2025-12-10 08:03:09 +00:00
5 changed files with 7 additions and 73 deletions
--- a/cli/get-token-callback.js
+++ b/cli/get-token-callback.js
@ -24,7 +24,7 @@ const CONFIG = {
  // 应用ID
  appId: process.env.APP_ID || '1',
  // 授权页面地址（Classworks前端）
-  authPageUrl: process.env.FRONTEND_URL,
+  authPageUrl: process.env.AUTH_PAGE_URL || 'http://localhost:5173/authorize',
  // 本地回调服务器端口
  callbackPort: process.env.CALLBACK_PORT || '8080',
  // 回调路径
--- a/cli/get-token.js
+++ b/cli/get-token.js
@ -21,7 +21,7 @@ const CONFIG = {
  // 应用ID
  appId: process.env.APP_ID || '1',
  // 授权页面地址（Classworks前端）
-  authPageUrl: process.env.FRONTEND_URL,
+  authPageUrl: process.env.AUTH_PAGE_URL || 'http://localhost:5173/authorize',
  // 轮询间隔（秒）
  pollInterval: 3,
  // 最大轮询次数
--- a/config/oauth.js
+++ b/config/oauth.js
@ -24,20 +24,6 @@ export const oauthProviders = {
    color: "#6366f1",
    description: "使用 ZeroCat 账号登录",
  },
-  hly: {
-    // 厚浪云（Logto） - OIDC Provider
-    clientId: process.env.HLY_CLIENT_ID,
-    clientSecret: process.env.HLY_CLIENT_SECRET, // 可选：若使用PKCE且应用为Public，可不配置
-    authorizationURL: "https://oauth.houlang.cloud/oidc/auth",
-    tokenURL: "https://oauth.houlang.cloud/oidc/token",
-    userInfoURL: "https://oauth.houlang.cloud/oidc/me",
-    scope: "openid profile email offline_access",
-    name: "厚浪云",
-    icon: "logto",
-    color: "#0ea5e9",
-    description: "使用厚浪云账号登录",
-    pkce: true, // 启用PKCE支持
-  },
 };

 // 获取OAuth回调URL
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "ClassworksKV",
-  "version": "1.0.9",
+  "version": "1.0.8",
  "private": true,
  "scripts": {
    "start": "node ./bin/www",
--- a/routes/accounts.js
+++ b/routes/accounts.js
@ -11,24 +11,6 @@ const prisma = new PrismaClient();
 // 存储OAuth state，防止CSRF攻击（生产环境应使用Redis等）
 const oauthStates = new Map();

-// 生成PKCE code_verifier 和 code_challenge
-function generatePkcePair() {
-  const codeVerifier = crypto
-    .randomBytes(32)
-    .toString("base64")
-    .replace(/\+/g, "-")
-    .replace(/\//g, "_")
-    .replace(/=+$/, "");
-  const challenge = crypto
-    .createHash("sha256")
-    .update(codeVerifier)
-    .digest("base64")
-    .replace(/\+/g, "-")
-    .replace(/\//g, "_")
-    .replace(/=+$/, "");
-  return { codeVerifier, codeChallenge: challenge };
-}
-
 /**
 * 生成安全的访问令牌
 */
@ -45,8 +27,7 @@ router.get("/oauth/providers", (req, res) => {

  for (const [key, config] of Object.entries(oauthProviders)) {
    // 只返回已配置的提供者
-    const pkceAllowed = !!config.pkce;
-    if (config.clientId && (config.clientSecret || pkceAllowed)) {
+    if (config.clientId && config.clientSecret) {
      providers.push({
        id: key,
        name: config.name,
@ -83,8 +64,7 @@ router.get("/oauth/:provider", (req, res) => {
    });
  }

-  const pkceAllowed = !!providerConfig.pkce;
-  if (!providerConfig.clientId || (!providerConfig.clientSecret && !pkceAllowed)) {
+  if (!providerConfig.clientId || !providerConfig.clientSecret) {
    return res.status(500).json({
      success: false,
      message: `OAuth提供者 ${provider} 未配置`,
@ -94,20 +74,11 @@ router.get("/oauth/:provider", (req, res) => {
  // 生成state参数
  const state = generateState();

-  // PKCE: 若启用，为此次会话生成code_verifier/challenge
-  let codeChallenge, codeVerifier;
-  if (pkceAllowed) {
-    const pair = generatePkcePair();
-    codeVerifier = pair.codeVerifier;
-    codeChallenge = pair.codeChallenge;
-  }
-
  // 保存state和redirect_uri（5分钟过期）
  oauthStates.set(state, {
    provider,
    redirect_uri,
    timestamp: Date.now(),
-    codeVerifier,
  });

  // 清理过期的state（超过5分钟）
@ -132,11 +103,6 @@ router.get("/oauth/:provider", (req, res) => {
    params.append("prompt", "consent");
  }

-  if (pkceAllowed && codeChallenge) {
-    params.append("code_challenge", codeChallenge);
-    params.append("code_challenge_method", "S256");
-  }
-
  const authUrl = `${providerConfig.authorizationURL}?${params.toString()}`;

  // 重定向到OAuth提供者
@ -187,12 +153,10 @@ router.get("/oauth/:provider/callback", async (req, res) => {
      },
      body: new URLSearchParams({
        client_id: providerConfig.clientId,
-        ...(providerConfig.clientSecret ? { client_secret: providerConfig.clientSecret } : {}),
+        client_secret: providerConfig.clientSecret,
        code: code,
        grant_type: "authorization_code",
        redirect_uri: getCallbackURL(provider),
-        // PKCE: 携带code_verifier
-        ...(stateData?.codeVerifier ? { code_verifier: stateData.codeVerifier } : {}),
      }),
    });

@ -229,22 +193,6 @@ router.get("/oauth/:provider/callback", async (req, res) => {
        name: userData.nickname || userData.username,
        avatarUrl: userData.avatar,
      };
-    } else if (provider === "hly") {
-      // 厚浪云（Logto）标准OIDC用户信息
-      normalizedUser = {
-        providerId: userData.sub,
-        email: userData.email_verified ? userData.email : null,
-        name: userData.name || userData.preferred_username || userData.nickname,
-        avatarUrl: userData.picture,
-      };
-    }
-
-    // 名称为空时，用邮箱@前部分回填（若邮箱可用）
-    if ((!normalizedUser.name || normalizedUser.name.trim() === "") && normalizedUser.email) {
-      const at = normalizedUser.email.indexOf("@");
-      if (at > 0) {
-        normalizedUser.name = normalizedUser.email.substring(0, at);
-      }
    }

    // 4. 查找或创建账户