Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9d08c61390 | ||
|
|
6f092472b1 | ||
|
|
4876746f7a | ||
|
|
05d2d1642a | ||
|
|
59fdd6424b | ||
|
|
0feee5115f |
@@ -94,8 +94,8 @@
|
||||
- 对于`OIDC`, `Issuer`是必须的。`Scopes`是可选的,默认为 `openid,profile,email`. 确保可以获取 `sub`,`email` 和`preferred_username`
|
||||
- `github oauth app`在`Settings`->`Developer settings`->`OAuth Apps`->`New OAuth App`
|
||||
中创建,地址 [https://github.com/settings/developers](https://github.com/settings/developers)
|
||||
- `Authorization callback URL`填写`http://<your server[:port]>/api/oauth/callback`
|
||||
,比如`http://127.0.0.1:21114/api/oauth/callback`
|
||||
- `Authorization callback URL`填写`http://<your server[:port]>/api/oidc/callback`
|
||||
,比如`http://127.0.0.1:21114/api/oidc/callback`
|
||||
7. 登录日志
|
||||
8. 链接日志
|
||||
9. 文件传输日志
|
||||
|
||||
@@ -94,8 +94,8 @@ displaying data.Frontend code is available at [rustdesk-api-web](https://github.
|
||||
- For `OIDC`, you must set the `Issuer`. And `Scopes` is optional which default is `openid,email,profile`, please make sure this `Oauth App` can access `sub`, `email` and `preferred_username`
|
||||
- Create a `GitHub OAuth App`
|
||||
at `Settings` -> `Developer settings` -> `OAuth Apps` -> `New OAuth App` [here](https://github.com/settings/developers).
|
||||
- Set the `Authorization callback URL` to `http://<your server[:port]>/api/oauth/callback`,
|
||||
e.g., `http://127.0.0.1:21114/api/oauth/callback`.
|
||||
- Set the `Authorization callback URL` to `http://<your server[:port]>/api/oidc/callback`,
|
||||
e.g., `http://127.0.0.1:21114/api/oidc/callback`.
|
||||
|
||||
7. Login logs
|
||||
8. Connection logs
|
||||
@@ -164,8 +164,7 @@ The table below does not list all configurations. Please refer to the configurat
|
||||
| RUSTDESK_API_APP_DISABLE_PWD_LOGIN | disable password login | `false` |
|
||||
| RUSTDESK_API_APP_REGISTER_STATUS | register user default status ; 1 enabled , 2 disabled ; default 1 | `1` |
|
||||
| RUSTDESK_API_APP_CAPTCHA_THRESHOLD | captcha threshold; -1 disabled, 0 always enable, >0 threshold ;default `3` | `3` |
|
||||
| RUSTDESK_API_APP_BAN_THRESHOLD | ban ip threshold; 0 disabled, >0 threshold ; default `0`
|
||||
| `0` |
|
||||
| RUSTDESK_API_APP_BAN_THRESHOLD | ban ip threshold; 0 disabled, >0 threshold ; default `0` | `0` |
|
||||
| ----- ADMIN Configuration----- | ---------- | ---------- |
|
||||
| RUSTDESK_API_ADMIN_TITLE | Admin Title | `RustDesk Api Admin` |
|
||||
| RUSTDESK_API_ADMIN_HELLO | Admin welcome message, you can use `html` | |
|
||||
@@ -325,4 +324,4 @@ Thanks to everyone who contributed!
|
||||
<img src="https://contrib.rocks/image?repo=lejianwen/rustdesk-api" />
|
||||
</a>
|
||||
|
||||
## Thanks for your support! If you find this project useful, please give it a ⭐️. Thank you!
|
||||
## Thanks for your support! If you find this project useful, please give it a ⭐️. Thank you!
|
||||
|
||||
@@ -954,35 +954,6 @@ const docTemplateapi = `{
|
||||
}
|
||||
}
|
||||
},
|
||||
"/oauth/callback": {
|
||||
"get": {
|
||||
"description": "OauthCallback",
|
||||
"consumes": [
|
||||
"application/json"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"Oauth"
|
||||
],
|
||||
"summary": "OauthCallback",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/api.LoginRes"
|
||||
}
|
||||
},
|
||||
"500": {
|
||||
"description": "Internal Server Error",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/response.ErrorResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/oidc/auth": {
|
||||
"post": {
|
||||
"description": "OidcAuth",
|
||||
@@ -1041,6 +1012,35 @@ const docTemplateapi = `{
|
||||
}
|
||||
}
|
||||
},
|
||||
"/oidc/callback": {
|
||||
"get": {
|
||||
"description": "OauthCallback",
|
||||
"consumes": [
|
||||
"application/json"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"Oauth"
|
||||
],
|
||||
"summary": "OauthCallback",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/api.LoginRes"
|
||||
}
|
||||
},
|
||||
"500": {
|
||||
"description": "Internal Server Error",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/response.ErrorResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/peers": {
|
||||
"get": {
|
||||
"security": [
|
||||
|
||||
@@ -947,35 +947,6 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"/oauth/callback": {
|
||||
"get": {
|
||||
"description": "OauthCallback",
|
||||
"consumes": [
|
||||
"application/json"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"Oauth"
|
||||
],
|
||||
"summary": "OauthCallback",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/api.LoginRes"
|
||||
}
|
||||
},
|
||||
"500": {
|
||||
"description": "Internal Server Error",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/response.ErrorResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/oidc/auth": {
|
||||
"post": {
|
||||
"description": "OidcAuth",
|
||||
@@ -1034,6 +1005,35 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"/oidc/callback": {
|
||||
"get": {
|
||||
"description": "OauthCallback",
|
||||
"consumes": [
|
||||
"application/json"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"tags": [
|
||||
"Oauth"
|
||||
],
|
||||
"summary": "OauthCallback",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/api.LoginRes"
|
||||
}
|
||||
},
|
||||
"500": {
|
||||
"description": "Internal Server Error",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/response.ErrorResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/peers": {
|
||||
"get": {
|
||||
"security": [
|
||||
|
||||
@@ -792,25 +792,6 @@ paths:
|
||||
summary: 登出
|
||||
tags:
|
||||
- 登录
|
||||
/oauth/callback:
|
||||
get:
|
||||
consumes:
|
||||
- application/json
|
||||
description: OauthCallback
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
$ref: '#/definitions/api.LoginRes'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/response.ErrorResponse'
|
||||
summary: OauthCallback
|
||||
tags:
|
||||
- Oauth
|
||||
/oidc/auth:
|
||||
post:
|
||||
consumes:
|
||||
@@ -849,6 +830,25 @@ paths:
|
||||
summary: OidcAuthQuery
|
||||
tags:
|
||||
- Oauth
|
||||
/oidc/callback:
|
||||
get:
|
||||
consumes:
|
||||
- application/json
|
||||
description: OauthCallback
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
$ref: '#/definitions/api.LoginRes'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/response.ErrorResponse'
|
||||
summary: OauthCallback
|
||||
tags:
|
||||
- Oauth
|
||||
/peers:
|
||||
get:
|
||||
consumes:
|
||||
|
||||
@@ -169,6 +169,8 @@ func (ct *Login) LoginOptions(c *gin.Context) {
|
||||
"ops": ops,
|
||||
"register": global.Config.App.Register,
|
||||
"need_captcha": needCaptcha,
|
||||
"disable_pwd": global.Config.App.DisablePwdLogin,
|
||||
"auto_oidc": global.Config.App.DisablePwdLogin && len(ops) == 1,
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@@ -98,10 +98,10 @@ func (abc *AddressBookCollection) Update(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
u := service.AllService.UserService.CurUser(c)
|
||||
if f.UserId != u.Id {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
|
||||
return
|
||||
}
|
||||
//if f.UserId != u.Id {
|
||||
// response.Fail(c, 101, response.TranslateMsg(c, "NoAccess"))
|
||||
// return
|
||||
//}
|
||||
ex := service.AllService.AddressBookService.CollectionInfoById(f.Id)
|
||||
if ex.Id == 0 {
|
||||
response.Fail(c, 101, response.TranslateMsg(c, "ItemNotFound"))
|
||||
|
||||
@@ -143,7 +143,7 @@ func (o *Oauth) OidcAuthQuery(c *gin.Context) {
|
||||
// @Produce json
|
||||
// @Success 200 {object} apiResp.LoginRes
|
||||
// @Failure 500 {object} response.ErrorResponse
|
||||
// @Router /oauth/callback [get]
|
||||
// @Router /oidc/callback [get]
|
||||
func (o *Oauth) OauthCallback(c *gin.Context) {
|
||||
state := c.Query("state")
|
||||
if state == "" {
|
||||
|
||||
@@ -49,6 +49,10 @@ func ApiInit(g *gin.Engine) {
|
||||
frg.GET("/oauth/callback", o.OauthCallback)
|
||||
frg.GET("/oauth/login", o.OauthCallback)
|
||||
frg.GET("/oauth/msg", o.Message)
|
||||
|
||||
frg.GET("/oidc/callback", o.OauthCallback)
|
||||
frg.GET("/oidc/login", o.OauthCallback)
|
||||
frg.GET("/oidc/msg", o.Message)
|
||||
}
|
||||
{
|
||||
pe := &api.Peer{}
|
||||
|
||||
@@ -5,8 +5,8 @@ other = "測試2 {{.P0}}"
|
||||
|
||||
[ParamsError]
|
||||
description = "Params validation failed."
|
||||
one = "引數錯誤。"
|
||||
other = "引數錯誤。"
|
||||
one = "參數驗證失敗。"
|
||||
other = "參數驗證失敗。"
|
||||
|
||||
[OperationFailed]
|
||||
description = "OperationFailed."
|
||||
@@ -20,18 +20,18 @@ other = "操作成功。"
|
||||
|
||||
[ItemExists]
|
||||
description = "Item already exists."
|
||||
one = "資料已存在。"
|
||||
other = "資料已存在。"
|
||||
one = "項目已存在。"
|
||||
other = "項目已存在。"
|
||||
|
||||
[ItemNotFound]
|
||||
description = "Item not found."
|
||||
one = "資料不存在。"
|
||||
other = "資料不存在。"
|
||||
one = "找不到項目。"
|
||||
other = "找不到項目。"
|
||||
|
||||
[NoAccess]
|
||||
description = "No access."
|
||||
one = "無許可權。"
|
||||
other = "無許可權。"
|
||||
one = "無權限存取。"
|
||||
other = "無權限存取。"
|
||||
|
||||
[NeedLogin]
|
||||
description = "Need login."
|
||||
@@ -50,24 +50,23 @@ other = "系統錯誤。"
|
||||
|
||||
[ConfigNotFound]
|
||||
description = "Config not found."
|
||||
one = "配置不存在。"
|
||||
other = "配置不存在。"
|
||||
one = "找不到設定。"
|
||||
other = "找不到設定。"
|
||||
|
||||
#授權過期
|
||||
[OauthExpired]
|
||||
description = "Oauth expired."
|
||||
one = "授權過期,請重新授權。"
|
||||
other = "授權過期,請重新授權。"
|
||||
one = "OAuth 已過期,請重試。"
|
||||
other = "OAuth 已過期,請重試。"
|
||||
|
||||
[OauthFailed]
|
||||
description = "Oauth failed."
|
||||
one = "授權失敗。"
|
||||
other = "授權失敗。"
|
||||
one = "OAuth 失敗。"
|
||||
other = "OAuth 失敗。"
|
||||
|
||||
[OauthHasBindOtherUser]
|
||||
description = "Oauth has bind other user."
|
||||
one = "授權已繫結其他使用者。"
|
||||
other = "授權已繫結其他使用者。"
|
||||
one = "OAuth 已綁定其他使用者。"
|
||||
other = "OAuth 已綁定其他使用者。"
|
||||
|
||||
[ParamIsEmpty]
|
||||
description = "Param is empty."
|
||||
@@ -76,56 +75,64 @@ other = "{{.P0}} 為空。"
|
||||
|
||||
[BindFail]
|
||||
description = "Bind fail."
|
||||
one = "繫結失敗。"
|
||||
other = "繫結失敗。"
|
||||
one = "綁定失敗。"
|
||||
other = "綁定失敗。"
|
||||
|
||||
[BindSuccess]
|
||||
description = "Bind success."
|
||||
one = "繫結成功。"
|
||||
other = "繫結成功。"
|
||||
one = "綁定成功。"
|
||||
other = "綁定成功。"
|
||||
|
||||
[OauthHasBeenSuccess]
|
||||
description = "Oauth has been success."
|
||||
one = "授權已成功。"
|
||||
other = "授權已成功。"
|
||||
one = "OAuth 已成功。"
|
||||
other = "OAuth 已成功。"
|
||||
|
||||
[OauthSuccess]
|
||||
description = "Oauth success."
|
||||
one = "授權成功。"
|
||||
other = "授權成功。"
|
||||
one = "OAuth 成功。"
|
||||
other = "OAuth 成功。"
|
||||
|
||||
[OauthRegisterSuccess]
|
||||
description = "Oauth register success."
|
||||
one = "授權註冊成功。"
|
||||
other = "授權註冊成功。"
|
||||
one = "OAuth 註冊成功。"
|
||||
other = "OAuth 註冊成功。"
|
||||
|
||||
[OauthRegisterFailed]
|
||||
description = "Oauth register failed."
|
||||
one = "授權註冊失敗。"
|
||||
other = "授權註冊失敗。"
|
||||
one = "OAuth 註冊失敗。"
|
||||
other = "OAuth 註冊失敗。"
|
||||
|
||||
[GetOauthTokenError]
|
||||
description = "Get oauth token error."
|
||||
one = "獲取授權token失敗。"
|
||||
other = "獲取授權token失敗。"
|
||||
one = "取得 OAuth 權杖錯誤。"
|
||||
other = "取得 OAuth 權杖錯誤。"
|
||||
|
||||
[GetOauthUserInfoError]
|
||||
description = "Get oauth user info error."
|
||||
one = "獲取授權使用者資訊失敗。"
|
||||
other = "獲取授權使用者資訊失敗。"
|
||||
one = "取得 OAuth 使用者資訊錯誤。"
|
||||
other = "取得 OAuth 使用者資訊錯誤。"
|
||||
|
||||
[DecodeOauthUserInfoError]
|
||||
description = "Decode oauth user info error."
|
||||
one = "解析授權使用者資訊失敗。"
|
||||
other = "解析授權使用者資訊失敗。"
|
||||
one = "解析 OAuth 使用者資訊錯誤。"
|
||||
other = "解析 OAuth 使用者資訊錯誤。"
|
||||
|
||||
[OldPasswordError]
|
||||
description = "Old password error."
|
||||
one = "舊密碼錯誤。"
|
||||
other = "舊密碼錯誤。"
|
||||
|
||||
|
||||
[DefaultGroup]
|
||||
description = "Default group."
|
||||
one = "預設組"
|
||||
other = "預設組"
|
||||
one = "預設群組"
|
||||
other = "預設群組"
|
||||
|
||||
[ShareGroup]
|
||||
description = "Share group."
|
||||
one = "共享組"
|
||||
other = "共享組"
|
||||
one = "共享群組"
|
||||
other = "共享群組"
|
||||
|
||||
[RegisterClosed]
|
||||
description = "Register closed."
|
||||
one = "註冊已關閉。"
|
||||
@@ -143,20 +150,20 @@ other = "驗證碼錯誤。"
|
||||
|
||||
[PwdLoginDisabled]
|
||||
description = "Password login disabled."
|
||||
one = "密碼登錄已禁用。"
|
||||
other = "密碼登錄已禁用。"
|
||||
one = "密碼登入已停用。"
|
||||
other = "密碼登入已停用。"
|
||||
|
||||
[CannotShareToSelf]
|
||||
description = "Cannot share to self."
|
||||
one = "無法共享給自己。"
|
||||
other = "無法共享給自己。"
|
||||
one = "無法分享給自己。"
|
||||
other = "無法分享給自己。"
|
||||
|
||||
[Banned]
|
||||
description = "Banned."
|
||||
one = "禁止使用。"
|
||||
other = "禁止使用。"
|
||||
one = "已被禁用。"
|
||||
other = "已被禁用。"
|
||||
|
||||
[RegisterSuccessWaitAdminConfirm]
|
||||
description = "Register success wait admin confirm."
|
||||
one = "註冊成功,請等待管理員確認。"
|
||||
other = "註冊成功,請等待管理員確認。"
|
||||
description = "Register success, wait admin confirm."
|
||||
one = "註冊成功,等待管理員確認。"
|
||||
other = "註冊成功,等待管理員確認。"
|
||||
|
||||
@@ -62,7 +62,7 @@
|
||||
var title = 'OauthFailed'
|
||||
var msg = '{{.message}}'
|
||||
var btn = 'Close'
|
||||
document.writeln('<script src="/api/oauth/msg?lang=' + lang + '&msg=' + msg + '&title=OauthFailed"><\/script>');
|
||||
document.writeln('<script src="/api/oidc/msg?lang=' + lang + '&msg=' + msg + '&title=OauthFailed"><\/script>');
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -61,7 +61,7 @@
|
||||
var title = 'OauthSuccess'
|
||||
var msg = '{{.message}}'
|
||||
var btn = 'Close'
|
||||
document.writeln('<script src="/api/oauth/msg?lang=' + lang + '&msg=' + msg + '&title=OauthSuccess"><\/script>');
|
||||
document.writeln('<script src="/api/oidc/msg?lang=' + lang + '&msg=' + msg + '&title=OauthSuccess"><\/script>');
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@@ -180,14 +180,12 @@ func (os *OauthService) GetOauthConfig(c *gin.Context, op string) (err error, oa
|
||||
if oauthInfo.Id == 0 || oauthInfo.ClientId == "" || oauthInfo.ClientSecret == "" {
|
||||
return errors.New("ConfigNotFound"), nil, nil, nil
|
||||
}
|
||||
host := c.GetHeader("Origin")
|
||||
if host == "" {
|
||||
host = Config.Rustdesk.ApiServer
|
||||
}
|
||||
redirectUrl := os.buildRedirectURL(c)
|
||||
Logger.Debug("Redirect URL: ", redirectUrl)
|
||||
oauthConfig = &oauth2.Config{
|
||||
ClientID: oauthInfo.ClientId,
|
||||
ClientSecret: oauthInfo.ClientSecret,
|
||||
RedirectURL: host + "/api/oidc/callback",
|
||||
RedirectURL: redirectUrl,
|
||||
}
|
||||
|
||||
// Maybe should validate the oauthConfig here
|
||||
@@ -529,3 +527,22 @@ func (os *OauthService) getGithubPrimaryEmail(client *http.Client, githubUser *m
|
||||
|
||||
return fmt.Errorf("no primary verified email found")
|
||||
}
|
||||
|
||||
func (os *OauthService) buildRedirectURL(c *gin.Context) string {
|
||||
baseUrl := Config.Rustdesk.ApiServer
|
||||
host := c.Request.Host
|
||||
|
||||
if host != "" {
|
||||
scheme := c.GetHeader("X-Forwarded-Proto")
|
||||
if scheme == "" {
|
||||
if c.Request.TLS != nil {
|
||||
scheme = "https"
|
||||
} else {
|
||||
scheme = "http"
|
||||
}
|
||||
}
|
||||
baseUrl = fmt.Sprintf("%s://%s", scheme, host)
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s/api/oidc/callback", baseUrl)
|
||||
}
|
||||
@@ -5,7 +5,8 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
var capdString = base64Captcha.NewDriverString(50, 150, 0, 5, 4, "123456789abcdefghijklmnopqrstuvwxyz", nil, nil, nil)
|
||||
var capdString = base64Captcha.NewDriverString(50, 150, 0, 5, 4, "123456789abcdefghijklmnopqrstuvwxyz", nil, nil,
|
||||
[]string{"3Dumb.ttf", "ApothecaryFont.ttf", "Comismsh.ttf", "Flim-Flam.ttf", "RitaSmith.ttf", "wqy-microhei.ttc"})
|
||||
|
||||
var capdMath = base64Captcha.NewDriverMath(50, 150, 3, 10, nil, nil, nil)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user