From e193568ee817bfeb03a0d22cfbaadb7cf73af7e5 Mon Sep 17 00:00:00 2001
From: wood chen <wood@czl.net>
Date: Fri, 21 Feb 2025 17:54:17 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20=E6=94=B9=E8=BF=9B=20OAuth=20?=
 =?UTF-8?q?=E5=8F=82=E6=95=B0=E5=A4=84=E7=90=86=E5=92=8C=E9=94=99=E8=AF=AF?=
 =?UTF-8?q?=E5=A4=84=E7=90=86=E6=9C=BA=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/actions/user-authorize.ts          | 26 +++++++++++++--------
 src/app/api/auth/q58/route.ts          | 31 ++++++++++++++-----------
 src/components/auth/user-auth-form.tsx | 32 ++++++++++++++++++++------
 3 files changed, 59 insertions(+), 30 deletions(-)

diff --git a/src/actions/user-authorize.ts b/src/actions/user-authorize.ts
index b550cd8..ecaf92f 100644
--- a/src/actions/user-authorize.ts
+++ b/src/actions/user-authorize.ts
@@ -14,17 +14,23 @@ export async function signIn(data: Record<string, any>) {
   const params = new URLSearchParams(atob(sso));
   const returnSsoUrl = params.get("return_sso_url");
 
-  if (returnSsoUrl) {
-    // 解析 return_sso_url 中的参数
-    const returnUrl = new URL(returnSsoUrl);
-    const hasOAuthParams = returnUrl.searchParams.has("client_id");
-
-    if (hasOAuthParams) {
-      // 如果 URL 中包含 OAuth 参数，直接重定向（此时应该是 /authorize 页面）
-      redirect(returnSsoUrl);
-    }
+  if (!returnSsoUrl) {
+    redirect("/dashboard");
   }
 
-  // 如果没有有效的重定向 URL，默认到仪表板
+  // 检查是否是 OAuth 流程
+  try {
+    const returnUrl = new URL(returnSsoUrl);
+    const isOAuthFlow = returnUrl.pathname.startsWith("/oauth/authorize");
+
+    if (isOAuthFlow) {
+      // 如果是 OAuth 流程，继续授权流程
+      redirect(returnSsoUrl);
+    }
+  } catch (error) {
+    console.error("Invalid return URL:", error);
+  }
+
+  // 默认重定向到仪表板
   redirect("/dashboard");
 }
diff --git a/src/app/api/auth/q58/route.ts b/src/app/api/auth/q58/route.ts
index 499d759..4635c10 100644
--- a/src/app/api/auth/q58/route.ts
+++ b/src/app/api/auth/q58/route.ts
@@ -11,22 +11,27 @@ const clientSecret = process.env.DISCOURSE_SECRET as string;
 
 export async function POST(req: Request) {
   const nonce = WordArray.random(16).toString();
-  const referer = headers().get("referer") || "";
-  const url = new URL(referer);
-  const searchParams = url.searchParams.toString();
 
-  // 保存原始的 OAuth 参数到 cookie，用于后续重定向
-  if (searchParams) {
-    cookies().set("oauth_params", searchParams, {
-      maxAge: 60 * 10, // 10分钟过期
-      path: "/",
-    });
+  // 尝试从请求体中获取 OAuth 参数
+  let oauthParams = "";
+  try {
+    const body = await req.json();
+    if (body.oauth_params) {
+      oauthParams = body.oauth_params;
+      // 保存 OAuth 参数到 cookie
+      cookies().set("oauth_params", oauthParams, {
+        maxAge: 60 * 10, // 10分钟过期
+        path: "/",
+      });
+    }
+  } catch (error) {
+    console.error("Failed to parse request body:", error);
   }
 
-  // 设置 SSO 回调地址，将 OAuth 参数编码后传递
-  const return_url = searchParams
-    ? `${hostUrl}/authorize?${searchParams}` // 直接将 OAuth 参数附加到回调 URL
-    : `${hostUrl}/dashboard`; // 如果没有 OAuth 参数，回到仪表板
+  // 设置回调地址
+  const return_url = oauthParams
+    ? `${hostUrl}/authorize?${oauthParams}` // OAuth流程：回到授权页面
+    : `${hostUrl}/dashboard`; // 普通登录：直接到仪表板
 
   const sso = btoa(
     `nonce=${nonce}&return_sso_url=${encodeURIComponent(return_url)}`,
diff --git a/src/components/auth/user-auth-form.tsx b/src/components/auth/user-auth-form.tsx
index 2150ab9..6dda46c 100644
--- a/src/components/auth/user-auth-form.tsx
+++ b/src/components/auth/user-auth-form.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import * as React from "react";
-import { useRouter } from "next/navigation";
+import { useRouter, useSearchParams } from "next/navigation";
 import { Loader2, MessageCircleCode } from "lucide-react";
 
 import { cn } from "@/lib/utils";
@@ -19,20 +19,38 @@ export function UserAuthForm({
   const [isLoading, setIsLoading] = React.useState<boolean>(false);
   const router = useRouter();
   const { toast } = useToast();
+  const searchParams = useSearchParams();
 
   const signIn = () => {
     React.startTransition(async () => {
-      const response = await fetch("/api/auth/q58", { method: "POST" });
-      if (!response.ok || response.status !== 200) {
+      try {
+        // 构建请求体，包含 OAuth 参数
+        const body: Record<string, any> = {};
+        if (searchParams?.toString()) {
+          body.oauth_params = searchParams.toString();
+        }
+
+        const response = await fetch("/api/auth/q58", {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify(body),
+        });
+
+        if (!response.ok) {
+          throw new Error(response.statusText);
+        }
+
+        const data: DiscourseData = await response.json();
+        router.push(data.sso_url);
+      } catch (error) {
         setIsLoading(false);
         toast({
           variant: "destructive",
           title: "内部服务异常",
-          description: response.statusText,
+          description: error instanceof Error ? error.message : "未知错误",
         });
-      } else {
-        let data: DiscourseData = await response.json();
-        router.push(data.sso_url);
       }
     });
   };