feat: use api with open_id instead of webhooks

2025-06-05 22:09:59 +02:00 · 2022-07-05 22:04:17 +08:00
parent c6695121f0
commit 592e037f21
2 changed files with 18 additions and 229 deletions
--- a/server/basic_auth.go
+++ b/server/basic_auth.go
@ -54,11 +54,28 @@ func removeUserSession(c echo.Context) error {
 // Use session to store user.id.
 func BasicAuthMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		// Skips auth
+		// Skip auth for some paths.
 		if common.HasPrefixes(c.Path(), "/api/auth", "/api/ping", "/api/status") {
 			return next(c)
 		}

+		// If there is openId in query string and related user is found, then skip auth.
+		openID := c.QueryParam("openId")
+		if openID != "" {
+			userFind := &api.UserFind{
+				OpenID: &openID,
+			}
+			user, err := s.Store.FindUser(userFind)
+			if err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err)
+			}
+			if user != nil {
+				// Stores userID into context.
+				c.Set(getUserIDContextKey(), user.ID)
+				return next(c)
+			}
+		}
+
 		sess, err := session.Get("session", c)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing session").SetInternal(err)