Domů Procházet Nápověda
Registrovat se Přihlásit se
shenzhen
/
tjdify
Sledovat 2
Oblíbit 0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: 0ad9dbea63
Větve Značky
tjdify
/
api
/
controllers
/
console
/
auth
/
oauth.py

oauth.py 4.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. import logging
    2. 

  2. from datetime import datetime, timezone
    3. 

  3. from typing import Optional
    4. 

  4. 

  5. import requests
    6. 

  6. from flask import current_app, redirect, request
    7. 

  7. from flask_restful import Resource
    8. 

  8. 

  9. from configs import dify_config
    10. 

  10. from constants.languages import languages
    11. 

  11. from extensions.ext_database import db
    12. 

  12. from libs.helper import get_remote_ip
    13. 

  13. from libs.oauth import GitHubOAuth, GoogleOAuth, OAuthUserInfo
    14. 

  14. from models.account import Account, AccountStatus
    15. 

  15. from services.account_service import AccountService, RegisterService, TenantService
    16. 

  16. 

  17. from .. import api
    18. 

  18. 

  19. 

  20. def get_oauth_providers():
    21. 

  21.     with current_app.app_context():
    22. 

  22.         if not dify_config.GITHUB_CLIENT_ID or not dify_config.GITHUB_CLIENT_SECRET:
    23. 

  23.             github_oauth = None
    24. 

  24.         else:
    25. 

  25.             github_oauth = GitHubOAuth(
    26. 

  26.                 client_id=dify_config.GITHUB_CLIENT_ID,
    27. 

  27.                 client_secret=dify_config.GITHUB_CLIENT_SECRET,
    28. 

  28.                 redirect_uri=dify_config.CONSOLE_API_URL + "/console/api/oauth/authorize/github",
    29. 

  29.             )
    30. 

  30.         if not dify_config.GOOGLE_CLIENT_ID or not dify_config.GOOGLE_CLIENT_SECRET:
    31. 

  31.             google_oauth = None
    32. 

  32.         else:
    33. 

  33.             google_oauth = GoogleOAuth(
    34. 

  34.                 client_id=dify_config.GOOGLE_CLIENT_ID,
    35. 

  35.                 client_secret=dify_config.GOOGLE_CLIENT_SECRET,
    36. 

  36.                 redirect_uri=dify_config.CONSOLE_API_URL + "/console/api/oauth/authorize/google",
    37. 

  37.             )
    38. 

  38. 

  39.         OAUTH_PROVIDERS = {"github": github_oauth, "google": google_oauth}
    40. 

  40.         return OAUTH_PROVIDERS
    41. 

  41. 

  42. 

  43. class OAuthLogin(Resource):
    44. 

  44.     def get(self, provider: str):
    45. 

  45.         OAUTH_PROVIDERS = get_oauth_providers()
    46. 

  46.         with current_app.app_context():
    47. 

  47.             oauth_provider = OAUTH_PROVIDERS.get(provider)
    48. 

  48.             print(vars(oauth_provider))
    49. 

  49.         if not oauth_provider:
    50. 

  50.             return {"error": "Invalid provider"}, 400
    51. 

  51. 

  52.         auth_url = oauth_provider.get_authorization_url()
    53. 

  53.         return redirect(auth_url)
    54. 

  54. 

  55. 

  56. class OAuthCallback(Resource):
    57. 

  57.     def get(self, provider: str):
    58. 

  58.         OAUTH_PROVIDERS = get_oauth_providers()
    59. 

  59.         with current_app.app_context():
    60. 

  60.             oauth_provider = OAUTH_PROVIDERS.get(provider)
    61. 

  61.         if not oauth_provider:
    62. 

  62.             return {"error": "Invalid provider"}, 400
    63. 

  63. 

  64.         code = request.args.get("code")
    65. 

  65.         try:
    66. 

  66.             token = oauth_provider.get_access_token(code)
    67. 

  67.             user_info = oauth_provider.get_user_info(token)
    68. 

  68.         except requests.exceptions.HTTPError as e:
    69. 

  69.             logging.exception(f"An error occurred during the OAuth process with {provider}: {e.response.text}")
    70. 

  70.             return {"error": "OAuth process failed"}, 400
    71. 

  71. 

  72.         account = _generate_account(provider, user_info)
    73. 

  73.         # Check account status
    74. 

  74.         if account.status in {AccountStatus.BANNED.value, AccountStatus.CLOSED.value}:
    75. 

  75.             return {"error": "Account is banned or closed."}, 403
    76. 

  76. 

  77.         if account.status == AccountStatus.PENDING.value:
    78. 

  78.             account.status = AccountStatus.ACTIVE.value
    79. 

  79.             account.initialized_at = datetime.now(timezone.utc).replace(tzinfo=None)
    80. 

  80.             db.session.commit()
    81. 

  81. 

  82.         TenantService.create_owner_tenant_if_not_exist(account)
    83. 

  83. 

  84.         token = AccountService.login(account, ip_address=get_remote_ip(request))
    85. 

  85. 

  86.         return redirect(f"{dify_config.CONSOLE_WEB_URL}?console_token={token}")
    87. 

  87. 

  88. 

  89. def _get_account_by_openid_or_email(provider: str, user_info: OAuthUserInfo) -> Optional[Account]:
    90. 

  90.     account = Account.get_by_openid(provider, user_info.id)
    91. 

  91. 

  92.     if not account:
    93. 

  93.         account = Account.query.filter_by(email=user_info.email).first()
    94. 

  94. 

  95.     return account
    96. 

  96. 

  97. 

  98. def _generate_account(provider: str, user_info: OAuthUserInfo):
    99. 

  99.     # Get account by openid or email.
    100. 

  100.     account = _get_account_by_openid_or_email(provider, user_info)
    101. 

  101. 

  102.     if not account:
    103. 

  103.         # Create account
    104. 

  104.         account_name = user_info.name or "Dify"
    105. 

  105.         account = RegisterService.register(
    106. 

  106.             email=user_info.email, name=account_name, password=None, open_id=user_info.id, provider=provider
    107. 

  107.         )
    108. 

  108. 

  109.         # Set interface language
    110. 

  110.         preferred_lang = request.accept_languages.best_match(languages)
    111. 

  111.         if preferred_lang and preferred_lang in languages:
    112. 

  112.             interface_language = preferred_lang
    113. 

  113.         else:
    114. 

  114.             interface_language = languages[0]
    115. 

  115.         account.interface_language = interface_language
    116. 

  116.         db.session.commit()
    117. 

  117. 

  118.     # Link account
    119. 

  119.     AccountService.link_account_integrate(provider, user_info.id, account)
    120. 

  120. 

  121.     return account
    122. 

  122. 

  123. 

  124. api.add_resource(OAuthLogin, "/oauth/login/<provider>")
    125. 

  125. api.add_resource(OAuthCallback, "/oauth/authorize/<provider>")
    126. 

  126.