---
 controllers/account.go |  5 +++++
 controllers/auth.go    | 47 ++++++++++++++++++++++++++++++++++++------
 controllers/token.go   |  6 +++---
 object/token.go        | 24 +++++++++++++++++++++
 routers/router.go      |  1 +
 5 files changed, 74 insertions(+), 9 deletions(-)

diff --git a/controllers/account.go b/controllers/account.go
index ea1479d6..0fb6d4e5 100644
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -25,6 +25,11 @@ import (
 	"github.com/casdoor/casdoor/util"
 )
 
+const (
+	ResponseTypeLogin = "login"
+	ResponseTypeCode  = "code"
+)
+
 type RequestForm struct {
 	Type string `json:"type"`
 
diff --git a/controllers/auth.go b/controllers/auth.go
index 1909ee6c..3b61ded5 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -26,9 +26,44 @@ import (
 	"golang.org/x/oauth2"
 )
 
-func (c *ApiController) HandleLoggedIn(userId string) {
-	c.SetSessionUser(userId)
-	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
+func (c *ApiController) HandleLoggedIn(userId string, form *RequestForm) *Response {
+	resp := &Response{}
+	if form.Type == ResponseTypeLogin {
+		c.SetSessionUser(userId)
+		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
+		resp = nil
+	} else if form.Type == ResponseTypeCode {
+		clientId := c.Input().Get("clientId")
+		responseType := c.Input().Get("responseType")
+		redirectUri := c.Input().Get("redirectUri")
+		scope := c.Input().Get("scope")
+		state := c.Input().Get("state")
+
+		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state)
+		resp = codeToResponse(code)
+	} else {
+		resp = &Response{Status: "error", Msg: fmt.Sprintf("unknown response type: %s", form.Type)}
+	}
+	return resp
+}
+
+func (c *ApiController) GetApplicationLogin() {
+	var resp Response
+
+	clientId := c.Input().Get("clientId")
+	responseType := c.Input().Get("responseType")
+	redirectUri := c.Input().Get("redirectUri")
+	scope := c.Input().Get("scope")
+	state := c.Input().Get("state")
+
+	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)
+	if msg != "" {
+		resp = Response{Status: "error", Msg: msg, Data: application}
+	} else {
+		resp = Response{Status: "ok", Msg: "", Data: application}
+	}
+	c.Data["json"] = resp
+	c.ServeJSON()
 }
 
 func (c *ApiController) Login() {
@@ -54,7 +89,7 @@ func (c *ApiController) Login() {
 		if msg != "" {
 			resp = Response{Status: "error", Msg: msg, Data: ""}
 		} else {
-			c.HandleLoggedIn(userId)
+			c.HandleLoggedIn(userId, &form)
 			resp = Response{Status: "ok", Msg: "", Data: userId}
 		}
 	} else if form.Provider != "" {
@@ -116,7 +151,7 @@ func (c *ApiController) Login() {
 				//	object.LinkMemberAccount(userId, "avatar", avatar)
 				//}
 
-				c.HandleLoggedIn(userId)
+				c.HandleLoggedIn(userId, &form)
 			} else {
 				//if object.IsForbidden(userId) {
 				//	c.forbiddenAccountResp(userId)
@@ -124,7 +159,7 @@ func (c *ApiController) Login() {
 				//}
 
 				if userId := object.GetUserIdByField(application, "email", res.Email); userId != "" {
-					c.HandleLoggedIn(userId)
+					c.HandleLoggedIn(userId, &form)
 
 					if provider.Type == "github" {
 						_ = object.LinkUserAccount(userId, "github", res.Method)
diff --git a/controllers/token.go b/controllers/token.go
index c53ca4ee..cc5dcfcf 100644
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -69,11 +69,11 @@ func (c *ApiController) DeleteToken() {
 	c.ServeJSON()
 }
 
-func codeToResponse(code *object.Code) Response {
+func codeToResponse(code *object.Code) *Response {
 	if code.Code == "" {
-		return Response{Status: "error", Msg: code.Message, Data: code.Code}
+		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
 	} else {
-		return Response{Status: "ok", Msg: "success", Data: code.Code}
+		return &Response{Status: "ok", Msg: "success", Data: code.Code}
 	}
 }
 
diff --git a/object/token.go b/object/token.go
index fb7e314b..0bad398b 100644
--- a/object/token.go
+++ b/object/token.go
@@ -123,6 +123,30 @@ func DeleteToken(token *Token) bool {
 	return affected != 0
 }
 
+func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string) (string, *Application) {
+	if responseType != "code" {
+		return "response_type should be \"code\"", nil
+	}
+
+	application := getApplicationByClientId(clientId)
+	if application == nil {
+		return "invalid client_id", nil
+	}
+
+	validUri := false
+	for _, tmpUri := range application.RedirectUris {
+		if strings.Contains(redirectUri, tmpUri) {
+			validUri = true
+			break
+		}
+	}
+	if !validUri {
+		return "redirect_uri doesn't exist in the allowed Redirect URL list", application
+	}
+
+	return "", application
+}
+
 func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string) *Code {
 	if userId == "" {
 		return &Code{
diff --git a/routers/router.go b/routers/router.go
index f3a9a3f7..cf73cabc 100644
--- a/routers/router.go
+++ b/routers/router.go
@@ -35,6 +35,7 @@ func initAPI() {
 
 	beego.Router("/api/register", &controllers.ApiController{}, "POST:Register")
 	beego.Router("/api/login", &controllers.ApiController{}, "POST:Login")
+	beego.Router("/api/get-app-login", &controllers.ApiController{}, "GET:GetApplicationLogin")
 	beego.Router("/api/logout", &controllers.ApiController{}, "POST:Logout")
 	beego.Router("/api/get-account", &controllers.ApiController{}, "GET:GetAccount")