fix(oidc): 增加 redirect_uri

api/oauth.go

@@ -7,6 +7,7 @@ import (
 	"github.com/komari-monitor/komari/database/accounts"
 	"github.com/komari-monitor/komari/database/auditlog"
 	"github.com/komari-monitor/komari/database/config"
+	"github.com/komari-monitor/komari/utils"
 	"github.com/komari-monitor/komari/utils/oauth"
 )
 
@@ -18,7 +19,9 @@ func OAuth(c *gin.Context) {
 		return
 	}
 
-	authURL, state := oauth.CurrentProvider().GetAuthorizationURL()
+	redirectURI := utils.GetScheme(c) + "://" + c.Request.Host + "/api/oauth_callback"
+
+	authURL, state := oauth.CurrentProvider().GetAuthorizationURL(redirectURI)
 
 	c.SetCookie("oauth_state", state, 3600, "/", "", false, true)
 

utils/gin.go

@@ -0,0 +1,25 @@
+package utils
+
+import "github.com/gin-gonic/gin"
+
+// https://github.com/labstack/echo/blob/98ca08e7dd64075b858e758d6693bf9799340756/context.go#L275-L294
+func GetScheme(c *gin.Context) string {
+	// Can't use `r.Request.URL.Scheme`
+	// See: https://groups.google.com/forum/#!topic/golang-nuts/pMUkBlQBDF0
+	if c.Request.TLS != nil {
+		return "https"
+	}
+	if scheme := c.Request.Header.Get("X-Forwarded-Proto"); scheme != "" {
+		return scheme
+	}
+	if scheme := c.Request.Header.Get("X-Forwarded-Protocol"); scheme != "" {
+		return scheme
+	}
+	if ssl := c.Request.Header.Get("X-Forwarded-Ssl"); ssl == "on" {
+		return "https"
+	}
+	if scheme := c.Request.Header.Get("X-Url-Scheme"); scheme != "" {
+		return scheme
+	}
+	return "http"
+}

utils/oauth/factory/meta.go

@@ -7,7 +7,7 @@ type IOidcProvider interface {
 	// 请务必返回 &Configuration{} 的指针
 	GetConfiguration() Configuration
 	// 获取授权URL和状态
-	GetAuthorizationURL() (string, string)
+	GetAuthorizationURL(redirectURI string) (string, string)
 	OnCallback(ctx context.Context, state string, query map[string]string) (OidcCallback, error)
 	Init() error
 	Destroy() error

utils/oauth/generic/generic.go

@@ -20,16 +20,17 @@ func (g *Generic) GetConfiguration() factory.Configuration {
 	return &g.Addition
 }
 
-func (g *Generic) GetAuthorizationURL() (string, string) {
+func (g *Generic) GetAuthorizationURL(redirectURI string) (string, string) {
 	state := utils.GenerateRandomString(16)
 
 	// 构建GitHub OAuth授权URL
 	authURL := fmt.Sprintf(
-		"%s?client_id=%s&state=%s&scope=%s&response_type=code",
+		"%s?client_id=%s&state=%s&scope=%s&redirect_uri=%s&response_type=code",
 		g.Addition.AuthURL,
 		url.QueryEscape(g.Addition.ClientId),
 		url.QueryEscape(state),
 		url.QueryEscape(g.Addition.Scope),
+		url.QueryEscape(redirectURI),
 	)
 	g.stateCache.Set(state, true, cache.DefaultExpiration)
 	return authURL, state

utils/oauth/github/github.go

@@ -24,7 +24,7 @@ func (g *Github) GetConfiguration() factory.Configuration {
 	return &g.Addition
 }
 
-func (g *Github) GetAuthorizationURL() (string, string) {
+func (g *Github) GetAuthorizationURL(_ string) (string, string) {
 	state := utils.GenerateRandomString(16)
 
 	// 构建GitHub OAuth授权URL