up v

Add General OIDC Login

.dockerignore

@@ -0,0 +1,26 @@
+# Ignore Docker Compose configuration files
+docker-compose.yaml
+
+# Ignore development Dockerfile
+Dockerfile.dev
+
+# Ignore the data directory
+data/
+
+# Ignore version control system directories
+.git/
+
+# Ignore log and temporary files
+*.log
+*.tmp
+*.swp
+
+# Ignore editor/IDE configuration files
+.vscode/
+.idea/
+
+# Ignore binaries and build cache
+release/
+bin/
+*.exe
+*.out

Dockerfile.dev

@@ -0,0 +1,72 @@
+# Use build arguments for Go version and architecture
+ARG GO_VERSION=1.22
+ARG BUILDARCH=amd64
+
+# Stage 1: Builder Stage
+# FROM golang:${GO_VERSION}-alpine AS builder
+FROM crazymax/xgo:${GO_VERSION} AS builder
+
+# Set up working directory
+WORKDIR /app
+
+# Step 1: Copy the source code
+COPY . .
+
+# Step 2: Download dependencies
+RUN go mod tidy && go mod download
+
+
+# Step 3: Install swag and  Run the build script
+RUN go install github.com/swaggo/swag/cmd/swag@latest && \
+    swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin && \
+    swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
+
+# Build the Go application with CGO enabled and specified ldflags
+RUN CGO_ENABLED=1 GOOS=linux go build -a \
+    -ldflags "-s -w --extldflags '-static -fpic'" \
+    -installsuffix cgo -o release/apimain cmd/apimain.go
+
+# Stage 2: Frontend Build Stage (builder2)
+FROM node:18-alpine AS builder2
+
+# Set working directory
+WORKDIR /frontend
+
+RUN apk update && apk add git --no-cache
+
+# Clone the frontend repository
+RUN git clone https://github.com/lejianwen/rustdesk-api-web .
+
+# Install npm dependencies and build the frontend
+RUN npm install && npm run build
+
+# Stage 2: Final Image
+FROM alpine:latest
+
+# Set up working directory
+WORKDIR /app
+
+# Install necessary runtime dependencies
+RUN apk add --no-cache tzdata file
+
+# Copy the built application and resources from the builder stage
+COPY --from=builder /app/release /app/
+COPY --from=builder /app/conf /app/conf/
+COPY --from=builder /app/resources /app/resources/
+COPY --from=builder /app/docs /app/docs/
+# Copy frontend build from builder2 stage
+COPY --from=builder2 /frontend/dist/ /app/resources/admin/
+
+# Ensure the binary is correctly built and linked
+RUN file /app/apimain && \
+    mkdir -p /app/data && \
+    mkdir -p /app/runtime
+
+# Set up a volume for persistent data
+VOLUME /app/data
+
+# Expose the necessary port
+EXPOSE 21114
+
+# Define the command to run the application
+CMD ["./apimain"]

build.sh

@@ -1,16 +1,46 @@
 #!/bin/sh
 
-rm release -rf
+set -e
+# Automatically get the current environment's GOARCH; if not defined, use the detected system architecture
+GOARCH=${GOARCH:-$(go env GOARCH)}
+DOCS="true"
+# Safely remove the old release directory
+rm -rf release
+
+# Set Go environment variables
 go env -w GO111MODULE=on
 go env -w GOPROXY=https://goproxy.cn,direct
 go env -w CGO_ENABLED=1
 go env -w GOOS=linux
-go env -w GOARCH=amd64
-swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
-swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
+go env -w GOARCH=${GOARCH}
+
+
+# Generate Swagger documentation if DOCS is not empty
+if [ -n "${DOCS}" ]; then
+    # Check if swag is installed
+    if ! command -v swag &> /dev/null; then
+        echo "swag command not found. Please install it using:"
+        echo "go install github.com/swaggo/swag/cmd/swag@latest"
+        echo "Skipping Swagger documentation generation due to missing swag tool."
+    else
+        echo "Generating Swagger documentation..."
+        swag init -g cmd/apimain.go --output docs/api --instanceName api --exclude http/controller/admin
+        swag init -g cmd/apimain.go --output docs/admin --instanceName admin --exclude http/controller/api
+    fi
+else
+    echo "Skipping Swagger documentation generation due to DOCS is empty."
+fi
+
+# Compile the Go code and output it to the release directory
 go build -o release/apimain cmd/apimain.go
+
+# Copy resource files to the release directory
 cp -ar resources release/
 cp -ar docs release/
 cp -ar conf release/
+
+# Create necessary directory structures
 mkdir -p release/data
 mkdir -p release/runtime
+
+echo "Build and setup completed successfully."

cmd/apimain.go

@@ -101,7 +101,7 @@ func main() {
 }
 
 func DatabaseAutoUpdate() {
-	version := 240
+	version := 243
 
 	db := global.DB
 

config/oauth.go

@@ -11,3 +11,10 @@ type GoogleOauth struct {
 	ClientSecret string `mapstructure:"client-secret"`
 	RedirectUrl  string `mapstructure:"redirect-url"`
 }
+
+type OidcOauth struct {
+	Issuer       string `mapstructure:"issuer"`
+	ClientId     string `mapstructure:"client-id"`
+	ClientSecret string `mapstructure:"client-secret"`
+	RedirectUrl  string `mapstructure:"redirect-url"`
+}

docker-compose-dev.yaml

@@ -0,0 +1,20 @@
+services:
+  rustdesk-api:
+    build: 
+      context: .
+      dockerfile: Dockerfile.dev
+    # image: lejianwen/rustdesk-api
+    container_name: rustdesk-api
+    environment:
+      - TZ=Asia/Shanghai
+      - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
+      - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
+      - RUSTDESK_API_RUSTDESK_API_SERVER=http://127.0.0.1:21114
+      - RUSTDESK_API_RUSTDESK_KEY=123456789
+    ports:
+      - 21114:21114
+    volumes:
+      - ./data/rustdesk/api:/app/data #将数据库挂载出来方便备份
+      - ./conf:/app/conf # config
+      # - ./resources:/app/resources # 静态资源
+    restart: unless-stopped

docker-compose.yaml

@@ -6,10 +6,12 @@ services:
       - TZ=Asia/Shanghai
       - RUSTDESK_API_RUSTDESK_ID_SERVER=192.168.1.66:21116
       - RUSTDESK_API_RUSTDESK_RELAY_SERVER=192.168.1.66:21117
-      - RUSTDESK_API_RUSTDESK_API_SERVER=http://192.168.1.66:21114
+      - RUSTDESK_API_RUSTDESK_API_SERVER=http://127.0.0.1:21114
       - RUSTDESK_API_RUSTDESK_KEY=123456789
     ports:
       - 21114:21114
     volumes:
-      - /data/rustdesk/api:/app/data #将数据库挂载出来方便备份
+      - ./data/rustdesk/api:/app/data # database
+      # - ./conf:/app/conf # config
+      # - ./resources:/app/resources # 静态资源
     restart: unless-stopped

docs/admin/admin_docs.go

@@ -3164,11 +3164,17 @@ const docTemplateadmin = `{
                 "id": {
                     "type": "integer"
                 },
+                "issuer": {
+                    "type": "string"
+                },
                 "op": {
                     "type": "string"
                 },
                 "redirect_url": {
                     "type": "string"
+                },
+                "scopes": {
+                    "type": "string"
                 }
             }
         },
@@ -3749,12 +3755,18 @@ const docTemplateadmin = `{
                 "id": {
                     "type": "integer"
                 },
+                "issuer": {
+                    "type": "string"
+                },
                 "op": {
                     "type": "string"
                 },
                 "redirect_url": {
                     "type": "string"
                 },
+                "scopes": {
+                    "type": "string"
+                },
                 "updated_at": {
                     "type": "string"
                 }
@@ -3795,6 +3807,9 @@ const docTemplateadmin = `{
                 "id": {
                     "type": "string"
                 },
+                "last_online_ip": {
+                    "type": "string"
+                },
                 "last_online_time": {
                     "type": "integer"
                 },

docs/admin/admin_swagger.json

@@ -3157,11 +3157,17 @@
                 "id": {
                     "type": "integer"
                 },
+                "issuer": {
+                    "type": "string"
+                },
                 "op": {
                     "type": "string"
                 },
                 "redirect_url": {
                     "type": "string"
+                },
+                "scopes": {
+                    "type": "string"
                 }
             }
         },
@@ -3742,12 +3748,18 @@
                 "id": {
                     "type": "integer"
                 },
+                "issuer": {
+                    "type": "string"
+                },
                 "op": {
                     "type": "string"
                 },
                 "redirect_url": {
                     "type": "string"
                 },
+                "scopes": {
+                    "type": "string"
+                },
                 "updated_at": {
                     "type": "string"
                 }
@@ -3788,6 +3800,9 @@
                 "id": {
                     "type": "string"
                 },
+                "last_online_ip": {
+                    "type": "string"
+                },
                 "last_online_time": {
                     "type": "integer"
                 },

docs/admin/admin_swagger.yaml

@@ -105,10 +105,14 @@ definitions:
         type: string
       id:
         type: integer
+      issuer:
+        type: string
       op:
         type: string
       redirect_url:
         type: string
+      scopes:
+        type: string
     required:
     - client_id
     - client_secret
@@ -500,10 +504,14 @@ definitions:
         type: string
       id:
         type: integer
+      issuer:
+        type: string
       op:
         type: string
       redirect_url:
         type: string
+      scopes:
+        type: string
       updated_at:
         type: string
     type: object
@@ -530,6 +538,8 @@ definitions:
         type: string
       id:
         type: string
+      last_online_ip:
+        type: string
       last_online_time:
         type: integer
       memory:

docs/api/api_docs.go

@@ -834,7 +834,7 @@ const docTemplateapi = `{
             }
         },
         "/login-options": {
-            "post": {
+            "get": {
                 "description": "登录选项",
                 "consumes": [
                     "application/json"

docs/api/api_swagger.json

@@ -827,7 +827,7 @@
             }
         },
         "/login-options": {
-            "post": {
+            "get": {
                 "description": "登录选项",
                 "consumes": [
                     "application/json"

docs/api/api_swagger.yaml

@@ -715,7 +715,7 @@ paths:
       tags:
       - 登录
   /login-options:
-    post:
+    get:
       consumes:
       - application/json
       description: 登录选项

http/controller/admin/addressBook.go

@@ -234,7 +234,7 @@ func (ct *AddressBook) Update(c *gin.Context) {
 		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
-	err := service.AllService.AddressBookService.Update(t)
+	err := service.AllService.AddressBookService.UpdateAll(t)
 	if err != nil {
 		response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return

http/controller/admin/oauth.go

@@ -140,6 +140,13 @@ func (o *Oauth) Unbind(c *gin.Context) {
 			return
 		}
 	}
+	if f.Op == model.OauthTypeOidc {
+		err = service.AllService.OauthService.UnBindOidcUser(u.Id)
+		if err != nil {
+			response.Fail(c, 101, response.TranslateMsg(c, "OperationFailed")+err.Error())
+			return
+		}
+	}
 
 	response.Success(c, nil)
 }

http/controller/admin/peer.go

@@ -207,3 +207,21 @@ func (ct *Peer) BatchDelete(c *gin.Context) {
 	}
 	response.Success(c, nil)
 }
+
+func (ct *Peer) SimpleData(c *gin.Context) {
+	f := &admin.SimpleDataQuery{}
+	if err := c.ShouldBindJSON(f); err != nil {
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError")+err.Error())
+		return
+	}
+	if len(f.Ids) == 0 {
+		response.Fail(c, 101, response.TranslateMsg(c, "ParamsError"))
+		return
+	}
+	res := service.AllService.PeerService.List(1, 99999, func(tx *gorm.DB) {
+		//可以公开的情报
+		tx.Select("id,version")
+		tx.Where("id in (?)", f.Ids)
+	})
+	response.Success(c, res)
+}

http/controller/api/ab.go

@@ -689,9 +689,9 @@ func (a *Ab) PeerDel(c *gin.Context) {
 // @Router /ab/peer/update/{guid} [put]
 // @Security BearerAuth
 func (a *Ab) PeerUpdate(c *gin.Context) {
-	//f := &gin.H{}
-	f := &requstform.PersonalAddressBookForm{}
-	err := c.ShouldBindJSON(f)
+	f := gin.H{}
+	//f := &requstform.PersonalAddressBookForm{}
+	err := c.ShouldBindJSON(&f)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
@@ -709,17 +709,33 @@ func (a *Ab) PeerUpdate(c *gin.Context) {
 		response.Error(c, response.TranslateMsg(c, "NoAccess"))
 		return
 	}
-
 	//fmt.Println(f)
-	//return
-	ab := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(uid, f.Id, cid)
+	//判断f["Id"]是否存在
+	fid, ok := f["id"]
+	if !ok {
+		response.Error(c, response.TranslateMsg(c, "ParamsError"))
+		return
+	}
+	fidstr := fid.(string)
+
+	ab := service.AllService.AddressBookService.InfoByUserIdAndIdAndCid(uid, fidstr, cid)
 	if ab == nil || ab.RowId == 0 {
 		response.Error(c, response.TranslateMsg(c, "ItemNotFound"))
 		return
 	}
-	nab := f.ToAddressBook()
-	nab.RowId = ab.RowId
-	err = service.AllService.AddressBookService.Update(nab)
+	//允许的字段
+	allowUp := []string{"password", "hash", "tags", "alias"}
+	//f中的字段如果不在allowUp中，就删除
+	for k := range f {
+		if !utils.InArray(k, allowUp) {
+			delete(f, k)
+		}
+	}
+	//fmt.Println(f)
+	if tags, _ok := f["tags"]; _ok {
+		f["tags"], _ = json.Marshal(tags)
+	}
+	err = service.AllService.AddressBookService.UpdateByMap(ab, f)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, "OperationFailed")+err.Error())
 		return

http/controller/api/index.go

@@ -54,10 +54,9 @@ func (i *Index) Heartbeat(c *gin.Context) {
 		c.JSON(http.StatusOK, gin.H{})
 		return
 	}
-	//如果在一分钟以内则不更新
-	if time.Now().Unix()-peer.LastOnlineTime > 60 {
-		peer.LastOnlineTime = time.Now().Unix()
-		upp := &model.Peer{RowId: peer.RowId, LastOnlineTime: peer.LastOnlineTime}
+	//如果在40s以内则不更新
+	if time.Now().Unix()-peer.LastOnlineTime > 40 {
+		upp := &model.Peer{RowId: peer.RowId, LastOnlineTime: time.Now().Unix(), LastOnlineIp: c.ClientIP()}
 		service.AllService.PeerService.Update(upp)
 	}
 	c.JSON(http.StatusOK, gin.H{})

http/controller/api/login.go

@@ -81,7 +81,7 @@ func (l *Login) Login(c *gin.Context) {
 // @Produce  json
 // @Success 200 {object} []string
 // @Failure 500 {object} response.ErrorResponse
-// @Router /login-options [post]
+// @Router /login-options [get]
 func (l *Login) LoginOptions(c *gin.Context) {
 	oauthOks := []string{}
 	err, _ := service.AllService.OauthService.GetOauthConfig(model.OauthTypeGithub)
@@ -92,6 +92,10 @@ func (l *Login) LoginOptions(c *gin.Context) {
 	if err == nil {
 		oauthOks = append(oauthOks, model.OauthTypeGoogle)
 	}
+	err, _ = service.AllService.OauthService.GetOauthConfig(model.OauthTypeOidc)
+	if err == nil {
+		oauthOks = append(oauthOks, model.OauthTypeOidc)
+	}
 	oauthOks = append(oauthOks, model.OauthTypeWebauth)
 	var oidcItems []map[string]string
 	for _, v := range oauthOks {

http/controller/api/ouath.go

@@ -32,7 +32,7 @@ func (o *Oauth) OidcAuth(c *gin.Context) {
 		response.Error(c, response.TranslateMsg(c, "ParamsError")+err.Error())
 		return
 	}
-	if f.Op != model.OauthTypeWebauth && f.Op != model.OauthTypeGoogle && f.Op != model.OauthTypeGithub {
+	if f.Op != model.OauthTypeWebauth && f.Op != model.OauthTypeGoogle && f.Op != model.OauthTypeGithub && f.Op != model.OauthTypeOidc {
 		response.Error(c, response.TranslateMsg(c, "ParamsError"))
 		return
 	}
@@ -254,6 +254,70 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
 			return
 		}
 	}
+	if ty == model.OauthTypeOidc {
+		code := c.Query("code")
+		err, userData := service.AllService.OauthService.OidcCallback(code)
+		if err != nil {
+			c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthFailed")+response.TranslateMsg(c, err.Error()))
+			return
+		}
+		//将空格替换成_
+		// OidcName := strings.Replace(userData.Name, " ", "_", -1)
+		if ac == service.OauthActionTypeBind {
+			//fmt.Println("bind", ty, userData)
+			utr := service.AllService.OauthService.UserThirdInfo(ty, userData.Sub)
+			if utr.UserId > 0 {
+				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBindOtherUser"))
+				return
+			}
+			//绑定
+			u := service.AllService.UserService.InfoById(v.UserId)
+			if u == nil {
+				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "ItemNotFound"))
+				return
+			}
+			//绑定, user preffered_username as username
+			err = service.AllService.OauthService.BindOidcUser(userData.Sub, userData.PreferredUsername, v.UserId)
+			if err != nil {
+				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "BindFail"))
+				return
+			}
+			c.String(http.StatusOK, response.TranslateMsg(c, "BindSuccess"))
+			return
+		} else if ac == service.OauthActionTypeLogin {
+			if v.UserId != 0 {
+				c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthHasBeenSuccess"))
+				return
+			}
+			u := service.AllService.UserService.InfoByOidcSub(userData.Sub)
+			if u == nil {
+				oa := service.AllService.OauthService.InfoByOp(ty)
+				if !*oa.AutoRegister {
+					//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")
+
+					v.ThirdName = userData.PreferredUsername
+					v.ThirdOpenId = userData.Sub
+					v.ThirdEmail = userData.Email
+					url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
+					c.Redirect(http.StatusFound, url)
+					return
+				}
+
+				//自动注册
+				u = service.AllService.UserService.RegisterByOidc(userData.PreferredUsername, userData.Sub)
+				if u.Id == 0 {
+					c.String(http.StatusInternalServerError, response.TranslateMsg(c, "OauthRegisterFailed"))
+					return
+				}
+			}
+
+			v.UserId = u.Id
+			service.AllService.OauthService.SetOauthCache(cacheKey, v, 0)
+			c.String(http.StatusOK, response.TranslateMsg(c, "OauthSuccess"))
+			return
+		}
+	}
+
 	c.String(http.StatusInternalServerError, response.TranslateMsg(c, "SystemError"))
 
 }

http/request/admin/oauth.go

@@ -15,6 +15,8 @@ type UnBindOauthForm struct {
 type OauthForm struct {
 	Id           uint   `json:"id"`
 	Op           string `json:"op" validate:"required"`
+	Issuer	     string `json:"issuer" validate:"omitempty,url"`
+	Scopes	   	 string `json:"scopes" validate:"omitempty"`
 	ClientId     string `json:"client_id" validate:"required"`
 	ClientSecret string `json:"client_secret" validate:"required"`
 	RedirectUrl  string `json:"redirect_url" validate:"required"`
@@ -28,6 +30,8 @@ func (of *OauthForm) ToOauth() *model.Oauth {
 		ClientSecret: of.ClientSecret,
 		RedirectUrl:  of.RedirectUrl,
 		AutoRegister: of.AutoRegister,
+		Issuer:       of.Issuer,
+		Scopes:       of.Scopes,
 	}
 	oa.Id = of.Id
 	return oa

http/request/admin/peer.go

@@ -39,3 +39,7 @@ type PeerQuery struct {
 	Id       string `json:"id" form:"id"`
 	Hostname string `json:"hostname" form:"hostname"`
 }
+
+type SimpleDataQuery struct {
+	Ids []string `json:"ids" form:"ids"`
+}

http/router/admin.go

@@ -112,6 +112,7 @@ func PeerBind(rg *gin.RouterGroup) {
 		aR.POST("/create", cont.Create)
 		aR.POST("/update", cont.Update)
 		aR.POST("/delete", cont.Delete)
+		aR.POST("/simpleData", cont.SimpleData)
 
 		arp := aR.Use(middleware.AdminPrivilege())
 		arp.POST("/batchDelete", cont.BatchDelete)

lib/lock/local_test.go

@@ -51,30 +51,22 @@ func TestLocal_GetLock(t *testing.T) {
 func TestLocal_Lock(t *testing.T) {
 	l := NewLocal()
 	wg := sync.WaitGroup{}
-	wg.Add(3)
+	m := 10
+	wg.Add(m)
 	i := 0
-	go func() {
-		l.Lock("key")
-		fmt.Println("l1", i)
-		i++
-		l.UnLock("key")
-		wg.Done()
-	}()
-	go func() {
-		l.Lock("key")
-		fmt.Println("l2", i)
-		i++
-		l.UnLock("key")
-		wg.Done()
-	}()
-	go func() {
-		l.Lock("key")
-		fmt.Println("l3", i)
-		i++
-		l.UnLock("key")
-		wg.Done()
-	}()
+	for j := 0; j < m; j++ {
+		go func() {
+			l.Lock("key")
+			//fmt.Println(j, i)
+			i++
+			fmt.Println(j, i)
+			l.UnLock("key")
+			wg.Done()
+		}()
+	}
+
 	wg.Wait()
+	fmt.Println(i)
 
 }
 func TestSyncMap(t *testing.T) {

model/oauth.go

@@ -7,12 +7,15 @@ type Oauth struct {
 	ClientSecret string `json:"client_secret"`
 	RedirectUrl  string `json:"redirect_url"`
 	AutoRegister *bool  `json:"auto_register"`
+	Scopes       string `json:"scopes"`
+	Issuer	     string `json:"issuer"`
 	TimeModel
 }
 
 const (
 	OauthTypeGithub  = "github"
 	OauthTypeGoogle  = "google"
+	OauthTypeOidc    = "oidc"
 	OauthTypeWebauth = "webauth"
 )
 

model/peer.go

@@ -11,8 +11,9 @@ type Peer struct {
 	Uuid           string `json:"uuid"  gorm:"default:'';not null;index"`
 	Version        string `json:"version"  gorm:"default:'';not null;"`
 	UserId         uint   `json:"user_id"  gorm:"default:0;not null;index"`
-	User           User   `json:"user,omitempty" gorm:""`
+	User           *User  `json:"user,omitempty"`
 	LastOnlineTime int64  `json:"last_online_time"  gorm:"default:0;not null;"`
+	LastOnlineIp   string `json:"last_online_ip"  gorm:"default:'';not null;"`
 	TimeModel
 }
 

model/user.go

@@ -2,7 +2,7 @@ package model
 
 type User struct {
 	IdModel
-	Username string     `json:"username" gorm:"default:'';not null;index,unique"`
+	Username string     `json:"username" gorm:"default:'';not null;uniqueIndex"`
 	Password string     `json:"-" gorm:"default:'';not null;"`
 	Nickname string     `json:"nickname" gorm:"default:'';not null;"`
 	Avatar   string     `json:"avatar" gorm:"default:'';not null;"`

service/addressBook.go

@@ -127,6 +127,16 @@ func (s *AddressBookService) Delete(u *model.AddressBook) error {
 
 // Update 更新
 func (s *AddressBookService) Update(u *model.AddressBook) error {
+	return global.DB.Model(u).Updates(u).Error
+}
+
+// UpdateByMap 更新
+func (s *AddressBookService) UpdateByMap(u *model.AddressBook, data map[string]interface{}) error {
+	return global.DB.Model(u).Updates(data).Error
+}
+
+// UpdateAll 更新
+func (s *AddressBookService) UpdateAll(u *model.AddressBook) error {
 	return global.DB.Model(u).Select("*").Omit("created_at").Updates(u).Error
 }
 

service/oauth.go

@@ -15,10 +15,19 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 )
 
+// Define a struct to parse the .well-known/openid-configuration response
+type OidcEndpoint struct {
+	Issuer   string `json:"issuer"`
+	AuthURL  string `json:"authorization_endpoint"`
+	TokenURL string `json:"token_endpoint"`
+	UserInfo string `json:"userinfo_endpoint"`
+}
+
 type OauthService struct {
 }
 
@@ -78,6 +87,14 @@ type GoogleUserdata struct {
 	Picture       string `json:"picture"`
 	VerifiedEmail bool   `json:"verified_email"`
 }
+type OidcUserdata struct {
+	Sub               string `json:"sub"`
+	Email             string `json:"email"`
+	VerifiedEmail     bool   `json:"email_verified"`
+	Name              string `json:"name"`
+	PreferredUsername string `json:"preferred_username"`
+}
+
 type OauthCacheItem struct {
 	UserId      uint   `json:"user_id"`
 	Id          string `json:"id"` //rustdesk的设备ID
@@ -137,35 +154,102 @@ func (os *OauthService) BeginAuth(op string) (error error, code, url string) {
 	return err, code, ""
 }
 
-// GetOauthConfig 获取配置
+// Method to fetch OIDC configuration dynamically
+func FetchOidcConfig(issuer string) (error, OidcEndpoint) {
+	configURL := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
+
+	// Get the HTTP client (with or without proxy based on configuration)
+	client := getHTTPClientWithProxy()
+
+	resp, err := client.Get(configURL)
+	if err != nil {
+		return errors.New("failed to fetch OIDC configuration"), OidcEndpoint{}
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return errors.New("OIDC configuration not found, status code: %d"), OidcEndpoint{}
+	}
+
+	var endpoint OidcEndpoint
+	if err := json.NewDecoder(resp.Body).Decode(&endpoint); err != nil {
+		return errors.New("failed to parse OIDC configuration"), OidcEndpoint{}
+	}
+
+	return nil, endpoint
+}
+
+// GetOauthConfig retrieves the OAuth2 configuration based on the provider type
 func (os *OauthService) GetOauthConfig(op string) (error, *oauth2.Config) {
-	if op == model.OauthTypeGithub {
-		g := os.InfoByOp(model.OauthTypeGithub)
-		if g.Id == 0 || g.ClientId == "" || g.ClientSecret == "" || g.RedirectUrl == "" {
-			return errors.New("ConfigNotFound"), nil
-		}
-		return nil, &oauth2.Config{
-			ClientID:     g.ClientId,
-			ClientSecret: g.ClientSecret,
-			RedirectURL:  g.RedirectUrl,
-			Endpoint:     github.Endpoint,
-			Scopes:       []string{"read:user", "user:email"},
-		}
+	switch op {
+	case model.OauthTypeGithub:
+		return os.getGithubConfig()
+	case model.OauthTypeGoogle:
+		return os.getGoogleConfig()
+	case model.OauthTypeOidc:
+		return os.getOidcConfig()
+	default:
+		return errors.New("unsupported OAuth type"), nil
 	}
-	if op == model.OauthTypeGoogle {
-		g := os.InfoByOp(model.OauthTypeGoogle)
-		if g.Id == 0 || g.ClientId == "" || g.ClientSecret == "" || g.RedirectUrl == "" {
-			return errors.New("ConfigNotFound"), nil
-		}
-		return nil, &oauth2.Config{
-			ClientID:     g.ClientId,
-			ClientSecret: g.ClientSecret,
-			RedirectURL:  g.RedirectUrl,
-			Endpoint:     google.Endpoint,
-			Scopes:       []string{"https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"},
-		}
+}
+
+// Helper function to get GitHub OAuth2 configuration
+func (os *OauthService) getGithubConfig() (error, *oauth2.Config) {
+	g := os.InfoByOp(model.OauthTypeGithub)
+	if g.Id == 0 || g.ClientId == "" || g.ClientSecret == "" || g.RedirectUrl == "" {
+		return errors.New("ConfigNotFound"), nil
+	}
+	return nil, &oauth2.Config{
+		ClientID:     g.ClientId,
+		ClientSecret: g.ClientSecret,
+		RedirectURL:  g.RedirectUrl,
+		Endpoint:     github.Endpoint,
+		Scopes:       []string{"read:user", "user:email"},
+	}
+}
+
+// Helper function to get Google OAuth2 configuration
+func (os *OauthService) getGoogleConfig() (error, *oauth2.Config) {
+	g := os.InfoByOp(model.OauthTypeGoogle)
+	if g.Id == 0 || g.ClientId == "" || g.ClientSecret == "" || g.RedirectUrl == "" {
+		return errors.New("ConfigNotFound"), nil
+	}
+	return nil, &oauth2.Config{
+		ClientID:     g.ClientId,
+		ClientSecret: g.ClientSecret,
+		RedirectURL:  g.RedirectUrl,
+		Endpoint:     google.Endpoint,
+		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"},
+	}
+}
+
+// Helper function to get OIDC OAuth2 configuration
+func (os *OauthService) getOidcConfig() (error, *oauth2.Config) {
+	g := os.InfoByOp(model.OauthTypeOidc)
+	if g.Id == 0 || g.ClientId == "" || g.ClientSecret == "" || g.RedirectUrl == "" || g.Issuer == "" {
+		return errors.New("ConfigNotFound"), nil
+	}
+
+	// Set scopes
+	scopes := strings.TrimSpace(g.Scopes)
+	if scopes == "" {
+		scopes = "openid,profile,email"
+	}
+	scopeList := strings.Split(scopes, ",")
+	err, endpoint := FetchOidcConfig(g.Issuer)
+	if err != nil {
+		return err, nil
+	}
+	return nil, &oauth2.Config{
+		ClientID:     g.ClientId,
+		ClientSecret: g.ClientSecret,
+		RedirectURL:  g.RedirectUrl,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  endpoint.AuthURL,
+			TokenURL: endpoint.TokenURL,
+		},
+		Scopes: scopeList,
 	}
-	return errors.New("ConfigNotFound"), nil
 }
 
 func getHTTPClientWithProxy() *http.Client {
@@ -269,6 +353,53 @@ func (os *OauthService) GoogleCallback(code string) (error error, userData *Goog
 	return
 }
 
+func (os *OauthService) OidcCallback(code string) (error error, userData *OidcUserdata) {
+	err, oauthConfig := os.GetOauthConfig(model.OauthTypeOidc)
+	if err != nil {
+		return err, nil
+	}
+	// 使用代理配置创建 HTTP 客户端
+	httpClient := getHTTPClientWithProxy()
+	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
+
+	token, err := oauthConfig.Exchange(ctx, code)
+	if err != nil {
+		global.Logger.Warn("oauthConfig.Exchange() failed: ", err)
+		error = errors.New("GetOauthTokenError")
+		return
+	}
+
+	// 使用带有代理的 HTTP 客户端获取用户信息
+	client := oauthConfig.Client(ctx, token)
+	g := os.InfoByOp(model.OauthTypeOidc)
+	err, endpoint := FetchOidcConfig(g.Issuer)
+	if err != nil {
+		global.Logger.Warn("failed fetching OIDC configuration: ", err)
+		error = errors.New("FetchOidcConfigError")
+		return
+	}
+	resp, err := client.Get(endpoint.UserInfo)
+	if err != nil {
+		global.Logger.Warn("failed getting user info: ", err)
+		error = errors.New("GetOauthUserInfoError")
+		return
+	}
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			global.Logger.Warn("failed closing response body: ", err)
+		}
+	}(resp.Body)
+
+	// 解析用户信息
+	if err = json.NewDecoder(resp.Body).Decode(&userData); err != nil {
+		global.Logger.Warn("failed decoding user info: ", err)
+		error = errors.New("DecodeOauthUserInfoError")
+		return
+	}
+	return
+}
+
 func (os *OauthService) UserThirdInfo(op, openid string) *model.UserThird {
 	ut := &model.UserThird{}
 	global.DB.Where("open_id = ? and third_type = ?", openid, op).First(ut)
@@ -282,6 +413,11 @@ func (os *OauthService) BindGithubUser(openid, username string, userId uint) err
 func (os *OauthService) BindGoogleUser(email, username string, userId uint) error {
 	return os.BindOauthUser(model.OauthTypeGoogle, email, username, userId)
 }
+
+func (os *OauthService) BindOidcUser(sub, username string, userId uint) error {
+	return os.BindOauthUser(model.OauthTypeOidc, sub, username, userId)
+}
+
 func (os *OauthService) BindOauthUser(thirdType, openid, username string, userId uint) error {
 	utr := &model.UserThird{
 		OpenId:    openid,
@@ -298,6 +434,9 @@ func (os *OauthService) UnBindGithubUser(userid uint) error {
 func (os *OauthService) UnBindGoogleUser(userid uint) error {
 	return os.UnBindThird(model.OauthTypeGoogle, userid)
 }
+func (os *OauthService) UnBindOidcUser(userid uint) error {
+	return os.UnBindThird(model.OauthTypeOidc, userid)
+}
 func (os *OauthService) UnBindThird(thirdType string, userid uint) error {
 	return global.DB.Where("user_id = ? and third_type = ?", userid, thirdType).Delete(&model.UserThird{}).Error
 }

service/user.go

@@ -196,6 +196,11 @@ func (us *UserService) InfoByGoogleEmail(email string) *model.User {
 	return us.InfoByOauthId(model.OauthTypeGithub, email)
 }
 
+// InfoByOidcSub 根据oidc取用户信息
+func (us *UserService) InfoByOidcSub(sub string) *model.User {
+	return us.InfoByOauthId(model.OauthTypeOidc, sub)
+}
+
 // InfoByOauthId 根据oauth取用户信息
 func (us *UserService) InfoByOauthId(thirdType, uid string) *model.User {
 	ut := AllService.OauthService.UserThirdInfo(thirdType, uid)
@@ -219,22 +224,28 @@ func (us *UserService) RegisterByGoogle(name string, email string) *model.User {
 	return us.RegisterByOauth(model.OauthTypeGoogle, name, email)
 }
 
+// RegisterByOidc 注册, use PreferredUsername as username, sub as openid
+func (us *UserService) RegisterByOidc(PreferredUsername string, sub string) *model.User {
+	return us.RegisterByOauth(model.OauthTypeOidc, PreferredUsername, sub)
+}
+
 // RegisterByOauth 注册
 func (us *UserService) RegisterByOauth(thirdType, thirdName, uid string) *model.User {
+	global.Lock.Lock("registerByOauth")
+	defer global.Lock.UnLock("registerByOauth")
+	ut := AllService.OauthService.UserThirdInfo(thirdType, uid)
+	if ut.Id != 0 {
+		u := &model.User{}
+		global.DB.Where("id = ?", ut.UserId).First(u)
+		return u
+	}
+
 	tx := global.DB.Begin()
-	ut := &model.UserThird{
+	ut = &model.UserThird{
 		OpenId:    uid,
 		ThirdName: thirdName,
 		ThirdType: thirdType,
 	}
-	//global.DB.Where("open_id = ?", githubId).First(ut)
-	//这种情况不应该出现，如果出现说明有bug
-	//if ut.Id != 0 {
-	//	u := &model.User{}
-	//	global.DB.Where("id = ?", ut.UserId).First(u)
-	//	tx.Commit()
-	//	return u
-	//}
 
 	username := us.GenerateUsernameByOauth(thirdName)
 	u := &model.User{
@@ -242,6 +253,10 @@ func (us *UserService) RegisterByOauth(thirdType, thirdName, uid string) *model.
 		GroupId:  1,
 	}
 	global.DB.Create(u)
+	if u.Id == 0 {
+		tx.Rollback()
+		return u
+	}
 
 	ut.UserId = u.Id
 	global.DB.Create(ut)

utils/tools.go

@@ -91,3 +91,12 @@ func Values[K comparable, V any](m map[K]V) []V {
 	}
 	return values
 }
+
+func InArray(k string, arr []string) bool {
+	for _, v := range arr {
+		if k == v {
+			return true
+		}
+	}
+	return false
+}