GitHub 授权码登录

Author: tangllty

tang-admin/src/main/java/com/tang/admin/controller/ThirdPartyLoginController.java

@@ -0,0 +1,41 @@
+package com.tang.admin.controller;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Map;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.tang.commons.enumeration.LoginType;
+import com.tang.commons.model.LoginModel;
+import com.tang.commons.utils.AjaxResult;
+import com.tang.framework.web.service.LoginService;
+import com.tang.system.service.SysMenuService;
+
+/**
+ * 登陆验证逻辑控制层
+ *
+ * @author Tang
+ */
+@RestController
+@RequestMapping("/third-party/oauth")
+public class ThirdPartyLoginController {
+
+    private final LoginService loginService;
+
+    public ThirdPartyLoginController(LoginService loginService, SysMenuService menuService) {
+        this.loginService = loginService;
+    }
+
+    @RequestMapping("/github/redirect")
+    public AjaxResult oauthRedirect(String code) throws URISyntaxException, IOException, InterruptedException {
+        var loginModel = new LoginModel();
+        loginModel.setCode(code);
+        loginModel.setLoginType(LoginType.GITHUB.getName());
+        loginModel.setCaptchaEnable(false);
+        var token = loginService.login(loginModel);
+        return AjaxResult.success(Map.of("token", token));
+    }
+
+}

tang-admin/src/main/resources/application.yml

@@ -78,3 +78,11 @@ token:
   time-unit: hours
   # 令牌有效期
   expire-time: 2
+
+# 第三方登录
+oauth:
+  github:
+    # 客户端ID
+    client-id: xxxxxxxxxxxxxxxxxxxx
+    # 客户端密钥
+    client-secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

tang-commons/src/main/java/com/tang/commons/autoconfigure/oauth/GitHubProperties.java

@@ -0,0 +1,44 @@
+package com.tang.commons.autoconfigure.oauth;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * GitHub 配置
+ *
+ * @author Tang
+ */
+@Configuration
+@ConfigurationProperties(prefix = GitHubProperties.GITHUB_PREFIX)
+public class GitHubProperties {
+
+    public static final String GITHUB_PREFIX = "oauth.github";
+
+    /**
+     * 客户端 ID
+     */
+    private String clientId;
+
+    /**
+     * 客户端密钥
+     */
+    private String clientSecret;
+
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+
+}

tang-commons/src/main/java/com/tang/commons/enumeration/LoginType.java

@@ -19,6 +19,11 @@ public enum LoginType {
      */
     EMAIL("email", "邮箱密码"),
 
+    /**
+     * GitHub 授权码
+     */
+    GITHUB("github", "GitHub 授权码"),
+
     /**
      * 未知
      */

tang-commons/src/main/java/com/tang/commons/model/LoginModel.java

@@ -15,7 +15,7 @@
 public class LoginModel implements Serializable {
 
     @java.io.Serial
-    private static final long serialVersionUID = -5942371013228306925L;
+    private static final long serialVersionUID = 364320618765413665L;
 
     /**
      * 用户名
@@ -36,12 +36,22 @@ public class LoginModel implements Serializable {
     @Length(min = 4, max = 64, message = "密码长度应在 4 到 64 之间")
     private String password;
 
+    /**
+     * GitHub 授权码
+     */
+    private String code;
+
     /**
      * 登陆方式
      */
     @NotBlank(message = "登陆方式不能为空")
     private String loginType;
 
+    /**
+     * 验证码开关
+     */
+    private boolean captchaEnable = true;
+
     /**
      * 验证码
      */
@@ -72,6 +82,14 @@ public void setPassword(String password) {
         this.password = password;
     }
 
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
     public String getLoginType() {
         return loginType;
     }
@@ -80,6 +98,14 @@ public void setLoginType(String loginType) {
         this.loginType = loginType;
     }
 
+    public boolean getCaptchaEnable() {
+        return captchaEnable;
+    }
+
+    public void setCaptchaEnable(boolean captchaEnable) {
+        this.captchaEnable = captchaEnable;
+    }
+
     public CaptchaModel getCaptcha() {
         return captcha;
     }

tang-framework/src/main/java/com/tang/framework/config/SecurityConfig.java

@@ -47,7 +47,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, Authen
             // 设置未登陆过滤器
             .exceptionHandling(handling -> handling.authenticationEntryPoint(authenticationEntryPoint))
             .authorizeHttpRequests(authorize -> authorize
-                .requestMatchers("/login").permitAll()
+                .requestMatchers("/login", "/third-party/oauth/**").permitAll()
                 .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
                 .requestMatchers("/websocket/**").permitAll()
                 .requestMatchers("/uploads/**").permitAll()
@@ -60,8 +60,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, Authen
     }
 
     @Bean
-    public AuthenticationManager authenticationManager(AuthenticationProvider usernameAuthenticationProvider, AuthenticationProvider emailAuthenticationProvider) {
-        var providers = List.of(usernameAuthenticationProvider, emailAuthenticationProvider);
+    public AuthenticationManager authenticationManager(AuthenticationProvider usernameAuthenticationProvider, AuthenticationProvider emailAuthenticationProvider,
+            AuthenticationProvider gitHubAuthenticationProvider) {
+        var providers = List.of(usernameAuthenticationProvider, emailAuthenticationProvider, gitHubAuthenticationProvider);
         return new ProviderManager(providers);
     }
 

tang-framework/src/main/java/com/tang/framework/security/authentication/github/GitHubAuthenticationProvider.java

@@ -0,0 +1,99 @@
+package com.tang.framework.security.authentication.github;
+
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.util.Collections;
+import java.util.Map;
+
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.stereotype.Component;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.tang.commons.autoconfigure.oauth.GitHubProperties;
+import com.tang.commons.enumeration.LoginType;
+import com.tang.commons.utils.StringUtils;
+import com.tang.framework.web.service.authentication.AuthenticationService;
+import com.tang.system.service.SysUserService;
+
+/**
+ * 用户名密码身份验证
+ *
+ * @author Tang
+ */
+@Component
+public class GitHubAuthenticationProvider implements AuthenticationProvider {
+
+    private final HttpClient httpClient = HttpClient.newBuilder().build();
+
+    private final ObjectMapper objectMapper = new ObjectMapper();
+
+    private final TypeReference<Map<String, Object>> typeReference = new TypeReference<>() {};
+
+    private final GitHubProperties githubProperties;
+
+    private final SysUserService userService;
+
+    private final AuthenticationService authenticationService;
+
+    public GitHubAuthenticationProvider(GitHubProperties githubProperties, SysUserService userService, AuthenticationService authenticationService) {
+        this.githubProperties = githubProperties;
+        this.userService = userService;
+        this.authenticationService = authenticationService;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        if (!supports(authentication.getClass())) {
+            return null;
+        }
+        var authenticationToken = (GitHubAuthenticationToken) authentication;
+        var code = authenticationToken.getPrincipal().toString();
+
+        var url = "https://github.com/login/oauth/access_token?client_id={}&client_secret={}&code={}";
+        url = StringUtils.format(url, githubProperties.getClientId(), githubProperties.getClientSecret(), code);
+
+        // TODO GitHub OAuth2.0 登录逻辑
+
+        // var request = HttpRequest.newBuilder()
+        //     .uri(new URI(url))
+        //     .header("accept", "application/json")
+        //     .POST(HttpRequest.BodyPublishers.noBody())
+        //     .build();
+
+        // var response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
+
+        // var map = objectMapper.readValue(response.body(), typeReference);
+
+        // var urlResult = "https://api.github.com/user";
+
+        // var requestResult = HttpRequest.newBuilder()
+        //     .uri(new URI(urlResult))
+        //     .header("accept", "application/json")
+        //     .header("Authorization", "token " + map.get("access_token"))
+        //     .GET()
+        //     .build();
+
+        // var responseResult = httpClient.send(requestResult, HttpResponse.BodyHandlers.ofString());
+
+        // var result = objectMapper.readValue(responseResult.body(), typeReference);
+
+        // var user = userService.selectUserByUsername(username);
+
+        // var userModel = authenticationService.createUserModel(user, password, username, LoginType.USERNAME.getName());
+
+        // authenticationToken = new GitHubAuthenticationToken(userModel, Collections.emptyList());
+
+        return authenticationToken;
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return GitHubAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+}

tang-framework/src/main/java/com/tang/framework/security/authentication/github/GitHubAuthenticationToken.java

@@ -0,0 +1,53 @@
+package com.tang.framework.security.authentication.github;
+
+import java.util.Collection;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+/**
+ * GitHub 身份验证令牌
+ *
+ * @author Tang
+ */
+public class GitHubAuthenticationToken extends AbstractAuthenticationToken {
+
+    @java.io.Serial
+    private static final long serialVersionUID = 6183503186676400429L;
+
+    private final transient Object principal;
+
+    private final transient Object credentials;
+
+    public GitHubAuthenticationToken(Object principal) {
+        super(null);
+        this.principal = principal;
+        this.credentials = null;
+        setAuthenticated(false);
+    }
+
+    public GitHubAuthenticationToken(Object principal, Object credentials) {
+        super(null);
+        this.principal = principal;
+        this.credentials = credentials;
+        setAuthenticated(false);
+    }
+
+    public GitHubAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {
+        super(authorities);
+        this.principal = principal;
+        this.credentials = null;
+        super.setAuthenticated(true);
+    }
+
+    @Override
+    public Object getCredentials() {
+        return this.credentials;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return this.principal;
+    }
+
+}