feat(auth+admin): Sign in with Google (OAuth) + Integrations config panel
Build backend images / build content-svc (push) Failing after 1m2s
Build backend images / build file-svc (push) Failing after 3m11s
Build backend images / build gateway (push) Failing after 5m39s
Build backend images / build identity-svc (push) Failing after 38s
Build backend images / build notification-svc (push) Failing after 2m0s
Build backend images / build render-svc (push) Failing after 58s
Build backend images / build studio-svc (push) Failing after 58s
Build backend images / build content-svc (push) Failing after 1m2s
Build backend images / build file-svc (push) Failing after 3m11s
Build backend images / build gateway (push) Failing after 5m39s
Build backend images / build identity-svc (push) Failing after 38s
Build backend images / build notification-svc (push) Failing after 2m0s
Build backend images / build render-svc (push) Failing after 58s
Build backend images / build studio-svc (push) Failing after 58s
Backend (identity-svc):
- oauth_config table (mig 22) + OAuthConfig entity
- OAuthService: admin config CRUD + Google authorization-code flow (build consent
URL, exchange code, fetch userinfo, find/create RegisterMode.Google user, issue
session via AuthService.IssueOAuthSessionAsync)
- AuthController: GET /v1/auth/google/{start,callback} (public); tokens handed to
frontend via URL fragment
- AdminController: GET/PUT /v1/admin/oauth/{provider} (admin, secret masked)
Frontend:
- "ورود با گوگل" button on /auth → identity start endpoint
- /auth/callback reads fragment tokens → /api/auth/oauth-session sets httpOnly cookies
- /admin/integrations: Google client_id/secret/redirect_uri + enable, with setup guide
- nav + fa/en labels
Client ID/Secret are configured entirely in the admin panel — no redeploy needed.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
@@ -26,6 +26,22 @@ public class AdminController(AdminService svc) : ControllerBase
|
||||
[HttpGet("v1/admin/plan-statistics")]
|
||||
public async Task<IActionResult> PlanStats() => Ok(await svc.GetPlanStatisticsAsync(TenantId));
|
||||
|
||||
// ── OAuth provider config ──────────────────────────────────────────────────
|
||||
[HttpGet("v1/admin/oauth/{provider}")]
|
||||
public async Task<IActionResult> GetOAuth(string provider, [FromServices] OAuthService oauth)
|
||||
{
|
||||
var c = await oauth.GetConfigAsync(provider);
|
||||
return Ok(new OAuthConfigResponse(provider, c?.ClientId, c?.RedirectUri, c?.Enabled ?? false,
|
||||
!string.IsNullOrEmpty(c?.ClientSecret)));
|
||||
}
|
||||
|
||||
[HttpPut("v1/admin/oauth/{provider}")]
|
||||
public async Task<IActionResult> PutOAuth(string provider, [FromBody] UpsertOAuthConfigRequest req, [FromServices] OAuthService oauth)
|
||||
{
|
||||
var c = await oauth.UpsertConfigAsync(provider, req.ClientId, req.ClientSecret, req.RedirectUri, req.Enabled);
|
||||
return Ok(new OAuthConfigResponse(provider, c.ClientId, c.RedirectUri, c.Enabled, !string.IsNullOrEmpty(c.ClientSecret)));
|
||||
}
|
||||
|
||||
// ── CRM notes / tags ───────────────────────────────────────────────────────
|
||||
[HttpGet("v1/users/{userId:guid}/crm")]
|
||||
public async Task<IActionResult> GetCrm(Guid userId) => Ok(await svc.GetUserCrmAsync(userId));
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace FlatRender.IdentitySvc.Controllers;
|
||||
|
||||
[ApiController]
|
||||
[Route("v1/auth")]
|
||||
public class AuthController(IAuthService authService) : ControllerBase
|
||||
public class AuthController(IAuthService authService, OAuthService oauthService) : ControllerBase
|
||||
{
|
||||
[HttpPost("register")]
|
||||
[AllowAnonymous]
|
||||
@@ -20,6 +20,43 @@ public class AuthController(IAuthService authService) : ControllerBase
|
||||
return StatusCode(201, result);
|
||||
}
|
||||
|
||||
// ── Google OAuth ────────────────────────────────────────────────────────────
|
||||
[HttpGet("google/start")]
|
||||
[AllowAnonymous]
|
||||
public async Task<IActionResult> GoogleStart([FromQuery] string return_url)
|
||||
{
|
||||
try
|
||||
{
|
||||
var url = await oauthService.BuildGoogleAuthUrlAsync(return_url ?? "");
|
||||
return Redirect(url);
|
||||
}
|
||||
catch (InvalidOperationException ex)
|
||||
{
|
||||
return BadRequest(new { error = new { message = ex.Message } });
|
||||
}
|
||||
}
|
||||
|
||||
[HttpGet("google/callback")]
|
||||
[AllowAnonymous]
|
||||
public async Task<IActionResult> GoogleCallback([FromQuery] string? code, [FromQuery] string? state, [FromQuery] string? error)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(error) || string.IsNullOrEmpty(code) || string.IsNullOrEmpty(state))
|
||||
return BadRequest(new { error = new { message = error ?? "Missing authorization code" } });
|
||||
try
|
||||
{
|
||||
var result = await oauthService.HandleGoogleCallbackAsync(code, state, GetClientIp());
|
||||
// Hand tokens back to the frontend via URL fragment (not sent to servers/logs).
|
||||
var sep = result.ReturnUrl.Contains('#') ? "&" : "#";
|
||||
var redirect = $"{result.ReturnUrl}{sep}access_token={Uri.EscapeDataString(result.Tokens.AccessToken)}" +
|
||||
$"&refresh_token={Uri.EscapeDataString(result.Tokens.RefreshToken)}&expires_in={result.Tokens.ExpiresIn}";
|
||||
return Redirect(redirect);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
return BadRequest(new { error = new { message = ex.Message } });
|
||||
}
|
||||
}
|
||||
|
||||
[HttpPost("login")]
|
||||
[AllowAnonymous]
|
||||
[ProducesResponseType(typeof(AuthTokensResponse), 200)]
|
||||
|
||||
Reference in New Issue
Block a user