Inicio Explorar Ayuda
Registro Iniciar sesión
siwei
/
dify
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: b0091452ca
Ramas Etiquetas
dify
/
api
/
controllers
/
console
/
auth
/
oauth.py

oauth.py 4.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. import logging
    2. 

  2. from datetime import datetime
    3. 

  3. from typing import Optional
    4. 

  4. 

  5. import flask_login
    6. 

  6. import requests
    7. 

  7. from flask import request, redirect, current_app, session
    8. 

  8. from flask_restful import Resource
    9. 

  9. 

  10. from libs.oauth import OAuthUserInfo, GitHubOAuth, GoogleOAuth
    11. 

  11. from extensions.ext_database import db
    12. 

  12. from models.account import Account, AccountStatus
    13. 

  13. from services.account_service import AccountService, RegisterService
    14. 

  14. from .. import api
    15. 

  15. 

  16. 

  17. def get_oauth_providers():
    18. 

  18.     with current_app.app_context():
    19. 

  19.         github_oauth = GitHubOAuth(client_id=current_app.config.get('GITHUB_CLIENT_ID'),
    20. 

  20.                                    client_secret=current_app.config.get(
    21. 

  21.                                        'GITHUB_CLIENT_SECRET'),
    22. 

  22.                                    redirect_uri=current_app.config.get(
    23. 

  23.                                        'CONSOLE_API_URL') + '/console/api/oauth/authorize/github')
    24. 

  24. 

  25.         google_oauth = GoogleOAuth(client_id=current_app.config.get('GOOGLE_CLIENT_ID'),
    26. 

  26.                                    client_secret=current_app.config.get(
    27. 

  27.                                        'GOOGLE_CLIENT_SECRET'),
    28. 

  28.                                    redirect_uri=current_app.config.get(
    29. 

  29.                                        'CONSOLE_API_URL') + '/console/api/oauth/authorize/google')
    30. 

  30. 

  31.         OAUTH_PROVIDERS = {
    32. 

  32.             'github': github_oauth,
    33. 

  33.             'google': google_oauth
    34. 

  34.         }
    35. 

  35.         return OAUTH_PROVIDERS
    36. 

  36. 

  37. 

  38. class OAuthLogin(Resource):
    39. 

  39.     def get(self, provider: str):
    40. 

  40.         OAUTH_PROVIDERS = get_oauth_providers()
    41. 

  41.         with current_app.app_context():
    42. 

  42.             oauth_provider = OAUTH_PROVIDERS.get(provider)
    43. 

  43.             print(vars(oauth_provider))
    44. 

  44.         if not oauth_provider:
    45. 

  45.             return {'error': 'Invalid provider'}, 400
    46. 

  46. 

  47.         auth_url = oauth_provider.get_authorization_url()
    48. 

  48.         return redirect(auth_url)
    49. 

  49. 

  50. 

  51. class OAuthCallback(Resource):
    52. 

  52.     def get(self, provider: str):
    53. 

  53.         OAUTH_PROVIDERS = get_oauth_providers()
    54. 

  54.         with current_app.app_context():
    55. 

  55.             oauth_provider = OAUTH_PROVIDERS.get(provider)
    56. 

  56.         if not oauth_provider:
    57. 

  57.             return {'error': 'Invalid provider'}, 400
    58. 

  58. 

  59.         code = request.args.get('code')
    60. 

  60.         try:
    61. 

  61.             token = oauth_provider.get_access_token(code)
    62. 

  62.             user_info = oauth_provider.get_user_info(token)
    63. 

  63.         except requests.exceptions.HTTPError as e:
    64. 

  64.             logging.exception(
    65. 

  65.                 f"An error occurred during the OAuth process with {provider}: {e.response.text}")
    66. 

  66.             return {'error': 'OAuth process failed'}, 400
    67. 

  67. 

  68.         account = _generate_account(provider, user_info)
    69. 

  69.         # Check account status
    70. 

  70.         if account.status == AccountStatus.BANNED.value or account.status == AccountStatus.CLOSED.value:
    71. 

  71.             return {'error': 'Account is banned or closed.'}, 403
    72. 

  72. 

  73.         if account.status == AccountStatus.PENDING.value:
    74. 

  74.             account.status = AccountStatus.ACTIVE.value
    75. 

  75.             account.initialized_at = datetime.utcnow()
    76. 

  76.             db.session.commit()
    77. 

  77. 

  78.         # login user
    79. 

  79.         session.clear()
    80. 

  80.         flask_login.login_user(account, remember=True)
    81. 

  81.         AccountService.update_last_login(account, request)
    82. 

  82. 

  83.         return redirect(f'{current_app.config.get("CONSOLE_WEB_URL")}?oauth_login=success')
    84. 

  84. 

  85. 

  86. def _get_account_by_openid_or_email(provider: str, user_info: OAuthUserInfo) -> Optional[Account]:
    87. 

  87.     account = Account.get_by_openid(provider, user_info.id)
    88. 

  88. 

  89.     if not account:
    90. 

  90.         account = Account.query.filter_by(email=user_info.email).first()
    91. 

  91. 

  92.     return account
    93. 

  93. 

  94. 

  95. def _generate_account(provider: str, user_info: OAuthUserInfo):
    96. 

  96.     # Get account by openid or email.
    97. 

  97.     account = _get_account_by_openid_or_email(provider, user_info)
    98. 

  98. 

  99.     if not account:
    100. 

  100.         # Create account
    101. 

  101.         account_name = user_info.name if user_info.name else 'Dify'
    102. 

  102.         account = RegisterService.register(
    103. 

  103.             email=user_info.email,
    104. 

  104.             name=account_name,
    105. 

  105.             password=None,
    106. 

  106.             open_id=user_info.id,
    107. 

  107.             provider=provider
    108. 

  108.         )
    109. 

  109. 

  110.         # Set interface language
    111. 

  111.         preferred_lang = request.accept_languages.best_match(['zh', 'en'])
    112. 

  112.         if preferred_lang == 'zh':
    113. 

  113.             interface_language = 'zh-Hans'
    114. 

  114.         else:
    115. 

  115.             interface_language = 'en-US'
    116. 

  116.         account.interface_language = interface_language
    117. 

  117.         db.session.commit()
    118. 

  118. 

  119.     # Link account
    120. 

  120.     AccountService.link_account_integrate(provider, user_info.id, account)
    121. 

  121. 

  122.     return account
    123. 

  123. 

  124. 

  125. api.add_resource(OAuthLogin, '/oauth/login/<provider>')
    126. 

  126. api.add_resource(OAuthCallback, '/oauth/authorize/<provider>')
    127.