diff --git a/src/app/(auth)/authorize/page.tsx b/src/app/(auth)/authorize/page.tsx index 5cb738f..b1ac047 100644 --- a/src/app/(auth)/authorize/page.tsx +++ b/src/app/(auth)/authorize/page.tsx @@ -1,25 +1,11 @@ "use client"; -import { useEffect } from "react"; import Link from "next/link"; -import { useRouter, useSearchParams } from "next/navigation"; import { MessageCircleCode } from "lucide-react"; import { UserAuthForm } from "@/components/auth/user-auth-form"; export default function AuthPage() { - const router = useRouter(); - const searchParams = useSearchParams(); - - useEffect(() => { - // 如果有 OAuth 参数,重定向回 /oauth/authorize - if (searchParams.has("response_type") && searchParams.has("client_id")) { - console.log("检测到 OAuth 参数,准备重定向到 /oauth/authorize"); - router.replace(`/oauth/authorize?${searchParams.toString()}`); - return; - } - }, [router, searchParams]); - return (
diff --git a/src/app/(oauth)/oauth/authorize/page.tsx b/src/app/(oauth)/oauth/authorize/page.tsx index ce0b43d..700ef60 100644 --- a/src/app/(oauth)/oauth/authorize/page.tsx +++ b/src/app/(oauth)/oauth/authorize/page.tsx @@ -1,16 +1,11 @@ -import { redirect } from "next/navigation"; - import { getClientByClientId } from "@/lib/dto/client"; -import { getCurrentUser } from "@/lib/session"; import { Authorizing } from "@/components/auth/authorizing"; -import { ErrorCard } from "@/components/auth/error-card"; -export interface AuthorizeParams { - scope?: string; +export interface AuthorizeParams extends Record { + scope: string; response_type: string; client_id: string; redirect_uri: string; - state?: string; } export default async function OAuthAuthorization({ @@ -18,98 +13,22 @@ export default async function OAuthAuthorization({ }: { searchParams: AuthorizeParams; }) { - // 检查用户是否已登录 - const user = await getCurrentUser(); - if (!user?.id) { - // 直接使用原始的 URL 参数进行重定向 - const params = new URLSearchParams(); - Object.entries(searchParams).forEach(([key, value]) => { - if (value) params.append(key, value); - }); - redirect(`/sign-in?${params.toString()}`); - } - - // 验证必要的参数 + // params invalid if ( !searchParams.response_type || !searchParams.client_id || !searchParams.redirect_uri ) { - return ( -
- -
- ); + throw new Error("Params invalid"); } - // 验证 response_type - if (searchParams.response_type !== "code") { - return ( -
- -
- ); - } - - // 验证客户端 + // client invalid const client = await getClientByClientId(searchParams.client_id); - if (!client) { - return ( -
- -
- ); + if (!client || client.redirectUri !== searchParams.redirect_uri) { + throw new Error("Client not found"); } - // 检查应用是否被禁用 - if (!client.enabled) { - return ( -
- -
- ); - } - - // 检查回调地址是否匹配 - if (client.redirectUri !== searchParams.redirect_uri) { - return ( -
- -
- ); - } - - // 使用原始的 Authorizing 组件处理授权流程 + // Authorizing ... return (
diff --git a/src/app/api/auth/q58/route.ts b/src/app/api/auth/q58/route.ts index 8773dac..e5126f8 100644 --- a/src/app/api/auth/q58/route.ts +++ b/src/app/api/auth/q58/route.ts @@ -10,31 +10,13 @@ const discourseHost = process.env.DISCOURSE_HOST as string; const clientSecret = process.env.DISCOURSE_SECRET as string; export async function POST(req: Request) { - console.log("开始处理 SSO 登录请求..."); - try { const nonce = WordArray.random(16).toString(); - let return_url = `${hostUrl}/authorize`; + const return_url = `${hostUrl}/authorize`; - try { - const body = await req.json(); - console.log("收到请求体:", body); - - if (body.return_url) { - return_url = `${hostUrl}${body.return_url}`; - console.log("使用自定义 return_url:", return_url); - } else { - console.log("使用默认 return_url:", return_url); - } - } catch (error) { - console.error("解析请求体失败:", error); - } - - console.log("生成 SSO 参数..."); const sso = btoa(`nonce=${nonce}&return_sso_url=${return_url}`); const sig = hmacSHA256(sso, clientSecret).toString(Hex); - console.log("设置 nonce cookie..."); cookies().set(AUTH_NONCE, nonce, { maxAge: 60 * 10, path: "/", @@ -43,18 +25,15 @@ export async function POST(req: Request) { }); const sso_url = `${discourseHost}/session/sso_provider?sso=${sso}&sig=${sig}`; - console.log("生成 SSO URL:", sso_url); return Response.json({ sso_url: sso_url, }); } catch (error) { console.error("SSO 处理错误:", error); - const errorMessage = error instanceof Error ? error.message : String(error); return Response.json( { error: "处理登录请求时发生错误", - details: errorMessage, }, { status: 500 }, ); diff --git a/src/components/auth/authorizing.tsx b/src/components/auth/authorizing.tsx index a77f724..9a6aace 100644 --- a/src/components/auth/authorizing.tsx +++ b/src/components/auth/authorizing.tsx @@ -5,7 +5,6 @@ import { useRouter, useSearchParams } from "next/navigation"; import { getDiscourseSSOUrl } from "@/actions/discourse-sso-url"; import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"; -import { ErrorCard } from "@/components/auth/error-card"; export function Authorizing() { const router = useRouter(); diff --git a/src/components/auth/user-auth-form.tsx b/src/components/auth/user-auth-form.tsx index 933153e..c2b4fed 100644 --- a/src/components/auth/user-auth-form.tsx +++ b/src/components/auth/user-auth-form.tsx @@ -1,18 +1,13 @@ "use client"; import * as React from "react"; -import { useRouter, useSearchParams } from "next/navigation"; +import { useRouter } from "next/navigation"; import { Loader2, MessageCircleCode } from "lucide-react"; -import { signIn } from "next-auth/react"; import { cn } from "@/lib/utils"; import { useToast } from "@/hooks/use-toast"; import { buttonVariants } from "@/components/ui/button"; -interface DiscourseData { - sso_url: string; -} - export function UserAuthForm({ className, ...props @@ -20,61 +15,28 @@ export function UserAuthForm({ const [isLoading, setIsLoading] = React.useState(false); const router = useRouter(); const { toast } = useToast(); - const searchParams = useSearchParams(); async function handleSignIn() { try { - // 如果有 SSO 参数,使用 credentials provider 登录 - if (searchParams.has("sso") && searchParams.has("sig")) { - console.log("检测到 SSO 参数,使用 credentials provider 登录"); - const result = await signIn("credentials", { - sso: searchParams.get("sso"), - sig: searchParams.get("sig"), - redirect: false, - }); - - if (result?.error) { - throw new Error(result.error); - } - - // 登录成功后刷新页面 - router.refresh(); - return; - } - - // 如果有 OAuth 参数,发起 SSO 登录 - const body: Record = {}; - if (searchParams.has("response_type") && searchParams.has("client_id")) { - body.return_url = `/oauth/authorize?${searchParams.toString()}`; - console.log("正在处理 OAuth 登录,return_url:", body.return_url); - } - - console.log("发送登录请求..."); + setIsLoading(true); const response = await fetch("/api/auth/q58", { method: "POST", headers: { "Content-Type": "application/json", }, - body: JSON.stringify(body), }); if (!response.ok) { - const errorData = await response.text(); - console.error("登录请求失败:", errorData); - throw new Error(`登录请求失败: ${errorData}`); + throw new Error("登录请求失败"); } const data = await response.json(); - console.log("获取到 SSO URL:", data.sso_url); window.location.href = data.sso_url; } catch (error) { console.error("登录错误:", error); toast({ title: "登录失败", - description: - error instanceof Error - ? error.message - : "登录过程中发生错误,请稍后重试", + description: "登录过程中发生错误,请稍后重试", variant: "destructive", }); setIsLoading(false); @@ -86,10 +48,7 @@ export function UserAuthForm({