feat(auth): support shared session tokens and device/node pairing integration

2026-01-30 23:12:01 +08:00 · 2026-01-30 23:12:01 +08:00 · 400c56e72d
commit 400c56e72d
parent 27835a8259
4 changed files with 32 additions and 8 deletions
--- a/api/api.go
+++ b/api/api.go
@ -12,6 +12,7 @@ import (
 	"log/slog"
 	"math/big"
 	"net/http"
+	"net/url"
 	"strings"
 	"sync"
 	"time"
@ -2367,7 +2368,12 @@ func (h *handler) oauthCallback(c *gin.Context) {
 	if frontendURL == "" {
 		frontendURL = "http://localhost:3000"
 	}
-	targetURL := fmt.Sprintf("%s/login?public_token=%s", strings.TrimSuffix(frontendURL, "/"), publicToken)
+	targetURL := fmt.Sprintf("%s/login?public_token=%s&userId=%s&email=%s&role=%s",
+		strings.TrimSuffix(frontendURL, "/"),
+		publicToken,
+		user.ID,
+		url.QueryEscape(user.Email),
+		user.Role)
 	c.Redirect(http.StatusTemporaryRedirect, targetURL)
 }

--- a/cmd/accountsvc/main.go
+++ b/cmd/accountsvc/main.go
@ -261,17 +261,25 @@ func runServer(ctx context.Context, cfg *config.Config, logger *slog.Logger) err
 	oauthProviders := make(map[string]auth.OAuthProvider)
 	if cfg.Auth.Enable {
 		if cfg.Auth.OAuth.GitHub.ClientID != "" {
+			redirectURL := cfg.Auth.OAuth.GitHub.RedirectURL
+			if redirectURL == "" {
+				redirectURL = cfg.Auth.OAuth.RedirectURL
+			}
 			oauthProviders["github"] = auth.NewGitHubProvider(
 				cfg.Auth.OAuth.GitHub.ClientID,
 				cfg.Auth.OAuth.GitHub.ClientSecret,
-				cfg.Auth.OAuth.RedirectURL,
+				redirectURL,
 			)
 		}
 		if cfg.Auth.OAuth.Google.ClientID != "" {
+			redirectURL := cfg.Auth.OAuth.Google.RedirectURL
+			if redirectURL == "" {
+				redirectURL = cfg.Auth.OAuth.RedirectURL
+			}
 			oauthProviders["google"] = auth.NewGoogleProvider(
 				cfg.Auth.OAuth.Google.ClientID,
 				cfg.Auth.OAuth.Google.ClientSecret,
-				cfg.Auth.OAuth.RedirectURL,
+				redirectURL,
 			)
 		}
 	}
--- a/config/account.yaml
+++ b/config/account.yaml
@ -7,11 +7,20 @@ auth:
  enable: true
  token:
    # Fixed token authentication mechanism
-    publicToken: "xcontrol-public-token-2024"
-    refreshSecret: "xcontrol-refresh-secret-2024"
-    accessSecret: "xcontrol-access-secret-2024"
-    accessExpiry: "1h"
-    refreshExpiry: "168h"
+    publicToken: "${AUTH_TOKEN_PUBLIC_TOKEN:-xcontrol-public-token-2024}"
+    refreshSecret: "${AUTH_TOKEN_REFRESH_SECRET:-xcontrol-refresh-secret-2024}"
+    accessSecret: "${AUTH_TOKEN_ACCESS_SECRET:-xcontrol-access-secret-2024}"
+    accessExpiry: "${AUTH_TOKEN_ACCESS_EXPIRY:-1h}"
+    refreshExpiry: "${AUTH_TOKEN_REFRESH_EXPIRY:-168h}"
+  oauth:
+    redirectUrl: "${OAUTH_REDIRECT_URL}"
+    frontendUrl: "${OAUTH_FRONTEND_URL:-https://console.svc.plus}"
+    github:
+      clientId: "${GITHUB_CLIENT_ID}"
+      clientSecret: "${GITHUB_CLIENT_SECRET}"
+    google:
+      clientId: "${GOOGLE_CLIENT_ID}"
+      clientSecret: "${GOOGLE_CLIENT_SECRET}"

 server:
  addr: ":8080"
--- a/config/config.go
+++ b/config/config.go
@ -93,6 +93,7 @@ type OAuth struct {
 type OAuthProvider struct {
 	ClientID     string `yaml:"clientId"`
 	ClientSecret string `yaml:"clientSecret"`
+	RedirectURL  string `yaml:"redirectUrl"`
 }

 // Token defines token authentication configuration.