feat: add Casdoor single sign-on (#4222)

internal/bootstrap/data/setting.go

@@ -152,9 +152,13 @@ func InitialSettings() []model.SettingItem {
 
 		// SSO settings
 		{Key: conf.SSOLoginEnabled, Value: "false", Type: conf.TypeBool, Group: model.SSO, Flag: model.PUBLIC},
-		{Key: conf.SSOLoginplatform, Type: conf.TypeSelect, Options: "Github,Microsoft,Google,Dingtalk", Group: model.SSO, Flag: model.PUBLIC},
+		{Key: conf.SSOLoginplatform, Type: conf.TypeSelect, Options: "Casdoor,Github,Microsoft,Google,Dingtalk", Group: model.SSO, Flag: model.PUBLIC},
 		{Key: conf.SSOClientId, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 		{Key: conf.SSOClientSecret, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSOOrganizationName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSOApplicationName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSOEndpointName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
+		{Key: conf.SSOJwtPublicKey, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
 
 		// qbittorrent settings
 		{Key: conf.QbittorrentUrl, Value: "http://admin:adminadmin@localhost:8080/", Type: conf.TypeString, Group: model.SINGLE, Flag: model.PRIVATE},

internal/conf/const.go

@@ -55,10 +55,14 @@ const (
 	IndexProgress = "index_progress"
 
 	//SSO
-	SSOClientId      = "sso_client_id"
+	SSOClientId         = "sso_client_id"
-	SSOClientSecret  = "sso_client_secret"
+	SSOClientSecret     = "sso_client_secret"
-	SSOLoginEnabled  = "sso_login_enabled"
+	SSOLoginEnabled     = "sso_login_enabled"
-	SSOLoginplatform = "sso_login_platform"
+	SSOLoginplatform    = "sso_login_platform"
+	SSOOrganizationName = "sso_organization_name"
+	SSOApplicationName  = "sso_application_name"
+	SSOEndpointName     = "sso_endpoint_name"
+	SSOJwtPublicKey     = "sso_jwt_public_key"
 
 	// qbittorrent
 	QbittorrentUrl      = "qbittorrent_url"

server/handles/ssologin.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strings"
 
 	"github.com/alist-org/alist/v3/internal/conf"
 	"github.com/alist-org/alist/v3/internal/db"
@@ -47,6 +48,11 @@ func SSOLoginRedirect(c *gin.Context) {
 			urlValues.Add("scope", "openid")
 			urlValues.Add("prompt", "consent")
 			urlValues.Add("response_type", "code")
+		case "Casdoor":
+			endpoint := strings.TrimSuffix(setting.GetStr(conf.SSOEndpointName), "/")
+			r_url = endpoint + "/login/oauth/authorize?"
+			urlValues.Add("scope", "read")
+			urlValues.Add("state", endpoint)
 		default:
 			common.ErrorStrResp(c, "invalid platform", 400)
 			return
@@ -94,6 +100,11 @@ func SSOLoginCallback(c *gin.Context) {
 			url2 = "https://api.dingtalk.com/v1.0/contact/users/me"
 			authstring = "authCode"
 			idstring = "unionId"
+		case "Casdoor":
+			endpoint := strings.TrimSuffix(setting.GetStr(conf.SSOEndpointName), "/")
+			url1 = endpoint + "/api/login/oauth/access_token"
+			url2 = endpoint + "/account"
+			authstring = "code"
 		default:
 			common.ErrorStrResp(c, "invalid platform", 400)
 			return