Merge pull request #186 from import-ai/feat/auth

feat(auth): support wechat migration

Author: hewenguang

src/auth/social.service.ts

@@ -29,8 +29,8 @@ export class SocialService {
     }
   }
 
-  protected setState(type: string) {
-    const state = generateId();
+  protected setState(type: string, prefix: string = '') {
+    const state = `${prefix ? prefix + '_' : ''}${generateId()}`;
     this.states.set(state, {
       type,
       createdAt: Date.now(),

src/auth/wechat/wechat.controller.ts

@@ -1,7 +1,10 @@
 import { Request, Response } from 'express';
-import { Get, Post, Query, Controller, Req, Res } from '@nestjs/common';
+import { Get, Post, Query, Body, Controller, Req, Res } from '@nestjs/common';
 import { AuthService } from 'omniboxd/auth/auth.service';
-import { WechatService } from 'omniboxd/auth/wechat/wechat.service';
+import {
+  WechatService,
+  WechatUserInfo,
+} from 'omniboxd/auth/wechat/wechat.service';
 import { SocialController } from 'omniboxd/auth/social.controller';
 import { Public } from 'omniboxd/auth/decorators/public.auth.decorator';
 import { ConfigService } from '@nestjs/config';
@@ -67,6 +70,36 @@ export class WechatController extends SocialController {
     return res.json(loginData);
   }
 
+  @Public()
+  @Get('migration/auth-url')
+  migrationAuthUrl(@Query('type') type: 'new' | 'old' = 'new') {
+    return this.wechatService.migrationAuthUrl(type);
+  }
+
+  @Public()
+  @Get('migration/qrcode')
+  migrationQrCode(@Query('type') type: 'new' | 'old' = 'new') {
+    return this.wechatService.migrationQrCode(type);
+  }
+
+  @Public()
+  @Get('migration/callback')
+  async migrationCallback(
+    @Query('code') code: string,
+    @Query('state') state: string,
+  ): Promise<WechatUserInfo> {
+    return await this.wechatService.migrationCallback(code, state);
+  }
+
+  @Public()
+  @Post('migration')
+  async migration(
+    @Body('oldUnionid') oldUnionid: string,
+    @Body('newUnionid') newUnionid: string,
+  ) {
+    await this.wechatService.migration(oldUnionid, newUnionid);
+  }
+
   @Post('unbind')
   unbind(@UserId() userId: string) {
     return this.wechatService.unbind(userId);

src/auth/wechat/wechat.service.ts

@@ -11,15 +11,26 @@ import {
   UnauthorizedException,
 } from '@nestjs/common';
 
+export interface WechatUserInfo {
+  unionid: string;
+  nickname: string;
+  openid: string;
+}
+
 @Injectable()
 export class WechatService extends SocialService {
   private readonly logger = new Logger(WechatService.name);
 
   private readonly appId: string;
   private readonly appSecret: string;
-  private readonly redirectUri: string;
   private readonly openAppId: string;
   private readonly openAppSecret: string;
+  private readonly oldAppId: string;
+  private readonly oldAppSecret: string;
+  private readonly oldOpenAppId: string;
+  private readonly oldOpenAppSecret: string;
+  private readonly redirectUri: string;
+  private readonly migrationRedirectUri: string;
 
   constructor(
     private readonly configService: ConfigService,
@@ -34,10 +45,6 @@ export class WechatService extends SocialService {
       'OBB_WECHAT_APP_SECRET',
       '',
     );
-    this.redirectUri = this.configService.get<string>(
-      'OBB_WECHAT_REDIRECT_URI',
-      '',
-    );
     this.openAppId = this.configService.get<string>(
       'OBB_OPEN_WECHAT_APP_ID',
       '',
@@ -46,6 +53,27 @@ export class WechatService extends SocialService {
       'OBB_OPEN_WECHAT_APP_SECRET',
       '',
     );
+    this.oldAppId = this.configService.get<string>('OBB_WECHAT_OLD_APP_ID', '');
+    this.oldAppSecret = this.configService.get<string>(
+      'OBB_WECHAT_OLD_APP_SECRET',
+      '',
+    );
+    this.oldOpenAppId = this.configService.get<string>(
+      'OBB_OPEN_WECHAT_OLD_APP_ID',
+      '',
+    );
+    this.oldOpenAppSecret = this.configService.get<string>(
+      'OBB_OPEN_WECHAT_OLD_APP_SECRET',
+      '',
+    );
+    this.redirectUri = this.configService.get<string>(
+      'OBB_WECHAT_REDIRECT_URI',
+      '',
+    );
+    this.migrationRedirectUri = this.configService.get<string>(
+      'OBB_WECHAT_MIGRATION_REDIRECT_URI',
+      '',
+    );
   }
 
   available() {
@@ -173,6 +201,72 @@ export class WechatService extends SocialService {
     });
   }
 
+  migrationQrCode(type: 'new' | 'old' = 'new') {
+    const isOld = type === 'old';
+    const state = this.setState('open_weixin', type);
+    this.cleanExpiresState();
+    return {
+      state,
+      appId: isOld ? this.oldOpenAppId : this.openAppId,
+      scope: 'snsapi_login',
+      redirectUri: encodeURIComponent(this.migrationRedirectUri),
+    };
+  }
+
+  migrationAuthUrl(type: 'new' | 'old' = 'new'): string {
+    const isOld = type === 'old';
+    const state = this.setState('weixin', type);
+    this.cleanExpiresState();
+    return `https://open.weixin.qq.com/connect/oauth2/authorize?appid=${isOld ? this.oldAppId : this.appId}&redirect_uri=${encodeURIComponent(this.migrationRedirectUri)}&response_type=code&scope=snsapi_userinfo&state=${state}#wechat_redirect`;
+  }
+
+  async migrationCallback(
+    code: string,
+    state: string,
+  ): Promise<WechatUserInfo> {
+    const stateInfo = this.getState(state);
+    if (!stateInfo) {
+      throw new UnauthorizedException('Invalid state identifier');
+    }
+    const isOld = state.startsWith('old_');
+    const isWeixin = stateInfo.type === 'weixin';
+    const rawAppid = isOld ? this.oldAppId : this.appId;
+    const rawAppsecret = isOld ? this.oldAppSecret : this.appSecret;
+    const rawOpenAppid = isOld ? this.oldOpenAppId : this.openAppId;
+    const rawOpenAppsecret = isOld ? this.oldOpenAppSecret : this.openAppSecret;
+    const appId = isWeixin ? rawAppid : rawOpenAppid;
+    const appSecret = isWeixin ? rawAppsecret : rawOpenAppsecret;
+    const accessTokenResponse = await fetch(
+      `https://api.weixin.qq.com/sns/oauth2/access_token?appid=${appId}&secret=${appSecret}&code=${code}&grant_type=authorization_code`,
+    );
+    if (!accessTokenResponse.ok) {
+      throw new UnauthorizedException('Failed to get WeChat access token');
+    }
+    const accessTokenData = await accessTokenResponse.json();
+
+    if (accessTokenData.errmsg) {
+      throw new BadRequestException(accessTokenData.errmsg);
+    }
+
+    const userDataResponse = await fetch(
+      `https://api.weixin.qq.com/sns/userinfo?access_token=${accessTokenData.access_token}&openid=${accessTokenData.openid}&lang=zh_CN`,
+    );
+    if (!userDataResponse.ok) {
+      throw new UnauthorizedException('Failed to get WeChat user info');
+    }
+    const userData = await userDataResponse.json();
+
+    if (userData.errmsg) {
+      throw new BadRequestException(userData.errmsg);
+    }
+
+    return userData;
+  }
+
+  async migration(oldUnionid: string, newUnionid: string) {
+    await this.userService.updateBinding(oldUnionid, newUnionid);
+  }
+
   async unbind(userId: string) {
     await this.userService.unbindByLoginType(userId, 'wechat');
   }

src/user/user.service.ts

@@ -131,6 +131,25 @@ export class UserService {
     await repo.remove(binding);
   }
 
+  async updateBinding(oldUnionid: string, newUnionid: string) {
+    // Unbind the associated new account
+    const existBinding = await this.userBindingRepository.findOne({
+      where: { loginId: newUnionid },
+    });
+    if (existBinding) {
+      await this.userBindingRepository.remove(existBinding);
+    }
+    // Bind to old account
+    const binding = await this.userBindingRepository.findOne({
+      where: { loginId: oldUnionid },
+    });
+    if (binding) {
+      await this.userBindingRepository.update(binding.id, {
+        loginId: newUnionid,
+      });
+    }
+  }
+
   async listBinding(userId: string) {
     const repo = this.userBindingRepository;
     return await repo.find({