支持设置linuxdo信任等级
This commit is contained in:
mtvpls
@@ -6340,6 +6340,7 @@ const RegistrationConfigComponent = ({
|
|||||||
OIDCClientId: string;
|
OIDCClientId: string;
|
||||||
OIDCClientSecret: string;
|
OIDCClientSecret: string;
|
||||||
OIDCButtonText: string;
|
OIDCButtonText: string;
|
||||||
|
OIDCMinTrustLevel: number;
|
||||||
}>({
|
}>({
|
||||||
EnableRegistration: false,
|
EnableRegistration: false,
|
||||||
RegistrationRequireTurnstile: false,
|
RegistrationRequireTurnstile: false,
|
||||||
@@ -6356,6 +6357,7 @@ const RegistrationConfigComponent = ({
|
|||||||
OIDCClientId: '',
|
OIDCClientId: '',
|
||||||
OIDCClientSecret: '',
|
OIDCClientSecret: '',
|
||||||
OIDCButtonText: '',
|
OIDCButtonText: '',
|
||||||
|
OIDCMinTrustLevel: 0,
|
||||||
});
|
});
|
||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
@@ -6376,6 +6378,7 @@ const RegistrationConfigComponent = ({
|
|||||||
OIDCClientId: config.SiteConfig.OIDCClientId || '',
|
OIDCClientId: config.SiteConfig.OIDCClientId || '',
|
||||||
OIDCClientSecret: config.SiteConfig.OIDCClientSecret || '',
|
OIDCClientSecret: config.SiteConfig.OIDCClientSecret || '',
|
||||||
OIDCButtonText: config.SiteConfig.OIDCButtonText || '',
|
OIDCButtonText: config.SiteConfig.OIDCButtonText || '',
|
||||||
|
OIDCMinTrustLevel: config.SiteConfig.OIDCMinTrustLevel ?? 0,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}, [config]);
|
}, [config]);
|
||||||
@@ -6934,7 +6937,31 @@ const RegistrationConfigComponent = ({
|
|||||||
className='w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-800 text-gray-900 dark:text-gray-100 focus:ring-2 focus:ring-green-500 focus:border-transparent'
|
className='w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-800 text-gray-900 dark:text-gray-100 focus:ring-2 focus:ring-green-500 focus:border-transparent'
|
||||||
/>
|
/>
|
||||||
<p className='mt-1 text-xs text-gray-500 dark:text-gray-400'>
|
<p className='mt-1 text-xs text-gray-500 dark:text-gray-400'>
|
||||||
自定义OIDC登录按钮显示的文字,如"使用企业账号登录"、"使用SSO登录"等。留空则显示默认文字"使用OIDC登录"
|
自定义OIDC登录按钮显示的文字,如"使用企业账号登录"、"使用SSO登录"等。留空则显示默认文字"使用OIDC登录"
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{/* OIDC最低信任等级 */}
|
||||||
|
<div>
|
||||||
|
<label className='block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2'>
|
||||||
|
最低信任等级
|
||||||
|
</label>
|
||||||
|
<input
|
||||||
|
type='number'
|
||||||
|
min='0'
|
||||||
|
max='4'
|
||||||
|
placeholder='0'
|
||||||
|
value={registrationSettings.OIDCMinTrustLevel === 0 ? '' : registrationSettings.OIDCMinTrustLevel}
|
||||||
|
onChange={(e) =>
|
||||||
|
setRegistrationSettings((prev) => ({
|
||||||
|
...prev,
|
||||||
|
OIDCMinTrustLevel: e.target.value === '' ? 0 : parseInt(e.target.value),
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
className='w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-lg bg-white dark:bg-gray-800 text-gray-900 dark:text-gray-100 focus:ring-2 focus:ring-green-500 focus:border-transparent'
|
||||||
|
/>
|
||||||
|
<p className='mt-1 text-xs text-gray-500 dark:text-gray-400'>
|
||||||
|
仅LinuxDo网站有效。设置为0时不判断,1-4表示最低信任等级要求
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -64,6 +64,7 @@ export async function POST(request: NextRequest) {
|
|||||||
OIDCClientId,
|
OIDCClientId,
|
||||||
OIDCClientSecret,
|
OIDCClientSecret,
|
||||||
OIDCButtonText,
|
OIDCButtonText,
|
||||||
|
OIDCMinTrustLevel,
|
||||||
} = body as {
|
} = body as {
|
||||||
SiteName: string;
|
SiteName: string;
|
||||||
Announcement: string;
|
Announcement: string;
|
||||||
@@ -100,6 +101,7 @@ export async function POST(request: NextRequest) {
|
|||||||
OIDCClientId?: string;
|
OIDCClientId?: string;
|
||||||
OIDCClientSecret?: string;
|
OIDCClientSecret?: string;
|
||||||
OIDCButtonText?: string;
|
OIDCButtonText?: string;
|
||||||
|
OIDCMinTrustLevel?: number;
|
||||||
};
|
};
|
||||||
|
|
||||||
// 参数校验
|
// 参数校验
|
||||||
@@ -135,7 +137,8 @@ export async function POST(request: NextRequest) {
|
|||||||
(OIDCUserInfoEndpoint !== undefined && typeof OIDCUserInfoEndpoint !== 'string') ||
|
(OIDCUserInfoEndpoint !== undefined && typeof OIDCUserInfoEndpoint !== 'string') ||
|
||||||
(OIDCClientId !== undefined && typeof OIDCClientId !== 'string') ||
|
(OIDCClientId !== undefined && typeof OIDCClientId !== 'string') ||
|
||||||
(OIDCClientSecret !== undefined && typeof OIDCClientSecret !== 'string') ||
|
(OIDCClientSecret !== undefined && typeof OIDCClientSecret !== 'string') ||
|
||||||
(OIDCButtonText !== undefined && typeof OIDCButtonText !== 'string')
|
(OIDCButtonText !== undefined && typeof OIDCButtonText !== 'string') ||
|
||||||
|
(OIDCMinTrustLevel !== undefined && typeof OIDCMinTrustLevel !== 'number')
|
||||||
) {
|
) {
|
||||||
return NextResponse.json({ error: '参数格式错误' }, { status: 400 });
|
return NextResponse.json({ error: '参数格式错误' }, { status: 400 });
|
||||||
}
|
}
|
||||||
@@ -190,6 +193,7 @@ export async function POST(request: NextRequest) {
|
|||||||
OIDCClientId,
|
OIDCClientId,
|
||||||
OIDCClientSecret,
|
OIDCClientSecret,
|
||||||
OIDCButtonText,
|
OIDCButtonText,
|
||||||
|
OIDCMinTrustLevel,
|
||||||
};
|
};
|
||||||
|
|
||||||
// 写入数据库
|
// 写入数据库
|
||||||
|
|||||||
@@ -213,6 +213,7 @@ export async function GET(request: NextRequest) {
|
|||||||
sub: oidcSub,
|
sub: oidcSub,
|
||||||
email: userInfo.email,
|
email: userInfo.email,
|
||||||
name: userInfo.name,
|
name: userInfo.name,
|
||||||
|
trust_level: userInfo.trust_level, // 提取trust_level字段
|
||||||
timestamp: Date.now(),
|
timestamp: Date.now(),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -102,6 +102,18 @@ export async function POST(request: NextRequest) {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 检查最低信任等级
|
||||||
|
const minTrustLevel = siteConfig.OIDCMinTrustLevel || 0;
|
||||||
|
if (minTrustLevel > 0) {
|
||||||
|
const userTrustLevel = oidcSession.trust_level ?? 0;
|
||||||
|
if (userTrustLevel < minTrustLevel) {
|
||||||
|
return NextResponse.json(
|
||||||
|
{ error: `您的信任等级(${userTrustLevel})不满足最低要求(${minTrustLevel})` },
|
||||||
|
{ status: 403 }
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// 检查是否与站长同名
|
// 检查是否与站长同名
|
||||||
if (username === process.env.USERNAME) {
|
if (username === process.env.USERNAME) {
|
||||||
return NextResponse.json(
|
return NextResponse.json(
|
||||||
|
|||||||
@@ -35,6 +35,7 @@ export async function GET(request: NextRequest) {
|
|||||||
return NextResponse.json({
|
return NextResponse.json({
|
||||||
email: oidcSession.email,
|
email: oidcSession.email,
|
||||||
name: oidcSession.name,
|
name: oidcSession.name,
|
||||||
|
trust_level: oidcSession.trust_level,
|
||||||
});
|
});
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
return NextResponse.json(
|
return NextResponse.json(
|
||||||
|
|||||||
@@ -103,6 +103,12 @@ function OIDCRegisterPageClient() {
|
|||||||
{oidcInfo.name && (
|
{oidcInfo.name && (
|
||||||
<>
|
<>
|
||||||
名称: <strong>{oidcInfo.name}</strong>
|
名称: <strong>{oidcInfo.name}</strong>
|
||||||
|
<br />
|
||||||
|
</>
|
||||||
|
)}
|
||||||
|
{oidcInfo.trust_level !== undefined && (
|
||||||
|
<>
|
||||||
|
信任等级: <strong>{oidcInfo.trust_level}</strong>
|
||||||
</>
|
</>
|
||||||
)}
|
)}
|
||||||
</p>
|
</p>
|
||||||
|
|||||||
@@ -48,6 +48,7 @@ export interface AdminConfig {
|
|||||||
OIDCClientId?: string; // OIDC Client ID
|
OIDCClientId?: string; // OIDC Client ID
|
||||||
OIDCClientSecret?: string; // OIDC Client Secret
|
OIDCClientSecret?: string; // OIDC Client Secret
|
||||||
OIDCButtonText?: string; // OIDC登录按钮文字
|
OIDCButtonText?: string; // OIDC登录按钮文字
|
||||||
|
OIDCMinTrustLevel?: number; // 最低信任等级(仅LinuxDo网站有效,为0时不判断)
|
||||||
};
|
};
|
||||||
UserConfig: {
|
UserConfig: {
|
||||||
Users: {
|
Users: {
|
||||||
|
|||||||
Reference in New Issue
Block a user