Feat: Webauthn / theme changing

2026-01-29 20:31:56 +08:00 · 2020-02-21 10:08:47 +08:00
parent 80268e33bf
commit c817f70f8e
10 changed files with 145 additions and 22 deletions
--- a/routers/controllers/site.go
+++ b/routers/controllers/site.go
@@ -25,6 +25,7 @@ func SiteConfig(c *gin.Context) {
 		"share_score_rate",
 		"home_view_method",
 		"share_view_method",
+		"authn_enabled",
 	)

 	// 如果已登录，则同时返回用户信息和标签
--- a/routers/controllers/user.go
+++ b/routers/controllers/user.go
@@ -2,6 +2,7 @@ package controllers

 import (
 	"encoding/json"
+	"fmt"
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/authn"
 	"github.com/HFO4/cloudreve/pkg/serializer"
@@ -17,7 +18,7 @@ func StartLoginAuthn(c *gin.Context) {
 	userName := c.Param("username")
 	expectedUser, err := model.GetUserByEmail(userName)
 	if err != nil {
-		c.JSON(200, serializer.Err(401, "用户邮箱或密码错误", err))
+		c.JSON(200, serializer.Err(401, "用户不存在", err))
 		return
 	}

@@ -56,7 +57,7 @@ func FinishLoginAuthn(c *gin.Context) {
 	_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request)

 	if err != nil {
-		c.JSON(200, serializer.Err(401, "用户邮箱或密码错误", err))
+		c.JSON(200, serializer.Err(401, "登录验证失败", err))
 		return
 	}

@@ -96,13 +97,24 @@ func FinishRegAuthn(c *gin.Context) {
 	err := json.Unmarshal(sessionDataJSON, &sessionData)

 	credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request)
-
-	currUser.RegisterAuthn(credential)
 	if err != nil {
 		c.JSON(200, ErrorResponse(err))
 		return
 	}
-	c.JSON(200, serializer.Response{Code: 0})
+
+	err = currUser.RegisterAuthn(credential)
+	if err != nil {
+		c.JSON(200, ErrorResponse(err))
+		return
+	}
+
+	c.JSON(200, serializer.Response{
+		Code: 0,
+		Data: map[string]interface{}{
+			"id":          credential.ID,
+			"fingerprint": fmt.Sprintf("% X", credential.Authenticator.AAGUID),
+		},
+	})
 }

 // UserLogin 用户登录
@@ -265,6 +277,10 @@ func UpdateOption(c *gin.Context) {
 			subService = &user.PasswordChange{}
 		case "2fa":
 			subService = &user.Enable2FA{}
+		case "authn":
+			subService = &user.DeleteWebAuthn{}
+		case "theme":
+			subService = &user.ThemeChose{}
 		}

 		subErr = c.ShouldBindJSON(subService)
--- a/routers/router.go
+++ b/routers/router.go
@@ -104,9 +104,13 @@ func InitMasterRouter() *gin.Engine {
 			// 用户登录
 			user.POST("session", controllers.UserLogin)
 			// WebAuthn登陆初始化
-			user.GET("authn/:username", controllers.StartLoginAuthn)
+			user.GET("authn/:username",
+				middleware.IsFunctionEnabled("authn_enabled"),
+				controllers.StartLoginAuthn)
 			// WebAuthn登陆
-			user.POST("authn/finish/:username", controllers.FinishLoginAuthn)
+			user.POST("authn/finish/:username",
+				middleware.IsFunctionEnabled("authn_enabled"),
+				controllers.FinishLoginAuthn)
 			// 获取用户主页展示用分享
 			user.GET("profile/:id",
 				middleware.HashID(hashid.UserID),
@@ -263,7 +267,8 @@ func InitMasterRouter() *gin.Engine {
 				user.DELETE("session", controllers.UserSignOut)

 				// WebAuthn 注册相关
-				authn := user.Group("authn")
+				authn := user.Group("authn",
+					middleware.IsFunctionEnabled("authn_enabled"))
 				{
 					authn.PUT("", controllers.StartRegAuthn)
 					authn.PUT("finish", controllers.FinishRegAuthn)