refactor: Improve SSO authentication flow with enhanced error handling and parameter processing

- Update Q58 route to handle dynamic OAuth parameters - Add error handling and logging for SSO URL generation - Modify UserAuthForm to preserve and pass OAuth parameters during authentication - Implement more robust error handling in authentication process
2025-07-18 14:01:55 +08:00 · 2025-02-21 13:15:53 +08:00 · 2025-02-21 13:15:53 +08:00 · 379fceb26b
commit 379fceb26b
parent 1e519738ea
2 changed files with 63 additions and 17 deletions
--- a/src/app/api/auth/q58/route.ts
+++ b/src/app/api/auth/q58/route.ts
@ -1,3 +1,5 @@
+"use server";
+
 import { cookies } from "next/headers";
 import Hex from "crypto-js/enc-hex";
 import hmacSHA256 from "crypto-js/hmac-sha256";
@ -10,15 +12,36 @@ const discourseHost = process.env.DISCOURSE_HOST as string;
 const clientSecret = process.env.DISCOURSE_SECRET as string;

 export async function POST(req: Request) {
-  const nonce = WordArray.random(16).toString();
-  const url = new URL(req.url);
-  const originalParams = url.searchParams.toString();
-  const return_url = `${hostUrl}/q58/callback?${originalParams}`;
-  const sso = btoa(`nonce=${nonce}&return_sso_url=${encodeURI(return_url)}`);
-  const sig = hmacSHA256(sso, clientSecret).toString(Hex);
+  try {
+    const nonce = WordArray.random(16).toString();
+    const url = new URL(req.url);

-  cookies().set(AUTH_NONCE, nonce, { maxAge: 60 * 10 });
-  return Response.json({
-    sso_url: `${discourseHost}/session/sso_provider?sso=${sso}&sig=${sig}`,
-  });
+    // 从请求中获取原始的 OAuth 参数
+    const searchParams = new URLSearchParams(await req.text());
+    const oauth = searchParams.get("oauth") || "";
+
+    // 构建回调 URL
+    const callbackUrl = new URL("/q58/callback", hostUrl);
+    if (oauth) {
+      callbackUrl.searchParams.set("oauth", oauth);
+    }
+
+    // 构建 SSO 参数
+    const ssoParams = new URLSearchParams();
+    ssoParams.set("nonce", nonce);
+    ssoParams.set("return_sso_url", callbackUrl.toString());
+
+    const sso = btoa(ssoParams.toString());
+    const sig = hmacSHA256(sso, clientSecret).toString(Hex);
+
+    // 设置 nonce cookie
+    cookies().set(AUTH_NONCE, nonce, { maxAge: 60 * 10 });
+
+    return Response.json({
+      sso_url: `${discourseHost}/session/sso_provider?sso=${sso}&sig=${sig}`,
+    });
+  } catch (error) {
+    console.error("SSO URL generation error:", error);
+    return Response.json({ error: "Internal server error" }, { status: 500 });
+  }
 }
--- a/src/components/auth/user-auth-form.tsx
+++ b/src/components/auth/user-auth-form.tsx
@ -1,7 +1,7 @@
 "use client";

 import * as React from "react";
-import { useRouter } from "next/navigation";
+import { useRouter, useSearchParams } from "next/navigation";
 import { Loader2, MessageCircleCode } from "lucide-react";

 import { cn } from "@/lib/utils";
@ -19,20 +19,43 @@ export function UserAuthForm({
  const [isLoading, setIsLoading] = React.useState<boolean>(false);
  const router = useRouter();
  const { toast } = useToast();
+  const searchParams = useSearchParams();

  const signIn = () => {
    React.startTransition(async () => {
-      const response = await fetch("/api/auth/q58", { method: "POST" });
-      if (!response.ok || response.status !== 200) {
+      try {
+        // 获取当前的 OAuth 参数
+        const params = new URLSearchParams();
+        if (searchParams) {
+          const keys = Array.from(searchParams.keys());
+          keys.forEach((key) => {
+            const value = searchParams.get(key);
+            if (value) params.set(key, value);
+          });
+        }
+
+        const response = await fetch("/api/auth/q58", {
+          method: "POST",
+          body: params,
+        });
+
+        if (!response.ok) {
+          throw new Error(response.statusText);
+        }
+
+        const data: DiscourseData = await response.json();
+        if (data.sso_url) {
+          router.push(data.sso_url);
+        } else {
+          throw new Error("Invalid SSO URL");
+        }
+      } catch (error) {
        setIsLoading(false);
        toast({
          variant: "destructive",
          title: "内部服务异常",
-          description: response.statusText,
+          description: error instanceof Error ? error.message : "未知错误",
        });
-      } else {
-        let data: DiscourseData = await response.json();
-        router.push(data.sso_url);
      }
    });
  };