469d3747af
Some checks failed
Publish Docker image (Multi-arch) / Build & push (amd64) (push) Has been cancelled
Publish Docker image (Multi-arch) / Build & push (arm64) (push) Has been cancelled
Publish Docker image (Multi-arch) / Create multi-arch manifests (push) Has been cancelled
Release (Linux, macOS, Windows) / Linux Release (push) Has been cancelled
Release (Linux, macOS, Windows) / macOS Release (push) Has been cancelled
Release (Linux, macOS, Windows) / Windows Release (push) Has been cancelled
* fix: theme-aware payment paths, auto-group validation, route guards, perf group filtering - Add common.ThemeAwarePath to generate correct redirect URLs based on active theme (default vs classic), replacing hardcoded /console/* paths in 7 controllers and service/quota.go (#4765) - Validate auto-group availability against getUserGroups before defaulting form values; playground falls back to 'default' group when 'auto' is unavailable (#4796, #4799) - Enforce HeaderNavModules settings in rankings route (frontend + backend API) and SidebarModulesAdmin in playground route to block direct URL access when features are disabled (#4704, #4512) - Filter perf_metrics API response to only include currently configured groups, hiding stale data from deleted groups (#4790) - Preserve query params (pay=success/fail) in /console/topup → /wallet frontend redirect * fix: update hero section text and localization strings for clarity
126 lines
2.6 KiB
Go
126 lines
2.6 KiB
Go
package controller
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"io"
|
|
"net/http"
|
|
"sort"
|
|
|
|
"github.com/QuantumNous/new-api/common"
|
|
"github.com/QuantumNous/new-api/model"
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func TelegramBind(c *gin.Context) {
|
|
if !common.TelegramOAuthEnabled {
|
|
c.JSON(200, gin.H{
|
|
"message": "管理员未开启通过 Telegram 登录以及注册",
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
params := c.Request.URL.Query()
|
|
if !checkTelegramAuthorization(params, common.TelegramBotToken) {
|
|
c.JSON(200, gin.H{
|
|
"message": "无效的请求",
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
telegramId := params["id"][0]
|
|
if model.IsTelegramIdAlreadyTaken(telegramId) {
|
|
c.JSON(200, gin.H{
|
|
"message": "该 Telegram 账户已被绑定",
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
|
|
session := sessions.Default(c)
|
|
id := session.Get("id")
|
|
user := model.User{Id: id.(int)}
|
|
if err := user.FillUserById(); err != nil {
|
|
c.JSON(200, gin.H{
|
|
"message": err.Error(),
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
if user.Id == 0 {
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"success": false,
|
|
"message": "用户已注销",
|
|
})
|
|
return
|
|
}
|
|
user.TelegramId = telegramId
|
|
if err := user.Update(false); err != nil {
|
|
c.JSON(200, gin.H{
|
|
"message": err.Error(),
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
|
|
c.Redirect(302, common.ThemeAwarePath("/console/personal"))
|
|
}
|
|
|
|
func TelegramLogin(c *gin.Context) {
|
|
if !common.TelegramOAuthEnabled {
|
|
c.JSON(200, gin.H{
|
|
"message": "管理员未开启通过 Telegram 登录以及注册",
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
params := c.Request.URL.Query()
|
|
if !checkTelegramAuthorization(params, common.TelegramBotToken) {
|
|
c.JSON(200, gin.H{
|
|
"message": "无效的请求",
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
|
|
telegramId := params["id"][0]
|
|
user := model.User{TelegramId: telegramId}
|
|
if err := user.FillUserByTelegramId(); err != nil {
|
|
c.JSON(200, gin.H{
|
|
"message": err.Error(),
|
|
"success": false,
|
|
})
|
|
return
|
|
}
|
|
setupLogin(&user, c)
|
|
}
|
|
|
|
func checkTelegramAuthorization(params map[string][]string, token string) bool {
|
|
strs := []string{}
|
|
var hash = ""
|
|
for k, v := range params {
|
|
if k == "hash" {
|
|
hash = v[0]
|
|
continue
|
|
}
|
|
strs = append(strs, k+"="+v[0])
|
|
}
|
|
sort.Strings(strs)
|
|
var imploded = ""
|
|
for _, s := range strs {
|
|
if imploded != "" {
|
|
imploded += "\n"
|
|
}
|
|
imploded += s
|
|
}
|
|
sha256hash := sha256.New()
|
|
io.WriteString(sha256hash, token)
|
|
hmachash := hmac.New(sha256.New, sha256hash.Sum(nil))
|
|
io.WriteString(hmachash, imploded)
|
|
ss := hex.EncodeToString(hmachash.Sum(nil))
|
|
return hash == ss
|
|
}
|