feishu scanqrcode

maxkey-authentications/maxkey-authentication-social/src/main/java/me/zhyd/oauth/config/AuthMxkDefaultSource.java

@@ -0,0 +1,34 @@
+package me.zhyd.oauth.config;
+
+import me.zhyd.oauth.request.AuthDefaultRequest;
+import me.zhyd.oauth.request.AuthFeishu2Request;
+
+public enum AuthMxkDefaultSource implements AuthSource {
+	 FEISHU2 {
+	        @Override
+	        public String authorize() {
+	            return "https://passport.feishu.cn/suite/passport/oauth/authorize";
+	        }
+
+	        @Override
+	        public String accessToken() {
+	            return "https://passport.feishu.cn/suite/passport/oauth/token";
+	        }
+
+	        @Override
+	        public String userInfo() {
+	            return "https://passport.feishu.cn/suite/passport/oauth/userinfo";
+	        }
+
+	        @Override
+	        public String refresh() {
+	            return "https://passport.feishu.cn/suite/passport/oauth/token";
+	        }
+
+	        @Override
+	        public Class<? extends AuthDefaultRequest> getTargetClass() {
+	            return AuthFeishu2Request.class;
+	        }
+	    }
+
+}

maxkey-authentications/maxkey-authentication-social/src/main/java/me/zhyd/oauth/request/AuthFeishu2Request.java

@@ -0,0 +1,155 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.xkcoding.http.support.HttpHeader;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthMxkDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.GlobalAuthUtils;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * 飞书平台，企业自建应用授权登录，
+ * https://open.feishu.cn/document/common-capabilities/sso/web-application-sso/web-app-overview
+ * <p>
+ * 所以，最终修改该平台的实际发布版本为 支持扫码登录
+ *
+ * @author beacon
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com) 重构业务逻辑 20210101
+ * @author maxkey 重构业务逻辑 20220216
+ * @since 1.15.9
+ */
+public class AuthFeishu2Request extends AuthDefaultRequest {
+
+    public AuthFeishu2Request(AuthConfig config) {
+        super(config, AuthMxkDefaultSource.FEISHU2);
+    }
+
+    public AuthFeishu2Request(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthMxkDefaultSource.FEISHU2, authStateCache);
+    }
+
+    /**
+     * 获取 app_access_token（企业自建应用）
+     * <p>
+     * Token 有效期为 2 小时，在此期间调用该接口 token 不会改变。当 token 有效期小于 30 分的时候，再次请求获取 token 的时候，
+     * 会生成一个新的 token，与此同时老的 token 依然有效。
+     *
+     * @return appAccessToken
+     */
+    private String getAppAccessToken() {
+        String cacheKey = this.source.getName().concat(":app_access_token:").concat(config.getClientId());
+        String cacheAppAccessToken = this.authStateCache.get(cacheKey);
+        if (StringUtils.isNotEmpty(cacheAppAccessToken)) {
+            return cacheAppAccessToken;
+        }
+        String url = "https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal/";
+        JSONObject requestObject = new JSONObject();
+        requestObject.put("app_id", config.getClientId());
+        requestObject.put("app_secret", config.getClientSecret());
+        String response = new HttpUtils(config.getHttpConfig()).post(url, requestObject.toJSONString(), new HttpHeader()
+            .add("Content-Type", "application/json")).getBody();
+        JSONObject jsonObject = JSON.parseObject(response);
+        this.checkResponse(jsonObject);
+        String appAccessToken = jsonObject.getString("app_access_token");
+        // 缓存 app access token
+        this.authStateCache.cache(cacheKey, appAccessToken, jsonObject.getLongValue("expire") * 1000);
+        return appAccessToken;
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        JSONObject requestObject = new JSONObject();
+        requestObject.put("app_access_token", this.getAppAccessToken());
+        requestObject.put("grant_type", "authorization_code");
+        requestObject.put("client_id", config.getClientId());
+        requestObject.put("client_secret", config.getClientSecret());
+        requestObject.put("redirect_uri", config.getRedirectUri());
+        requestObject.put("code", authCallback.getCode());
+        return getToken(requestObject, this.source.accessToken());
+
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        String accessToken = authToken.getAccessToken();
+        String response = new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader()
+            .add("Content-Type", "application/json")
+            .add("Authorization", "Bearer " + accessToken), false).getBody();
+        JSONObject object = JSON.parseObject(response);
+        this.checkResponse(object);
+        JSONObject data = object;//.getJSONObject("data");
+        return AuthUser.builder()
+            .rawUserInfo(object)
+            .uuid(data.getString("union_id"))
+            .username(data.getString("name"))
+            .nickname(data.getString("name"))
+            .avatar(data.getString("avatar_url"))
+            .email(data.getString("email"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    @Override
+    public AuthResponse refresh(AuthToken authToken) {
+        JSONObject requestObject = new JSONObject();
+        requestObject.put("app_access_token", this.getAppAccessToken());
+        requestObject.put("grant_type", "refresh_token");
+        requestObject.put("refresh_token", authToken.getRefreshToken());
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(getToken(requestObject, this.source.refresh()))
+            .build();
+
+    }
+
+    private AuthToken getToken(JSONObject param, String url) {
+        String response = new HttpUtils(config.getHttpConfig()).post(url, param.toJSONString(), new HttpHeader()
+            .add("Content-Type", "application/json")).getBody();
+        JSONObject jsonObject = JSON.parseObject(response);
+        this.checkResponse(jsonObject);
+        JSONObject data = jsonObject;//.getJSONObject("data");
+        return AuthToken.builder()
+            .accessToken(data.getString("access_token"))
+            .refreshToken(data.getString("refresh_token"))
+            .expireIn(data.getIntValue("expires_in"))
+            .tokenType(data.getString("token_type"))
+            .openId(data.getString("open_id"))
+            .build();
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", GlobalAuthUtils.urlEncode(config.getRedirectUri()))
+            .queryParam("response_type", "code")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+
+    /**
+     * 校验响应内容是否正确
+     *
+     * @param jsonObject 响应内容
+     */
+    private void checkResponse(JSONObject jsonObject) {
+        if (jsonObject.getIntValue("code") != 0) {
+            throw new AuthException(jsonObject.getString("message"));
+        }
+    }
+
+}

maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java

@@ -100,7 +100,8 @@ public class SocialSignOnProviderService{
         }else if(provider.equalsIgnoreCase("Eleme")) {
             authRequest = new AuthElemeRequest(authConfig);
         }else if(provider.equalsIgnoreCase("Feishu")) {
-            authRequest = new AuthFeishuRequest(authConfig);
+            //authRequest = new AuthFeishuRequest(authConfig);
+        	authRequest = new AuthFeishu2Request(authConfig);
         }else if(provider.equalsIgnoreCase("Github")) {
             authRequest = new AuthGithubRequest(authConfig);
         }else if(provider.equalsIgnoreCase("Gitlab")) {

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/login.ftl

@@ -87,7 +87,10 @@
 							     <#if sspLogin.dingTalkLogin != 'none'>  
 							         <#include "loginscandingtalk.ftl">
 							     </#if>  
-							     <#if sspLogin.weLinkLogin != 'none'>  
+							     <#if sspLogin.feiShuLogin != 'none'>  
+                                     <#include "loginscanfeishu.ftl">
+                                 </#if>  
+                                 <#if sspLogin.weLinkLogin != 'none'>  
                                      <#include "loginscanwelink.ftl">
                                  </#if>  
 							</div>

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/loginscandingtalk.ftl

@@ -1,10 +1,4 @@
-     <#if sspLogin.dingTalkLogin == 'https'> 
-     <script src="https://g.alicdn.com/dingding/dinglogin/0.0.5/ddLogin.js"></script>
-     </#if>  
-     <#if sspLogin.dingTalkLogin == 'http'> 
-     <script src="http://g.alicdn.com/dingding/dinglogin/0.0.5/ddLogin.js"></script>
-     </#if>  
-     
+     <script src="${sspLogin.dingTalkLogin}://g.alicdn.com/dingding/dinglogin/0.0.5/ddLogin.js"></script>
      <script type="text/javascript"> 
         var dingtalkredirect_uri="";
         var handleMessage = function (event) {
@@ -32,7 +26,6 @@
                         dingtalkredirect_uri = 'https://oapi.dingtalk.com/connect/oauth2/sns_authorize?appid='+data.clientId+'&response_type=code&scope=snsapi_login&state='+data.state+'&redirect_uri='+data.redirectUri;
                         console.log("dingtalkredirect_uri", dingtalkredirect_uri);
                         console.log("gotodingtalk", gotodingtalk);
-                        
                         var obj = DDLogin({
                              id:"div_qrcodelogin",//这里需要你在自己的页面定义一个HTML标签并设置id，例如<div id="login_container"></div>或<span id="login_container"></span>
                              goto: gotodingtalk, //请参考注释里的方式

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/loginscanfeishu.ftl

@@ -0,0 +1,38 @@
+     <script src="${sspLogin.feiShuLogin}://sf3-cn.feishucdn.com/obj/static/lark/passport/qrcode/LarkSSOSDKWebQRCode-1.0.1.js"></script>
+     <script type="text/javascript"> 
+        var redirectUri = "";
+        var QRLoginObj ;
+        var handleMessage = function (event) {        
+            var origin = event.origin;    
+            // 使用 matchOrigin 方法来判断 message 是否来自飞书页面
+            if( QRLoginObj.matchOrigin(origin) ) {           
+                var loginTmpCode = event.data; 
+                // 在授权页面地址上拼接上参数 tmp_code，并跳转
+                redirectUri = redirectUri+"&tmp_code="+loginTmpCode;
+                console.log("loginTmpCode", loginTmpCode);
+                console.log("redirectUri " + redirectUri);
+                window.top.location.href = redirectUri;
+            }
+        };
+        if (typeof window.addEventListener != 'undefined') {   
+            window.addEventListener('message', handleMessage, false);} 
+        else if (typeof window.attachEvent != 'undefined') { 
+            window.attachEvent('onmessage', handleMessage);
+        }
+
+        $(function(){
+           $("#qrcodelogin").on("click",function(){
+              $.get("<@base />/logon/oauth20/scanqrcode/feishu",function(data,status){
+                      redirectUri = "https://passport.feishu.cn/suite/passport/oauth/authorize?client_id="+data.clientId+"&redirect_uri="+encodeURIComponent(data.redirectUri)+"&response_type=code&state="+data.state ;
+                      $("#div_qrcodelogin").html("");
+                      QRLoginObj = QRLogin({
+                            id:"div_qrcodelogin",
+                            goto: redirectUri,
+                            width: "300",
+                            height: "300",
+                        });
+                        $('#div_qrcodelogin').show();
+                    });
+            });
+        });
+    </script> 

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/loginscanwelink.ftl

@@ -1,14 +1,10 @@
-     <#if sspLogin.weLinkLogin == 'https'> 
-     <script src="https://login.welink.huaweicloud.com/sso-proxy-front/public/qrcode/0.0.1/wlQrcodeLogin.js"></script>
-     </#if>  
-     <#if sspLogin.weLinkLogin == 'http'> 
-     <script src="http://login.welink.huaweicloud.com/sso-proxy-front/public/qrcode/0.0.1/wlQrcodeLogin.js"></script>
-     </#if>  
+     <script src="${sspLogin.weLinkLogin}://login.welink.huaweicloud.com/sso-proxy-front/public/qrcode/0.0.1/wlQrcodeLogin.js"></script>
      <script type="text/javascript"> 
         $(function(){
            $("#qrcodelogin").on("click",function(){
               $.get("<@base />/logon/oauth20/scanqrcode/welink",function(data,status){
-                      var wlqrcodeLogin = wlQrcodeLogin({
+                       $("#div_qrcodelogin").html("");
+                       var wlqrcodeLogin = wlQrcodeLogin({
                           id:"div_qrcodelogin",//这里需要你在自己的页面定义一个HTML标签并设置id，例如<div id="login_container"></div>或<span id="login_container"></span>
                           client_id: data.clientId,
                           response_type: "code", 

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/loginscanworkweixin.ftl

@@ -1,9 +1,4 @@
-     <#if sspLogin.workWeixinLogin == 'https'> 
-     <script type="text/javascript" src="https://wwcdn.weixin.qq.com/node/wework/wwopen/js/wwLogin-1.2.4.js"></script>
-     </#if>  
-     <#if sspLogin.workWeixinLogin == 'http'> 
-     <script type="text/javascript" src="http://wwcdn.weixin.qq.com/node/wework/wwopen/js/wwLogin-1.2.4.js"></script>
-     </#if>  
+     <script type="text/javascript" src="${sspLogin.workWeixinLogin}://wwcdn.weixin.qq.com/node/wework/wwopen/js/wwLogin-1.2.4.js"></script>
      <script type="text/javascript"> 
         $(function(){
            $("#qrcodelogin").on("click",function(){