修改第三方登录state不将信息存到url,使用redis保存

handler/tool.go

@@ -10,6 +10,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	"io"
 	"log"
 	"net/http"
@@ -740,17 +741,17 @@ func LoginRedirect(c *gin.Context) {
 
 func GetThirdPartyAuthUrl(c *gin.Context) {
 	platform := c.Query("platform")
-	uuid := c.Query("uuid")
+	uuid_ := c.Query("uuid")
 	hType := c.Query("type") //操作类型add,login
 	var resp proto.GenerateResp
-	if platform == "" || uuid == "" || hType == "" {
+	if platform == "" || uuid_ == "" || hType == "" {
 		resp.Code = proto.ParameterError
 		resp.Message = "platform or uuid is empty"
 		c.JSON(http.StatusOK, resp)
 		return
 	}
 	var state proto.ThirdPartyLoginState
-	state.UUID = uuid
+	state.UUID = uuid_
 	state.Type = hType
 	state.Platform = platform
 	state.Project = "SAW"
@@ -774,14 +775,18 @@ func GetThirdPartyAuthUrl(c *gin.Context) {
 			return
 		}
 		//需要将uuid绑定在该用户上
-		worker.SetRedisWithExpire("user_add_platform_"+uuid, strconv.Itoa(userID), time.Minute*9)
+		worker.SetRedisWithExpire("user_add_platform_"+uuid_, strconv.Itoa(userID), time.Minute*9)
 		state.UserID = userID
 	}
 
 	stateStr, _ := json.Marshal(state)
+	stateID := uuid.NewString()
+	worker.SetRedisWithExpire("state_id_"+stateID, string(stateStr), time.Minute*9)
+
 	var respUrl string
 	//base64编码
 	stateBase64Str := base64.StdEncoding.EncodeToString(stateStr)
+	stateBase64Str = stateID
 	switch platform {
 	case "qq":
 		params := url.Values{}
@@ -794,7 +799,7 @@ func GetThirdPartyAuthUrl(c *gin.Context) {
 	case "github":
 		params := url.Values{}
 		params.Add("client_id", proto.Config.GITHUB_CLIENT_ID)
-		params.Add("login", uuid)
+		params.Add("login", uuid_)
 		params.Add("state", stateBase64Str)
 		baseUri := proto.GitHuAuthorizeBaseUrl
 		respUrl = fmt.Sprintf("%s?%s", baseUri, params.Encode())
@@ -852,22 +857,25 @@ type GetThirdPartyAddAuthUrlReq struct {
 func handleThirdPartyCallback(c *gin.Context) {
 	var resp proto.GenerateResp
 	code := c.Query("code")     //code
-	stateBase64Str := c.Query("state") //state
+	stateID := c.Query("state") //state
+
 	//解析base64
-	decodedBytes, err := base64.StdEncoding.DecodeString(stateBase64Str)
+	//decodedBytes, err := base64.StdEncoding.DecodeString(stateBase64Str)
-	if err != nil {
+	//
-		fmt.Println("Decoding error:", err)
+	stateStr := worker.GetRedis("state_id_" + stateID)
+	if stateStr == "" {
+		log.Println("state is empty,stateID=", stateID)
 	} else {
-		decodedStr := string(decodedBytes)
 		//json解析
 		var state proto.ThirdPartyLoginState
-		err = json.Unmarshal([]byte(decodedStr), &state)
+		err := json.Unmarshal([]byte(stateStr), &state)
-		log.Println("handle callback state:", decodedStr, "\tcode:", code)
+		log.Println("handle callback state:", stateStr, "\tcode:", code)
 		if err != nil {
 			log.Println("json unmarshal error:", err)
 		} else {
 			service.DoThirdPartyCallBack(&state, code)
 		}
+		worker.DelRedis("state_id_" + stateID) //删除state
 	}
 	resp.Code = 0
 	resp.Message = "success"