OpenSource
/
dify
Watch 4
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 152 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2153 Commits
4 Branches
Tree: 4e3b0c5aea
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4e3b0c5aea'
${ noResults }
dify/api/controllers/console/auth/oauth.py

oauth.py 4.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. import logging

  2. from datetime import datetime, timezone

  3. from typing import Optional

  4. 

  5. import requests

  6. from flask import current_app, redirect, request

  7. from flask_restful import Resource

  8. 

  9. from constants.languages import languages

  10. from extensions.ext_database import db

  11. from libs.oauth import GitHubOAuth, GoogleOAuth, OAuthUserInfo

  12. from models.account import Account, AccountStatus

  13. from services.account_service import AccountService, RegisterService, TenantService

  14. 

  15. from .. import api

  16. 

  17. 

  18. def get_oauth_providers():

  19.     with current_app.app_context():

  20.         github_oauth = GitHubOAuth(client_id=current_app.config.get('GITHUB_CLIENT_ID'),

  21.                                    client_secret=current_app.config.get(

  22.                                        'GITHUB_CLIENT_SECRET'),

  23.                                    redirect_uri=current_app.config.get(

  24.                                        'CONSOLE_API_URL') + '/console/api/oauth/authorize/github')

  25. 

  26.         google_oauth = GoogleOAuth(client_id=current_app.config.get('GOOGLE_CLIENT_ID'),

  27.                                    client_secret=current_app.config.get(

  28.                                        'GOOGLE_CLIENT_SECRET'),

  29.                                    redirect_uri=current_app.config.get(

  30.                                        'CONSOLE_API_URL') + '/console/api/oauth/authorize/google')

  31. 

  32.         OAUTH_PROVIDERS = {

  33.             'github': github_oauth,

  34.             'google': google_oauth

  35.         }

  36.         return OAUTH_PROVIDERS

  37. 

  38. 

  39. class OAuthLogin(Resource):

  40.     def get(self, provider: str):

  41.         OAUTH_PROVIDERS = get_oauth_providers()

  42.         with current_app.app_context():

  43.             oauth_provider = OAUTH_PROVIDERS.get(provider)

  44.             print(vars(oauth_provider))

  45.         if not oauth_provider:

  46.             return {'error': 'Invalid provider'}, 400

  47. 

  48.         auth_url = oauth_provider.get_authorization_url()

  49.         return redirect(auth_url)

  50. 

  51. 

  52. class OAuthCallback(Resource):

  53.     def get(self, provider: str):

  54.         OAUTH_PROVIDERS = get_oauth_providers()

  55.         with current_app.app_context():

  56.             oauth_provider = OAUTH_PROVIDERS.get(provider)

  57.         if not oauth_provider:

  58.             return {'error': 'Invalid provider'}, 400

  59. 

  60.         code = request.args.get('code')

  61.         try:

  62.             token = oauth_provider.get_access_token(code)

  63.             user_info = oauth_provider.get_user_info(token)

  64.         except requests.exceptions.HTTPError as e:

  65.             logging.exception(

  66.                 f"An error occurred during the OAuth process with {provider}: {e.response.text}")

  67.             return {'error': 'OAuth process failed'}, 400

  68. 

  69.         account = _generate_account(provider, user_info)

  70.         # Check account status

  71.         if account.status == AccountStatus.BANNED.value or account.status == AccountStatus.CLOSED.value:

  72.             return {'error': 'Account is banned or closed.'}, 403

  73. 

  74.         if account.status == AccountStatus.PENDING.value:

  75.             account.status = AccountStatus.ACTIVE.value

  76.             account.initialized_at = datetime.now(timezone.utc).replace(tzinfo=None)

  77.             db.session.commit()

  78. 

  79.         TenantService.create_owner_tenant_if_not_exist(account)

  80. 

  81.         AccountService.update_last_login(account, request)

  82. 

  83.         token = AccountService.get_account_jwt_token(account)

  84. 

  85.         return redirect(f'{current_app.config.get("CONSOLE_WEB_URL")}?console_token={token}')

  86. 

  87. 

  88. def _get_account_by_openid_or_email(provider: str, user_info: OAuthUserInfo) -> Optional[Account]:

  89.     account = Account.get_by_openid(provider, user_info.id)

  90. 

  91.     if not account:

  92.         account = Account.query.filter_by(email=user_info.email).first()

  93. 

  94.     return account

  95. 

  96. 

  97. def _generate_account(provider: str, user_info: OAuthUserInfo):

  98.     # Get account by openid or email.

  99.     account = _get_account_by_openid_or_email(provider, user_info)

  100. 

  101.     if not account:

  102.         # Create account

  103.         account_name = user_info.name if user_info.name else 'Dify'

  104.         account = RegisterService.register(

  105.             email=user_info.email,

  106.             name=account_name,

  107.             password=None,

  108.             open_id=user_info.id,

  109.             provider=provider

  110.         )

  111. 

  112.         # Set interface language

  113.         preferred_lang = request.accept_languages.best_match(languages)

  114.         if preferred_lang and preferred_lang in languages:

  115.             interface_language = preferred_lang

  116.         else:

  117.             interface_language = languages[0]

  118.         account.interface_language = interface_language

  119.         db.session.commit()

  120. 

  121.     # Link account

  122.     AccountService.link_account_integrate(provider, user_info.id, account)

  123. 

  124.     return account

  125. 

  126. 

  127. api.add_resource(OAuthLogin, '/oauth/login/<provider>')

  128. api.add_resource(OAuthCallback, '/oauth/authorize/<provider>')