♻️ Refactor the get userinfo endpoint for oidc

2025-01-27 19:34:48 +08:00 · 2025-01-27 19:34:48 +08:00 · dd9a44d126
commit dd9a44d126
parent dc2de65245
4 changed files with 39 additions and 15 deletions
--- a/pkg/internal/http/api/accounts_api.go
+++ b/pkg/internal/http/api/accounts_api.go
@ -68,18 +68,6 @@ func getUserinfo(c *fiber.Ctx) error {
 	raw, _ := jsoniter.Marshal(data)
 	_ = jsoniter.Unmarshal(raw, &resp)

-	// Used to support OIDC standard
-	resp["sub"] = strconv.Itoa(int(data.ID))
-	resp["family_name"] = data.Profile.FirstName
-	resp["given_name"] = data.Profile.LastName
-	resp["name"] = data.Name
-	resp["email"] = data.GetPrimaryEmail().Content
-	resp["preferred_username"] = data.Nick
-
-	if data.Avatar != nil {
-		resp["picture"] = *data.GetAvatar()
-	}
-
 	return c.JSON(resp)
 }

--- a/pkg/internal/http/api/index.go
+++ b/pkg/internal/http/api/index.go
@ -60,6 +60,7 @@ func MapAPIs(app *fiber.App, baseURL string) {
 			me.Put("/banner", setBanner)

 			me.Get("/", getUserinfo)
+			me.Get("/oidc", getUserinfoForOidc)
 			me.Put("/", updateUserinfo)
 			me.Get("/events", getEvents)
 			me.Get("/tickets", getTickets)
--- a/pkg/internal/http/api/userinfo_api.go
+++ b/pkg/internal/http/api/userinfo_api.go
@ -3,13 +3,16 @@ package api
 import (
 	"context"
 	"fmt"
+	"strconv"
+	"strings"
+
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
 	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
 	localCache "git.solsynth.dev/hypernet/passport/pkg/internal/cache"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/http/exts"
 	"github.com/eko/gocache/lib/v4/cache"
 	"github.com/eko/gocache/lib/v4/marshaler"
 	"gorm.io/gorm"
-	"strconv"
-	"strings"

 	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
 	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
@ -92,3 +95,35 @@ func getOtherUserinfoBatch(c *fiber.Ctx) error {

 	return c.JSON(accounts)
 }
+
+func getUserinfoForOidc(c *fiber.Ctx) error {
+	if err := exts.EnsureAuthenticated(c); err != nil {
+		return err
+	}
+	user := c.Locals("user").(models.Account)
+
+	var data models.Account
+	if err := database.C.
+		Where(&models.Account{BaseModel: models.BaseModel{ID: user.ID}}).
+		Preload("Profile").
+		Preload("Contacts").
+		Preload("Badges").
+		First(&data).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	} else {
+		data.PermNodes = c.Locals("nex_user").(*sec.UserInfo).PermNodes
+	}
+
+	return c.JSON(fiber.Map{
+		"sub":                fmt.Sprintf("%d", data.ID),
+		"family_name":        data.Profile.FirstName,
+		"given_name":         data.Profile.LastName,
+		"name":               data.Name,
+		"email":              data.GetPrimaryEmail().Content,
+		"email_verified":     data.GetPrimaryEmail().VerifiedAt != nil,
+		"preferred_username": data.Nick,
+		"picture":            data.GetAvatar(),
+		"birthdate":          data.Profile.Birthday,
+		"updated_at":         data.UpdatedAt,
+	})
+}
--- a/pkg/internal/http/api/well_known_api.go
+++ b/pkg/internal/http/api/well_known_api.go
@ -16,7 +16,7 @@ func getOidcConfiguration(c *fiber.Ctx) error {
 		"issuer":                                           viper.GetString("security.issuer"),
 		"authorization_endpoint":                           fmt.Sprintf("%s/authorize", basepath),
 		"token_endpoint":                                   fmt.Sprintf("%s/api/auth/token", basepath),
-		"userinfo_endpoint":                                fmt.Sprintf("%s/api/users/me", basepath),
+		"userinfo_endpoint":                                fmt.Sprintf("%s/api/users/me/oidc", basepath),
 		"response_types_supported":                         []string{"code", "token"},
 		"grant_types_supported":                            []string{"authorization_code", "implicit", "refresh_token"},
 		"subject_types_supported":                          []string{"public"},