feat: 添加 Gitee OAuth 登录功能，包括服务逻辑、配置、路由和认证处理程序。

2026-01-29 13:11:25 +08:00
parent 1b4b359850
commit 4a8a9afaf7
5 changed files with 328 additions and 6 deletions
--- a/.env.prod
+++ b/.env.prod
@@ -58,6 +58,13 @@ GITHUB_CLIENT_SECRET=7e154e464dccd913a92cf580021f2a5dc51aac93
 GITHUB_REDIRECT_URL=https://bk.swalktech.top/api/v1/auth/github/callback
 FRONTEND_URL=https://bk.swalktech.top

+# ============================================
+# Gitee OAuth 配置（可选）
+# ============================================
+GITEE_CLIENT_ID=ccc286f08aac25a6304c61a1a7a5a4418e0fd73948d8f8339ca941bfb5379280
+GITEE_CLIENT_SECRET=b7832bdfc3cadf2e00dba9e2b694345f88afb591603a2edf3af19484b68efe9a
+GITEE_REDIRECT_URL=https://bk.swalktech.top/api/v1/auth/gitee/callback
+
 # ============================================
 # 网络配置
 # ============================================
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -46,6 +46,11 @@ type Config struct {
 	GitHubRedirectURL  string
 	FrontendURL        string

+	// Gitee OAuth configuration
+	GiteeClientID     string
+	GiteeClientSecret string
+	GiteeRedirectURL  string
+
 	// AI configuration (OpenAI compatible)
 	OpenAIAPIKey     string
 	OpenAIBaseURL    string
@@ -105,6 +110,11 @@ func Load() *Config {
 		GitHubRedirectURL:  getEnv("GITHUB_REDIRECT_URL", ""),
 		FrontendURL:        getEnv("FRONTEND_URL", "http://localhost:2613"),

+		// Gitee OAuth
+		GiteeClientID:     getEnv("GITEE_CLIENT_ID", ""),
+		GiteeClientSecret: getEnv("GITEE_CLIENT_SECRET", ""),
+		GiteeRedirectURL:  getEnv("GITEE_REDIRECT_URL", ""),
+
 		// AI (OpenAI compatible)
 		OpenAIAPIKey:     getEnv("OPENAI_API_KEY", ""),
 		OpenAIBaseURL:    getEnv("OPENAI_BASE_URL", ""),
--- a/internal/handler/auth_handler.go
+++ b/internal/handler/auth_handler.go
@@ -15,15 +15,16 @@ import (
 type AuthHandler struct {
 	authService        *service.AuthService
 	gitHubOAuthService *service.GitHubOAuthService
+	giteeOAuthService  *service.GiteeOAuthService
 	cfg                *config.Config
 }

-func NewAuthHandler(authService *service.AuthService, gitHubOAuthService *service.GitHubOAuthService) *AuthHandler {
-	return &AuthHandler{authService: authService, gitHubOAuthService: gitHubOAuthService}
+func NewAuthHandler(authService *service.AuthService, gitHubOAuthService *service.GitHubOAuthService, giteeOAuthService *service.GiteeOAuthService) *AuthHandler {
+	return &AuthHandler{authService: authService, gitHubOAuthService: gitHubOAuthService, giteeOAuthService: giteeOAuthService}
 }

-func NewAuthHandlerWithConfig(authService *service.AuthService, gitHubOAuthService *service.GitHubOAuthService, cfg *config.Config) *AuthHandler {
-	return &AuthHandler{authService: authService, gitHubOAuthService: gitHubOAuthService, cfg: cfg}
+func NewAuthHandlerWithConfig(authService *service.AuthService, gitHubOAuthService *service.GitHubOAuthService, giteeOAuthService *service.GiteeOAuthService, cfg *config.Config) *AuthHandler {
+	return &AuthHandler{authService: authService, gitHubOAuthService: gitHubOAuthService, giteeOAuthService: giteeOAuthService, cfg: cfg}
 }

 type RegisterRequest struct {
@@ -154,6 +155,8 @@ func (h *AuthHandler) RegisterRoutes(rg *gin.RouterGroup) {
 	auth.POST("/refresh", h.RefreshToken)
 	auth.GET("/github", h.GitHubLogin)
 	auth.GET("/github/callback", h.GitHubCallback)
+	auth.GET("/gitee", h.GiteeLogin)
+	auth.GET("/gitee/callback", h.GiteeCallback)
 }

 func (h *AuthHandler) RegisterProtectedRoutes(rg *gin.RouterGroup) {
@@ -206,3 +209,48 @@ func (h *AuthHandler) GitHubCallback(c *gin.Context) {
 		frontendURL, url.QueryEscape(tokens.AccessToken), url.QueryEscape(tokens.RefreshToken), user.ID)
 	c.Redirect(302, redirectURL)
 }
+
+func (h *AuthHandler) GiteeLogin(c *gin.Context) {
+	if h.giteeOAuthService == nil {
+		api.BadRequest(c, "Gitee OAuth is not configured")
+		return
+	}
+	state := c.Query("state")
+	if state == "" {
+		state = "default"
+	}
+	authURL := h.giteeOAuthService.GetAuthorizationURL(state)
+	c.Redirect(302, authURL)
+}
+
+func (h *AuthHandler) GiteeCallback(c *gin.Context) {
+	if h.giteeOAuthService == nil {
+		api.BadRequest(c, "Gitee OAuth is not configured")
+		return
+	}
+
+	frontendURL := "http://localhost:2613"
+	if h.cfg != nil && h.cfg.FrontendURL != "" {
+		frontendURL = h.cfg.FrontendURL
+	}
+
+	code := c.Query("code")
+	if code == "" {
+		redirectURL := fmt.Sprintf("%s/login?error=missing_code", frontendURL)
+		c.Redirect(302, redirectURL)
+		return
+	}
+
+	user, tokens, err := h.giteeOAuthService.HandleCallback(code)
+	if err != nil {
+		fmt.Printf("[Auth] Gitee callback failed: %v\n", err)
+		redirectURL := fmt.Sprintf("%s/login?error=%s", frontendURL, url.QueryEscape(err.Error()))
+		c.Redirect(302, redirectURL)
+		return
+	}
+
+	// 重定向到前端回调页面，带上token信息
+	redirectURL := fmt.Sprintf("%s/auth/gitee/callback?access_token=%s&refresh_token=%s&user_id=%d",
+		frontendURL, url.QueryEscape(tokens.AccessToken), url.QueryEscape(tokens.RefreshToken), user.ID)
+	c.Redirect(302, redirectURL)
+}
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -58,7 +58,11 @@ func Setup(db *gorm.DB, yunAPIClient *service.YunAPIClient, cfg *config.Config)
 	if cfg.GitHubClientID != "" && cfg.GitHubClientSecret != "" {
 		gitHubOAuthService = service.NewGitHubOAuthService(userRepo, authService, cfg)
 	}
-	authHandler := handler.NewAuthHandlerWithConfig(authService, gitHubOAuthService, cfg)
+	var giteeOAuthService *service.GiteeOAuthService
+	if cfg.GiteeClientID != "" && cfg.GiteeClientSecret != "" {
+		giteeOAuthService = service.NewGiteeOAuthService(userRepo, authService, cfg)
+	}
+	authHandler := handler.NewAuthHandlerWithConfig(authService, gitHubOAuthService, giteeOAuthService, cfg)
 	authMiddleware := middleware.NewAuthMiddleware(authService)

 	// Initialize services
@@ -331,7 +335,11 @@ func SetupWithRedis(db *gorm.DB, yunAPIClient *service.YunAPIClient, redisClient
 	if cfg.GitHubClientID != "" && cfg.GitHubClientSecret != "" {
 		gitHubOAuthService = service.NewGitHubOAuthService(userRepo, authService, cfg)
 	}
-	authHandler := handler.NewAuthHandlerWithConfig(authService, gitHubOAuthService, cfg)
+	var giteeOAuthService *service.GiteeOAuthService
+	if cfg.GiteeClientID != "" && cfg.GiteeClientSecret != "" {
+		giteeOAuthService = service.NewGiteeOAuthService(userRepo, authService, cfg)
+	}
+	authHandler := handler.NewAuthHandlerWithConfig(authService, gitHubOAuthService, giteeOAuthService, cfg)
 	authMiddleware := middleware.NewAuthMiddleware(authService)

 	// Initialize services
--- a/internal/service/gitee_oauth_service.go
+++ b/internal/service/gitee_oauth_service.go
@@ -0,0 +1,249 @@
+// Package service provides business logic for the application
+package service
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"accounting-app/internal/config"
+	"accounting-app/internal/models"
+	"accounting-app/internal/repository"
+)
+
+// Gitee OAuth errors
+var (
+	ErrGiteeOAuthFailed    = errors.New("gitee oauth authentication failed")
+	ErrGiteeUserInfoFailed = errors.New("failed to get gitee user info")
+)
+
+// GiteeUser represents Gitee user information
+type GiteeUser struct {
+	ID        int64  `json:"id"`
+	Login     string `json:"login"`
+	Email     string `json:"email"`
+	Name      string `json:"name"`
+	AvatarURL string `json:"avatar_url"`
+}
+
+// GiteeTokenResponse represents Gitee OAuth token response
+type GiteeTokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	RefreshToken string `json:"refresh_token"`
+	Scope        string `json:"scope"`
+	CreatedAt    int64  `json:"created_at"`
+}
+
+// GiteeOAuthService handles Gitee OAuth operations
+type GiteeOAuthService struct {
+	userRepo    *repository.UserRepository
+	authService *AuthService
+	cfg         *config.Config
+	httpClient  *http.Client
+}
+
+// NewGiteeOAuthService creates a new GiteeOAuthService instance
+func NewGiteeOAuthService(userRepo *repository.UserRepository, authService *AuthService, cfg *config.Config) *GiteeOAuthService {
+	return &GiteeOAuthService{
+		userRepo:    userRepo,
+		authService: authService,
+		cfg:         cfg,
+		httpClient: &http.Client{
+			Timeout: 60 * time.Second,
+			Transport: &http.Transport{
+				Proxy: http.ProxyFromEnvironment,
+			},
+		},
+	}
+}
+
+// GetAuthorizationURL returns the Gitee OAuth authorization URL
+func (s *GiteeOAuthService) GetAuthorizationURL(state string) string {
+	params := url.Values{}
+	params.Set("client_id", s.cfg.GiteeClientID)
+	params.Set("redirect_uri", s.cfg.GiteeRedirectURL)
+	params.Set("response_type", "code")
+	params.Set("scope", "user_info") // Gitee scope for user info
+	params.Set("state", state)
+
+	return fmt.Sprintf("https://gitee.com/oauth/authorize?%s", params.Encode())
+}
+
+// ExchangeCodeForToken exchanges authorization code for access token
+func (s *GiteeOAuthService) ExchangeCodeForToken(code string) (*GiteeTokenResponse, error) {
+	data := url.Values{}
+	data.Set("client_id", s.cfg.GiteeClientID)
+	data.Set("client_secret", s.cfg.GiteeClientSecret)
+	data.Set("code", code)
+	data.Set("grant_type", "authorization_code")
+	data.Set("redirect_uri", s.cfg.GiteeRedirectURL)
+
+	req, err := http.NewRequest("POST", "https://gitee.com/oauth/token", strings.NewReader(data.Encode()))
+	if err != nil {
+		fmt.Printf("[Gitee] Failed to create request: %v\n", err)
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	fmt.Printf("[Gitee] Exchanging code for token...\n")
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		fmt.Printf("[Gitee] Request failed: %v\n", err)
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		fmt.Printf("[Gitee] Token exchange failed with status: %d\n", resp.StatusCode)
+		return nil, ErrGiteeOAuthFailed
+	}
+
+	var tokenResp GiteeTokenResponse
+	if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
+		fmt.Printf("[Gitee] Failed to decode response: %v\n", err)
+		return nil, err
+	}
+
+	if tokenResp.AccessToken == "" {
+		fmt.Printf("[Gitee] No access token in response\n")
+		return nil, ErrGiteeOAuthFailed
+	}
+
+	return &tokenResp, nil
+}
+
+// GetUserInfo retrieves Gitee user information using access token
+func (s *GiteeOAuthService) GetUserInfo(accessToken string) (*GiteeUser, error) {
+	req, err := http.NewRequest("GET", "https://gitee.com/api/v5/user", nil)
+	if err != nil {
+		return nil, err
+	}
+
+	// Gitee passes access_token as query param or header?
+	// Documentation says access_token param is preferred but header might work too.
+	// Usually "access_token" query param is standard for Gitee API v5.
+	q := req.URL.Query()
+	q.Add("access_token", accessToken)
+	req.URL.RawQuery = q.Encode()
+
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, ErrGiteeUserInfoFailed
+	}
+
+	var user GiteeUser
+	if err := json.NewDecoder(resp.Body).Decode(&user); err != nil {
+		return nil, err
+	}
+
+	// Email might be empty if private. Gitee API usually returns email in user info if scope is correct or public.
+	// Unlike GitHub, Gitee doesn't have a separate emails endpoint that is strictly necessary if standard user info returns it.
+	// But if it's missing, let's try to handle it gracefully or rely on what we have.
+
+	return &user, nil
+}
+
+// HandleCallback processes Gitee OAuth callback
+func (s *GiteeOAuthService) HandleCallback(code string) (*models.User, *TokenPair, error) {
+	// Exchange code for token
+	tokenResp, err := s.ExchangeCodeForToken(code)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Get Gitee user info
+	giteeUser, err := s.GetUserInfo(tokenResp.AccessToken)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Check if user already exists with this Gitee account
+	user, err := s.userRepo.GetByOAuthProvider("gitee", fmt.Sprintf("%d", giteeUser.ID))
+	if err == nil {
+		// User exists, update token and return
+		_ = s.userRepo.UpdateOAuthToken("gitee", fmt.Sprintf("%d", giteeUser.ID), tokenResp.AccessToken)
+		tokens, err := s.authService.generateTokenPair(user)
+		if err != nil {
+			return nil, nil, err
+		}
+		return user, tokens, nil
+	}
+
+	// Check if user exists with same email
+	if giteeUser.Email != "" {
+		existingUser, err := s.userRepo.GetByEmail(giteeUser.Email)
+		if err == nil {
+			// Link Gitee account to existing user
+			oauth := &models.OAuthAccount{
+				UserID:      existingUser.ID,
+				Provider:    "gitee",
+				ProviderID:  fmt.Sprintf("%d", giteeUser.ID),
+				AccessToken: tokenResp.AccessToken,
+			}
+			if err := s.userRepo.CreateOAuthAccount(oauth); err != nil {
+				return nil, nil, err
+			}
+			tokens, err := s.authService.generateTokenPair(existingUser)
+			if err != nil {
+				return nil, nil, err
+			}
+			return existingUser, tokens, nil
+		}
+	}
+
+	// Create new user
+	username := giteeUser.Login
+	if giteeUser.Name != "" {
+		username = giteeUser.Name
+	}
+
+	email := giteeUser.Email
+	if email == "" {
+		// Fallback email if not provided
+		email = fmt.Sprintf("%d@gitee.user", giteeUser.ID)
+	}
+
+	newUser := &models.User{
+		Email:    email,
+		Username: username,
+		Avatar:   giteeUser.AvatarURL,
+		IsActive: true,
+	}
+
+	if err := s.userRepo.Create(newUser); err != nil {
+		return nil, nil, err
+	}
+
+	// Create OAuth account link
+	oauth := &models.OAuthAccount{
+		UserID:      newUser.ID,
+		Provider:    "gitee",
+		ProviderID:  fmt.Sprintf("%d", giteeUser.ID),
+		AccessToken: tokenResp.AccessToken,
+	}
+	if err := s.userRepo.CreateOAuthAccount(oauth); err != nil {
+		return nil, nil, err
+	}
+
+	tokens, err := s.authService.generateTokenPair(newUser)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return newUser, tokens, nil
+}