Google OAuthbase version

This commit is contained in:
2026-05-15 21:46:18 +08:00
parent 6f534aafce
commit d14fe10ea7
3 changed files with 24 additions and 14 deletions
+3 -1
View File
@@ -9,4 +9,6 @@ wheels/
# Virtual environments # Virtual environments
.venv .venv
.env .env
*.json
+18 -11
View File
@@ -1,57 +1,64 @@
import httpx import httpx
from fastapi import APIRouter, Request from fastapi import APIRouter, Request, HTTPException
from fastapi.responses import RedirectResponse from fastapi.responses import RedirectResponse
import os import os
import secrets
router = APIRouter() router = APIRouter()
GOOGLE_CLIENT_ID = os.getenv("GOOGLE_CLIENT_ID") GOOGLE_CLIENT_ID = os.getenv("GOOGLE_CLIENT_ID")
GOOGLE_CLIENT_SECRET = os.getenv("GOOGLE_CLIENT_SECRET") GOOGLE_CLIENT_SECRET = os.getenv("GOOGLE_CLIENT_SECRET")
GOOGLE_REDIRECT_URI = os.getenv("GOOGLE_REDIRECT_URI")
REDIRECT_URI = "http://localhost:8000/auth/callback"
GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth" GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth"
GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token" GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token"
GOOGLE_USERINFO_URL = "https://www.googleapis.com/oauth2/v2/userinfo" GOOGLE_USERINFO_URL = "https://www.googleapis.com/oauth2/v2/userinfo"
@router.get("/login/google") @router.get("/login/google")
def login_google(): def login_google():
state = secrets.token_urlsafe(16)
url = ( url = (
f"{GOOGLE_AUTH_URL}" f"{GOOGLE_AUTH_URL}"
f"?client_id={GOOGLE_CLIENT_ID}" f"?client_id={GOOGLE_CLIENT_ID}"
f"&redirect_uri={REDIRECT_URI}" f"&redirect_uri={GOOGLE_REDIRECT_URI}"
f"&response_type=code" f"&response_type=code"
f"&scope=openid email profile" f"&scope=openid email profile"
f"&state={state}"
) )
return RedirectResponse(url)
response = RedirectResponse(url)
response.set_cookie("oauth_state", state, httponly=True)
return response
@router.get("/auth/callback") @router.get("/auth/callback")
async def auth_callback(code: str): async def auth_callback(request: Request, code: str, state: str):
cookie_state = request.cookies.get("oauth_state")
if not cookie_state or cookie_state != state:
raise HTTPException(status_code=400, detail="Invalid state")
async with httpx.AsyncClient() as client: async with httpx.AsyncClient() as client:
# 1. 用 code 换 token
token_res = await client.post( token_res = await client.post(
GOOGLE_TOKEN_URL, GOOGLE_TOKEN_URL,
data={ data={
"code": code, "code": code,
"client_id": GOOGLE_CLIENT_ID, "client_id": GOOGLE_CLIENT_ID,
"client_secret": GOOGLE_CLIENT_SECRET, "client_secret": GOOGLE_CLIENT_SECRET,
"redirect_uri": REDIRECT_URI, "redirect_uri": GOOGLE_REDIRECT_URI,
"grant_type": "authorization_code", "grant_type": "authorization_code",
}, },
) )
token_json = token_res.json() token_json = token_res.json()
access_token = token_json["access_token"] access_token = token_json["access_token"]
# 2. 获取用户信息
user_res = await client.get( user_res = await client.get(
GOOGLE_USERINFO_URL, GOOGLE_USERINFO_URL,
headers={"Authorization": f"Bearer {access_token}"}, headers={"Authorization": f"Bearer {access_token}"},
) )
user_info = user_res.json() user_info = user_res.json()
# 这里你可以写入数据库
return { return {
"email": user_info["email"], "email": user_info["email"],
"name": user_info["name"], "name": user_info["name"],
+3 -2
View File
@@ -24,8 +24,9 @@ services:
- db - db
environment: environment:
DATABASE_URL: postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@db:5432/roleplay DATABASE_URL: postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@db:5432/roleplay
GOOGLE_CLIENT_ID: your_client_id GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
GOOGLE_CLIENT_SECRET: your_secret GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
GOOGLE_REDIRECT_URI: ${GOOGLE_REDIRECT_URI}
ports: ports:
- "8000:8000" - "8000:8000"