Google OAuthbase version
This commit is contained in:
@@ -10,3 +10,5 @@ wheels/
|
||||
.venv
|
||||
|
||||
.env
|
||||
|
||||
*.json
|
||||
@@ -1,57 +1,64 @@
|
||||
import httpx
|
||||
from fastapi import APIRouter, Request
|
||||
from fastapi import APIRouter, Request, HTTPException
|
||||
from fastapi.responses import RedirectResponse
|
||||
import os
|
||||
import secrets
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
GOOGLE_CLIENT_ID = os.getenv("GOOGLE_CLIENT_ID")
|
||||
GOOGLE_CLIENT_SECRET = os.getenv("GOOGLE_CLIENT_SECRET")
|
||||
|
||||
REDIRECT_URI = "http://localhost:8000/auth/callback"
|
||||
GOOGLE_REDIRECT_URI = os.getenv("GOOGLE_REDIRECT_URI")
|
||||
|
||||
GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth"
|
||||
GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token"
|
||||
GOOGLE_USERINFO_URL = "https://www.googleapis.com/oauth2/v2/userinfo"
|
||||
|
||||
|
||||
@router.get("/login/google")
|
||||
def login_google():
|
||||
state = secrets.token_urlsafe(16)
|
||||
|
||||
url = (
|
||||
f"{GOOGLE_AUTH_URL}"
|
||||
f"?client_id={GOOGLE_CLIENT_ID}"
|
||||
f"&redirect_uri={REDIRECT_URI}"
|
||||
f"&redirect_uri={GOOGLE_REDIRECT_URI}"
|
||||
f"&response_type=code"
|
||||
f"&scope=openid email profile"
|
||||
f"&state={state}"
|
||||
)
|
||||
return RedirectResponse(url)
|
||||
|
||||
response = RedirectResponse(url)
|
||||
response.set_cookie("oauth_state", state, httponly=True)
|
||||
return response
|
||||
|
||||
@router.get("/auth/callback")
|
||||
async def auth_callback(code: str):
|
||||
async def auth_callback(request: Request, code: str, state: str):
|
||||
cookie_state = request.cookies.get("oauth_state")
|
||||
|
||||
if not cookie_state or cookie_state != state:
|
||||
raise HTTPException(status_code=400, detail="Invalid state")
|
||||
|
||||
async with httpx.AsyncClient() as client:
|
||||
# 1. 用 code 换 token
|
||||
token_res = await client.post(
|
||||
GOOGLE_TOKEN_URL,
|
||||
data={
|
||||
"code": code,
|
||||
"client_id": GOOGLE_CLIENT_ID,
|
||||
"client_secret": GOOGLE_CLIENT_SECRET,
|
||||
"redirect_uri": REDIRECT_URI,
|
||||
"redirect_uri": GOOGLE_REDIRECT_URI,
|
||||
"grant_type": "authorization_code",
|
||||
},
|
||||
)
|
||||
|
||||
token_json = token_res.json()
|
||||
access_token = token_json["access_token"]
|
||||
|
||||
# 2. 获取用户信息
|
||||
user_res = await client.get(
|
||||
GOOGLE_USERINFO_URL,
|
||||
headers={"Authorization": f"Bearer {access_token}"},
|
||||
)
|
||||
user_info = user_res.json()
|
||||
|
||||
# 这里你可以写入数据库
|
||||
return {
|
||||
"email": user_info["email"],
|
||||
"name": user_info["name"],
|
||||
|
||||
+3
-2
@@ -24,8 +24,9 @@ services:
|
||||
- db
|
||||
environment:
|
||||
DATABASE_URL: postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@db:5432/roleplay
|
||||
GOOGLE_CLIENT_ID: your_client_id
|
||||
GOOGLE_CLIENT_SECRET: your_secret
|
||||
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
|
||||
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
|
||||
GOOGLE_REDIRECT_URI: ${GOOGLE_REDIRECT_URI}
|
||||
ports:
|
||||
- "8000:8000"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user