diff --git a/conf/app.ini b/conf/app.ini index 575e18a40..4eaf0a33c 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -76,10 +76,38 @@ PASSWD = ENABLED = false [oauth.github] -ENABLED = +ENABLED = false CLIENT_ID = CLIENT_SECRET = SCOPES = https://api.github.com/user +AUTH_URL = https://github.com/login/oauth/authorize +TOKEN_URL = https://github.com/login/oauth/access_token + +; Get client id and secret from +; https://console.developers.google.com/project +[oauth.google] +ENABLED = false +CLIENT_ID = +CLIENT_SECRET = +SCOPES = https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile +AUTH_URL = https://accounts.google.com/o/oauth2/auth +TOKEN_URL = https://accounts.google.com/o/oauth2/token + +[oauth.qq] +ENABLED = false +CLIENT_ID = +CLIENT_SECRET = +SCOPES = all +AUTH_URL = https://open.t.qq.com/cgi-bin/oauth2/authorize +TOKEN_URL = https://open.t.qq.com/cgi-bin/oauth2/access_token + +[oauth.twitter] +ENABLED = false +CLIENT_ID = +CLIENT_SECRET = +SCOPES = all +AUTH_URL = https://api.twitter.com/oauth/authorize +TOKEN_URL = https://api.twitter.com/oauth/access_token [cache] ; Either "memory", "redis", or "memcache", default is "memory" diff --git a/models/oauth2.go b/models/oauth2.go index f8780fe68..38d21fda1 100644 --- a/models/oauth2.go +++ b/models/oauth2.go @@ -14,11 +14,15 @@ const ( OT_GOOGLE OT_TWITTER OT_QQ + OT_WEIBO + OT_BITBUCKET + OT_OSCHINA + OT_FACEBOOK ) var ( - ErrOauth2RecordNotExists = errors.New("not exists oauth2 record") - ErrOauth2NotAssociatedWithUser = errors.New("not associated with user") + ErrOauth2RecordNotExist = errors.New("OAuth2 record does not exist") + ErrOauth2NotAssociated = errors.New("OAuth2 is not associated with user") ) type Oauth2 struct { @@ -35,11 +39,9 @@ func BindUserOauth2(userId, oauthId int64) error { return err } -func AddOauth2(oa *Oauth2) (err error) { - if _, err = orm.Insert(oa); err != nil { - return err - } - return nil +func AddOauth2(oa *Oauth2) error { + _, err := orm.Insert(oa) + return err } func GetOauth2(identity string) (oa *Oauth2, err error) { @@ -48,9 +50,9 @@ func GetOauth2(identity string) (oa *Oauth2, err error) { if err != nil { return } else if !isExist { - return nil, ErrOauth2RecordNotExists + return nil, ErrOauth2RecordNotExist } else if oa.Uid == -1 { - return oa, ErrOauth2NotAssociatedWithUser + return oa, ErrOauth2NotAssociated } oa.User, err = GetUserById(oa.Uid) return oa, err @@ -61,9 +63,8 @@ func GetOauth2ById(id int64) (oa *Oauth2, err error) { has, err := orm.Id(id).Get(oa) if err != nil { return nil, err - } - if !has { - return nil, ErrOauth2RecordNotExists + } else if !has { + return nil, ErrOauth2RecordNotExist } return oa, nil } diff --git a/models/repo.go b/models/repo.go index 01736b631..1a5a95f04 100644 --- a/models/repo.go +++ b/models/repo.go @@ -714,9 +714,14 @@ func GetRepositoryById(id int64) (*Repository, error) { } // GetRepositories returns the list of repositories of given user. -func GetRepositories(user *User) ([]Repository, error) { +func GetRepositories(user *User, private bool) ([]Repository, error) { repos := make([]Repository, 0, 10) - err := orm.Desc("updated").Find(&repos, &Repository{OwnerId: user.Id}) + sess := orm.Desc("updated") + if !private { + sess.Where("is_private=?", false) + } + + err := sess.Find(&repos, &Repository{OwnerId: user.Id}) return repos, err } diff --git a/models/user.go b/models/user.go index ea2c79b77..ffee2dd9e 100644 --- a/models/user.go +++ b/models/user.go @@ -234,7 +234,7 @@ func ChangeUserName(user *User, newUserName string) (err error) { } } - repos, err := GetRepositories(user) + repos, err := GetRepositories(user, true) if err != nil { return err } diff --git a/modules/base/conf.go b/modules/base/conf.go index d1564aa10..0eca5f4fc 100644 --- a/modules/base/conf.go +++ b/modules/base/conf.go @@ -29,13 +29,17 @@ type Mailer struct { User, Passwd string } +type OauthInfo struct { + ClientId, ClientSecret string + Scopes string + AuthUrl, TokenUrl string +} + // Oauther represents oauth service. type Oauther struct { - GitHub struct { - Enabled bool - ClientId, ClientSecret string - Scopes string - } + GitHub, Google, Tencent bool + Twitter bool + OauthInfos map[string]*OauthInfo } var ( @@ -252,26 +256,6 @@ func newNotifyMailService() { log.Info("Notify Mail Service Enabled") } -func newOauthService() { - if !Cfg.MustBool("oauth", "ENABLED") { - return - } - - OauthService = &Oauther{} - oauths := make([]string, 0, 10) - - // GitHub. - if Cfg.MustBool("oauth.github", "ENABLED") { - OauthService.GitHub.Enabled = true - OauthService.GitHub.ClientId = Cfg.MustValue("oauth.github", "CLIENT_ID") - OauthService.GitHub.ClientSecret = Cfg.MustValue("oauth.github", "CLIENT_SECRET") - OauthService.GitHub.Scopes = Cfg.MustValue("oauth.github", "SCOPES") - oauths = append(oauths, "GitHub") - } - - log.Info("Oauth Service Enabled %s", oauths) -} - func NewConfigContext() { //var err error workDir, err := ExecDir() @@ -328,7 +312,7 @@ func NewConfigContext() { } } -func NewServices() { +func NewBaseServices() { newService() newLogService() newCacheService() @@ -336,5 +320,4 @@ func NewServices() { newMailService() newRegisterMailService() newNotifyMailService() - newOauthService() } diff --git a/modules/middleware/context.go b/modules/middleware/context.go index f353ea51b..619a13b1a 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -82,7 +82,8 @@ func (ctx *Context) HasError() bool { if !ok { return false } - ctx.Flash.Error(ctx.Data["ErrorMsg"].(string)) + ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string) + ctx.Data["Flash"] = ctx.Flash return hasErr.(bool) } diff --git a/modules/oauth2/oauth2.go b/modules/oauth2/oauth2.go deleted file mode 100644 index dcb6d0a43..000000000 --- a/modules/oauth2/oauth2.go +++ /dev/null @@ -1,228 +0,0 @@ -// Copyright 2014 Google Inc. All Rights Reserved. -// Copyright 2014 The Gogs Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -// Package oauth2 contains Martini handlers to provide -// user login via an OAuth 2.0 backend. -package oauth2 - -import ( - "encoding/json" - "net/http" - "net/url" - "strings" - "time" - - "code.google.com/p/goauth2/oauth" - "github.com/go-martini/martini" - - "github.com/gogits/session" - - "github.com/gogits/gogs/modules/log" - "github.com/gogits/gogs/modules/middleware" -) - -const ( - keyToken = "oauth2_token" - keyNextPage = "next" -) - -var ( - // Path to handle OAuth 2.0 logins. - PathLogin = "/login" - // Path to handle OAuth 2.0 logouts. - PathLogout = "/logout" - // Path to handle callback from OAuth 2.0 backend - // to exchange credentials. - PathCallback = "/oauth2callback" - // Path to handle error cases. - PathError = "/oauth2error" -) - -// Represents OAuth2 backend options. -type Options struct { - ClientId string - ClientSecret string - RedirectURL string - Scopes []string - - AuthUrl string - TokenUrl string -} - -// Represents a container that contains -// user's OAuth 2.0 access and refresh tokens. -type Tokens interface { - Access() string - Refresh() string - IsExpired() bool - ExpiryTime() time.Time - ExtraData() map[string]string -} - -type token struct { - oauth.Token -} - -func (t *token) ExtraData() map[string]string { - return t.Extra -} - -// Returns the access token. -func (t *token) Access() string { - return t.AccessToken -} - -// Returns the refresh token. -func (t *token) Refresh() string { - return t.RefreshToken -} - -// Returns whether the access token is -// expired or not. -func (t *token) IsExpired() bool { - if t == nil { - return true - } - return t.Expired() -} - -// Returns the expiry time of the user's -// access token. -func (t *token) ExpiryTime() time.Time { - return t.Expiry -} - -// Returns a new Google OAuth 2.0 backend endpoint. -func Google(opts *Options) martini.Handler { - opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth" - opts.TokenUrl = "https://accounts.google.com/o/oauth2/token" - return NewOAuth2Provider(opts) -} - -// Returns a new Github OAuth 2.0 backend endpoint. -func Github(opts *Options) martini.Handler { - opts.AuthUrl = "https://github.com/login/oauth/authorize" - opts.TokenUrl = "https://github.com/login/oauth/access_token" - return NewOAuth2Provider(opts) -} - -func Facebook(opts *Options) martini.Handler { - opts.AuthUrl = "https://www.facebook.com/dialog/oauth" - opts.TokenUrl = "https://graph.facebook.com/oauth/access_token" - return NewOAuth2Provider(opts) -} - -// Returns a generic OAuth 2.0 backend endpoint. -func NewOAuth2Provider(opts *Options) martini.Handler { - config := &oauth.Config{ - ClientId: opts.ClientId, - ClientSecret: opts.ClientSecret, - RedirectURL: opts.RedirectURL, - Scope: strings.Join(opts.Scopes, " "), - AuthURL: opts.AuthUrl, - TokenURL: opts.TokenUrl, - } - - transport := &oauth.Transport{ - Config: config, - Transport: http.DefaultTransport, - } - - return func(c martini.Context, ctx *middleware.Context) { - if ctx.Req.Method == "GET" { - switch ctx.Req.URL.Path { - case PathLogin: - login(transport, ctx) - case PathLogout: - logout(transport, ctx) - case PathCallback: - handleOAuth2Callback(transport, ctx) - } - } - - tk := unmarshallToken(ctx.Session) - if tk != nil { - // check if the access token is expired - if tk.IsExpired() && tk.Refresh() == "" { - ctx.Session.Delete(keyToken) - tk = nil - } - } - // Inject tokens. - c.MapTo(tk, (*Tokens)(nil)) - } -} - -// Handler that redirects user to the login page -// if user is not logged in. -// Sample usage: -// m.Get("/login-required", oauth2.LoginRequired, func() ... {}) -var LoginRequired martini.Handler = func() martini.Handler { - return func(c martini.Context, ctx *middleware.Context) { - token := unmarshallToken(ctx.Session) - if token == nil || token.IsExpired() { - next := url.QueryEscape(ctx.Req.URL.RequestURI()) - ctx.Redirect(PathLogin + "?next=" + next) - return - } - } -}() - -func login(t *oauth.Transport, ctx *middleware.Context) { - next := extractPath(ctx.Query(keyNextPage)) - if ctx.Session.Get(keyToken) == nil { - // User is not logged in. - ctx.Redirect(t.Config.AuthCodeURL(next)) - return - } - // No need to login, redirect to the next page. - ctx.Redirect(next) -} - -func logout(t *oauth.Transport, ctx *middleware.Context) { - next := extractPath(ctx.Query(keyNextPage)) - ctx.Session.Delete(keyToken) - ctx.Redirect(next) -} - -func handleOAuth2Callback(t *oauth.Transport, ctx *middleware.Context) { - if errMsg := ctx.Query("error_description"); len(errMsg) > 0 { - log.Error("oauth2.handleOAuth2Callback: %s", errMsg) - return - } - - next := extractPath(ctx.Query("state")) - code := ctx.Query("code") - tk, err := t.Exchange(code) - if err != nil { - // Pass the error message, or allow dev to provide its own - // error handler. - log.Error("oauth2.handleOAuth2Callback(token.Exchange): %v", err) - // ctx.Redirect(PathError) - return - } - // Store the credentials in the session. - val, _ := json.Marshal(tk) - ctx.Session.Set(keyToken, val) - ctx.Redirect(next) -} - -func unmarshallToken(s session.SessionStore) (t *token) { - if s.Get(keyToken) == nil { - return - } - data := s.Get(keyToken).([]byte) - var tk oauth.Token - json.Unmarshal(data, &tk) - return &token{tk} -} - -func extractPath(next string) string { - n, err := url.Parse(next) - if err != nil { - return "/" - } - return n.Path -} diff --git a/modules/oauth2/oauth2_test.go b/modules/oauth2/oauth2_test.go deleted file mode 100644 index 71443030a..000000000 --- a/modules/oauth2/oauth2_test.go +++ /dev/null @@ -1,162 +0,0 @@ -// Copyright 2014 Google Inc. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package oauth2 - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/go-martini/martini" - "github.com/martini-contrib/sessions" -) - -func Test_LoginRedirect(t *testing.T) { - recorder := httptest.NewRecorder() - m := martini.New() - m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) - m.Use(Google(&Options{ - ClientId: "client_id", - ClientSecret: "client_secret", - RedirectURL: "refresh_url", - Scopes: []string{"x", "y"}, - })) - - r, _ := http.NewRequest("GET", "/login", nil) - m.ServeHTTP(recorder, r) - - location := recorder.HeaderMap["Location"][0] - if recorder.Code != 302 { - t.Errorf("Not being redirected to the auth page.") - } - if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" { - t.Errorf("Not being redirected to the right page, %v found", location) - } -} - -func Test_LoginRedirectAfterLoginRequired(t *testing.T) { - recorder := httptest.NewRecorder() - m := martini.Classic() - m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) - m.Use(Google(&Options{ - ClientId: "client_id", - ClientSecret: "client_secret", - RedirectURL: "refresh_url", - Scopes: []string{"x", "y"}, - })) - - m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) { - return 200, tokens.Access() - }) - - r, _ := http.NewRequest("GET", "/login-required?key=value", nil) - m.ServeHTTP(recorder, r) - - location := recorder.HeaderMap["Location"][0] - if recorder.Code != 302 { - t.Errorf("Not being redirected to the auth page.") - } - if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" { - t.Errorf("Not being redirected to the right page, %v found", location) - } -} - -func Test_Logout(t *testing.T) { - recorder := httptest.NewRecorder() - s := sessions.NewCookieStore([]byte("secret123")) - - m := martini.Classic() - m.Use(sessions.Sessions("my_session", s)) - m.Use(Google(&Options{ - // no need to configure - })) - - m.Get("/", func(s sessions.Session) { - s.Set(keyToken, "dummy token") - }) - - m.Get("/get", func(s sessions.Session) { - if s.Get(keyToken) != nil { - t.Errorf("User credentials are still kept in the session.") - } - }) - - logout, _ := http.NewRequest("GET", "/logout", nil) - index, _ := http.NewRequest("GET", "/", nil) - - m.ServeHTTP(httptest.NewRecorder(), index) - m.ServeHTTP(recorder, logout) - - if recorder.Code != 302 { - t.Errorf("Not being redirected to the next page.") - } -} - -func Test_LogoutOnAccessTokenExpiration(t *testing.T) { - recorder := httptest.NewRecorder() - s := sessions.NewCookieStore([]byte("secret123")) - - m := martini.Classic() - m.Use(sessions.Sessions("my_session", s)) - m.Use(Google(&Options{ - // no need to configure - })) - - m.Get("/addtoken", func(s sessions.Session) { - s.Set(keyToken, "dummy token") - }) - - m.Get("/", func(s sessions.Session) { - if s.Get(keyToken) != nil { - t.Errorf("User not logged out although access token is expired.") - } - }) - - addtoken, _ := http.NewRequest("GET", "/addtoken", nil) - index, _ := http.NewRequest("GET", "/", nil) - m.ServeHTTP(recorder, addtoken) - m.ServeHTTP(recorder, index) -} - -func Test_InjectedTokens(t *testing.T) { - recorder := httptest.NewRecorder() - m := martini.Classic() - m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) - m.Use(Google(&Options{ - // no need to configure - })) - m.Get("/", func(tokens Tokens) string { - return "Hello world!" - }) - r, _ := http.NewRequest("GET", "/", nil) - m.ServeHTTP(recorder, r) -} - -func Test_LoginRequired(t *testing.T) { - recorder := httptest.NewRecorder() - m := martini.Classic() - m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) - m.Use(Google(&Options{ - // no need to configure - })) - m.Get("/", LoginRequired, func(tokens Tokens) string { - return "Hello world!" - }) - r, _ := http.NewRequest("GET", "/", nil) - m.ServeHTTP(recorder, r) - if recorder.Code != 302 { - t.Errorf("Not being redirected to the auth page although user is not logged in.") - } -} diff --git a/modules/social/social.go b/modules/social/social.go new file mode 100644 index 000000000..230f478fe --- /dev/null +++ b/modules/social/social.go @@ -0,0 +1,333 @@ +// Copyright 2014 Google Inc. All Rights Reserved. +// Copyright 2014 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package social + +import ( + "encoding/json" + "net/http" + "net/url" + "strconv" + "strings" + + "code.google.com/p/goauth2/oauth" + + "github.com/gogits/gogs/models" + "github.com/gogits/gogs/modules/base" + "github.com/gogits/gogs/modules/log" +) + +type BasicUserInfo struct { + Identity string + Name string + Email string +} + +type SocialConnector interface { + Type() int + SetRedirectUrl(string) + UserInfo(*oauth.Token, *url.URL) (*BasicUserInfo, error) + + AuthCodeURL(string) string + Exchange(string) (*oauth.Token, error) +} + +var ( + SocialBaseUrl = "/user/login" + SocialMap = make(map[string]SocialConnector) +) + +func NewOauthService() { + if !base.Cfg.MustBool("oauth", "ENABLED") { + return + } + + base.OauthService = &base.Oauther{} + base.OauthService.OauthInfos = make(map[string]*base.OauthInfo) + + socialConfigs := make(map[string]*oauth.Config) + allOauthes := []string{"github", "google", "qq", "twitter"} + // Load all OAuth config data. + for _, name := range allOauthes { + base.OauthService.OauthInfos[name] = &base.OauthInfo{ + ClientId: base.Cfg.MustValue("oauth."+name, "CLIENT_ID"), + ClientSecret: base.Cfg.MustValue("oauth."+name, "CLIENT_SECRET"), + Scopes: base.Cfg.MustValue("oauth."+name, "SCOPES"), + AuthUrl: base.Cfg.MustValue("oauth."+name, "AUTH_URL"), + TokenUrl: base.Cfg.MustValue("oauth."+name, "TOKEN_URL"), + } + socialConfigs[name] = &oauth.Config{ + ClientId: base.OauthService.OauthInfos[name].ClientId, + ClientSecret: base.OauthService.OauthInfos[name].ClientSecret, + RedirectURL: strings.TrimSuffix(base.AppUrl, "/") + SocialBaseUrl + name, + Scope: base.OauthService.OauthInfos[name].Scopes, + AuthURL: base.OauthService.OauthInfos[name].AuthUrl, + TokenURL: base.OauthService.OauthInfos[name].TokenUrl, + } + } + + enabledOauths := make([]string, 0, 10) + + // GitHub. + if base.Cfg.MustBool("oauth.github", "ENABLED") { + base.OauthService.GitHub = true + newGitHubOauth(socialConfigs["github"]) + enabledOauths = append(enabledOauths, "GitHub") + } + + // Google. + if base.Cfg.MustBool("oauth.google", "ENABLED") { + base.OauthService.Google = true + newGoogleOauth(socialConfigs["google"]) + enabledOauths = append(enabledOauths, "Google") + } + + // QQ. + if base.Cfg.MustBool("oauth.qq", "ENABLED") { + base.OauthService.Tencent = true + newTencentOauth(socialConfigs["qq"]) + enabledOauths = append(enabledOauths, "QQ") + } + + // Twitter. + if base.Cfg.MustBool("oauth.twitter", "ENABLED") { + base.OauthService.Twitter = true + newTwitterOauth(socialConfigs["twitter"]) + enabledOauths = append(enabledOauths, "Twitter") + } + + log.Info("Oauth Service Enabled %s", enabledOauths) +} + +// ________.__ __ ___ ___ ___. +// / _____/|__|/ |_ / | \ __ _\_ |__ +// / \ ___| \ __\/ ~ \ | \ __ \ +// \ \_\ \ || | \ Y / | / \_\ \ +// \______ /__||__| \___|_ /|____/|___ / +// \/ \/ \/ + +type SocialGithub struct { + Token *oauth.Token + *oauth.Transport +} + +func (s *SocialGithub) Type() int { + return models.OT_GITHUB +} + +func newGitHubOauth(config *oauth.Config) { + SocialMap["github"] = &SocialGithub{ + Transport: &oauth.Transport{ + Config: config, + Transport: http.DefaultTransport, + }, + } +} + +func (s *SocialGithub) SetRedirectUrl(url string) { + s.Transport.Config.RedirectURL = url +} + +func (s *SocialGithub) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { + transport := &oauth.Transport{ + Token: token, + } + var data struct { + Id int `json:"id"` + Name string `json:"login"` + Email string `json:"email"` + } + var err error + r, err := transport.Client().Get(s.Transport.Scope) + if err != nil { + return nil, err + } + defer r.Body.Close() + if err = json.NewDecoder(r.Body).Decode(&data); err != nil { + return nil, err + } + return &BasicUserInfo{ + Identity: strconv.Itoa(data.Id), + Name: data.Name, + Email: data.Email, + }, nil +} + +// ________ .__ +// / _____/ ____ ____ ____ | | ____ +// / \ ___ / _ \ / _ \ / ___\| | _/ __ \ +// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/ +// \______ /\____/ \____/\___ /|____/\___ > +// \/ /_____/ \/ + +type SocialGoogle struct { + Token *oauth.Token + *oauth.Transport +} + +func (s *SocialGoogle) Type() int { + return models.OT_GOOGLE +} + +func newGoogleOauth(config *oauth.Config) { + SocialMap["google"] = &SocialGoogle{ + Transport: &oauth.Transport{ + Config: config, + Transport: http.DefaultTransport, + }, + } +} + +func (s *SocialGoogle) SetRedirectUrl(url string) { + s.Transport.Config.RedirectURL = url +} + +func (s *SocialGoogle) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { + transport := &oauth.Transport{Token: token} + var data struct { + Id string `json:"id"` + Name string `json:"name"` + Email string `json:"email"` + } + var err error + + reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo" + r, err := transport.Client().Get(reqUrl) + if err != nil { + return nil, err + } + defer r.Body.Close() + if err = json.NewDecoder(r.Body).Decode(&data); err != nil { + return nil, err + } + return &BasicUserInfo{ + Identity: data.Id, + Name: data.Name, + Email: data.Email, + }, nil +} + +// ________ ________ +// \_____ \ \_____ \ +// / / \ \ / / \ \ +// / \_/. \/ \_/. \ +// \_____\ \_/\_____\ \_/ +// \__> \__> + +type SocialTencent struct { + Token *oauth.Token + *oauth.Transport + reqUrl string +} + +func (s *SocialTencent) Type() int { + return models.OT_QQ +} + +func newTencentOauth(config *oauth.Config) { + SocialMap["qq"] = &SocialTencent{ + reqUrl: "https://open.t.qq.com/api/user/info", + Transport: &oauth.Transport{ + Config: config, + Transport: http.DefaultTransport, + }, + } +} + +func (s *SocialTencent) SetRedirectUrl(url string) { + s.Transport.Config.RedirectURL = url +} + +func (s *SocialTencent) UserInfo(token *oauth.Token, URL *url.URL) (*BasicUserInfo, error) { + var data struct { + Data struct { + Id string `json:"openid"` + Name string `json:"name"` + Email string `json:"email"` + } `json:"data"` + } + var err error + // https://open.t.qq.com/api/user/info? + //oauth_consumer_key=APP_KEY& + //access_token=ACCESSTOKEN&openid=openid + //clientip=CLIENTIP&oauth_version=2.a + //scope=all + var urls = url.Values{ + "oauth_consumer_key": {s.Transport.Config.ClientId}, + "access_token": {token.AccessToken}, + "openid": URL.Query()["openid"], + "oauth_version": {"2.a"}, + "scope": {"all"}, + } + r, err := http.Get(s.reqUrl + "?" + urls.Encode()) + if err != nil { + return nil, err + } + defer r.Body.Close() + if err = json.NewDecoder(r.Body).Decode(&data); err != nil { + return nil, err + } + return &BasicUserInfo{ + Identity: data.Data.Id, + Name: data.Data.Name, + Email: data.Data.Email, + }, nil +} + +// ___________ .__ __ __ +// \__ ___/_ _ _|__|/ |__/ |_ ___________ +// | | \ \/ \/ / \ __\ __\/ __ \_ __ \ +// | | \ /| || | | | \ ___/| | \/ +// |____| \/\_/ |__||__| |__| \___ >__| +// \/ + +type SocialTwitter struct { + Token *oauth.Token + *oauth.Transport +} + +func (s *SocialTwitter) Type() int { + return models.OT_TWITTER +} + +func newTwitterOauth(config *oauth.Config) { + SocialMap["twitter"] = &SocialTwitter{ + Transport: &oauth.Transport{ + Config: config, + Transport: http.DefaultTransport, + }, + } +} + +func (s *SocialTwitter) SetRedirectUrl(url string) { + s.Transport.Config.RedirectURL = url +} + +//https://github.com/mrjones/oauth +func (s *SocialTwitter) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { + // transport := &oauth.Transport{Token: token} + // var data struct { + // Id string `json:"id"` + // Name string `json:"name"` + // Email string `json:"email"` + // } + // var err error + + // reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo" + // r, err := transport.Client().Get(reqUrl) + // if err != nil { + // return nil, err + // } + // defer r.Body.Close() + // if err = json.NewDecoder(r.Body).Decode(&data); err != nil { + // return nil, err + // } + // return &BasicUserInfo{ + // Identity: data.Id, + // Name: data.Name, + // Email: data.Email, + // }, nil + return nil, nil +} diff --git a/routers/install.go b/routers/install.go index d66f5b39b..f09401370 100644 --- a/routers/install.go +++ b/routers/install.go @@ -22,6 +22,7 @@ import ( "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/mailer" "github.com/gogits/gogs/modules/middleware" + "github.com/gogits/gogs/modules/social" ) // Check run mode(Default of martini is Dev). @@ -36,6 +37,11 @@ func checkRunMode() { log.Info("Run Mode: %s", strings.Title(martini.Env)) } +func NewServices() { + base.NewBaseServices() + social.NewOauthService() +} + // GlobalInit is for global configuration reload-able. func GlobalInit() { base.NewConfigContext() @@ -52,7 +58,7 @@ func GlobalInit() { models.HasEngine = true cron.NewCronContext() } - base.NewServices() + NewServices() checkRunMode() } diff --git a/routers/user/home.go b/routers/user/home.go index 50f16f094..12099a519 100644 --- a/routers/user/home.go +++ b/routers/user/home.go @@ -18,7 +18,7 @@ import ( func Dashboard(ctx *middleware.Context) { ctx.Data["Title"] = "Dashboard" ctx.Data["PageIsUserDashboard"] = true - repos, err := models.GetRepositories(&models.User{Id: ctx.User.Id}) + repos, err := models.GetRepositories(&models.User{Id: ctx.User.Id}, true) if err != nil { ctx.Handle(500, "user.Dashboard", err) return @@ -58,7 +58,7 @@ func Profile(ctx *middleware.Context, params martini.Params) { } ctx.Data["Feeds"] = feeds default: - repos, err := models.GetRepositories(user) + repos, err := models.GetRepositories(user, ctx.IsSigned && ctx.User.Id == user.Id) if err != nil { ctx.Handle(500, "user.Profile", err) return @@ -119,7 +119,7 @@ func Issues(ctx *middleware.Context) { } // Get all repositories. - repos, err := models.GetRepositories(ctx.User) + repos, err := models.GetRepositories(ctx.User, true) if err != nil { ctx.Handle(200, "user.Issues(get repositories)", err) return diff --git a/routers/user/social.go b/routers/user/social.go index 29c4fa97c..a258bad1a 100644 --- a/routers/user/social.go +++ b/routers/user/social.go @@ -6,36 +6,20 @@ package user import ( "encoding/json" + "errors" "fmt" - "net/http" "net/url" - "strconv" "strings" - "code.google.com/p/goauth2/oauth" "github.com/go-martini/martini" "github.com/gogits/gogs/models" "github.com/gogits/gogs/modules/base" "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/middleware" + "github.com/gogits/gogs/modules/social" ) -type BasicUserInfo struct { - Identity string - Name string - Email string -} - -type SocialConnector interface { - Type() int - SetRedirectUrl(string) - UserInfo(*oauth.Token, *url.URL) (*BasicUserInfo, error) - - AuthCodeURL(string) string - Exchange(string) (*oauth.Token, error) -} - func extractPath(next string) string { n, err := url.Parse(next) if err != nil { @@ -44,278 +28,72 @@ func extractPath(next string) string { return n.Path } -var ( - SocialBaseUrl = "/user/login" - SocialMap = make(map[string]SocialConnector) -) - -// github && google && ... -func SocialSignIn(params martini.Params, ctx *middleware.Context) { - if base.OauthService == nil || !base.OauthService.GitHub.Enabled { - ctx.Handle(404, "social login not enabled", nil) +func SocialSignIn(ctx *middleware.Context, params martini.Params) { + if base.OauthService == nil { + ctx.Handle(404, "social.SocialSignIn(oauth service not enabled)", nil) return } + next := extractPath(ctx.Query("next")) name := params["name"] - connect, ok := SocialMap[name] + connect, ok := social.SocialMap[name] if !ok { - ctx.Handle(404, "social login", nil) + ctx.Handle(404, "social.SocialSignIn(social login not enabled)", errors.New(name)) return } + code := ctx.Query("code") if code == "" { // redirect to social login page - connect.SetRedirectUrl(strings.TrimSuffix(base.AppUrl, "/") + ctx.Req.URL.Host + ctx.Req.URL.Path) + connect.SetRedirectUrl(strings.TrimSuffix(base.AppUrl, "/") + ctx.Req.URL.Path) ctx.Redirect(connect.AuthCodeURL(next)) return } // handle call back - tk, err := connect.Exchange(code) // exchange for token + tk, err := connect.Exchange(code) if err != nil { - log.Error("oauth2 handle callback error: %v", err) - ctx.Handle(500, "exchange code error", nil) + ctx.Handle(500, "social.SocialSignIn(Exchange)", err) return } next = extractPath(ctx.Query("state")) - log.Trace("success get token") + log.Trace("social.SocialSignIn(Got token)") ui, err := connect.UserInfo(tk, ctx.Req.URL) if err != nil { - ctx.Handle(500, fmt.Sprintf("get infomation from %s error: %v", name, err), nil) - log.Error("social connect error: %s", err) + ctx.Handle(500, fmt.Sprintf("social.SocialSignIn(get info from %s)", name), err) return } - log.Info("social login: %s", ui) + log.Info("social.SocialSignIn(social login): %s", ui) + oa, err := models.GetOauth2(ui.Identity) switch err { case nil: ctx.Session.Set("userId", oa.User.Id) ctx.Session.Set("userName", oa.User.Name) - case models.ErrOauth2RecordNotExists: - oa = &models.Oauth2{} - raw, _ := json.Marshal(tk) // json encode - oa.Token = string(raw) - oa.Uid = -1 - oa.Type = connect.Type() - oa.Identity = ui.Identity - log.Trace("oa: %v", oa) + case models.ErrOauth2RecordNotExist: + raw, _ := json.Marshal(tk) + oa = &models.Oauth2{ + Uid: -1, + Type: connect.Type(), + Identity: ui.Identity, + Token: string(raw), + } + log.Trace("social.SocialSignIn(oa): %v", oa) if err = models.AddOauth2(oa); err != nil { - log.Error("add oauth2 %v", err) // 501 + log.Error("social.SocialSignIn(add oauth2): %v", err) // 501 return } - case models.ErrOauth2NotAssociatedWithUser: + case models.ErrOauth2NotAssociated: next = "/user/sign_up" default: - log.Error("other error: %v", err) - ctx.Handle(500, err.Error(), nil) + ctx.Handle(500, "social.SocialSignIn(GetOauth2)", err) return } + ctx.Session.Set("socialId", oa.Id) ctx.Session.Set("socialName", ui.Name) ctx.Session.Set("socialEmail", ui.Email) - log.Trace("socialId: %v", oa.Id) + log.Trace("social.SocialSignIn(social ID): %v", oa.Id) ctx.Redirect(next) } - -// ________.__ __ ___ ___ ___. -// / _____/|__|/ |_ / | \ __ _\_ |__ -// / \ ___| \ __\/ ~ \ | \ __ \ -// \ \_\ \ || | \ Y / | / \_\ \ -// \______ /__||__| \___|_ /|____/|___ / -// \/ \/ \/ - -type SocialGithub struct { - Token *oauth.Token - *oauth.Transport -} - -func (s *SocialGithub) Type() int { - return models.OT_GITHUB -} - -func init() { - github := &SocialGithub{} - name := "github" - config := &oauth.Config{ - ClientId: "09383403ff2dc16daaa1", //base.OauthService.GitHub.ClientId, // FIXME: panic when set - ClientSecret: "0e4aa0c3630df396cdcea01a9d45cacf79925fea", //base.OauthService.GitHub.ClientSecret, - RedirectURL: strings.TrimSuffix(base.AppUrl, "/") + "/user/login/" + name, //ctx.Req.URL.RequestURI(), - Scope: "https://api.github.com/user", - AuthURL: "https://github.com/login/oauth/authorize", - TokenURL: "https://github.com/login/oauth/access_token", - } - github.Transport = &oauth.Transport{ - Config: config, - Transport: http.DefaultTransport, - } - SocialMap[name] = github -} - -func (s *SocialGithub) SetRedirectUrl(url string) { - s.Transport.Config.RedirectURL = url -} - -func (s *SocialGithub) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { - transport := &oauth.Transport{ - Token: token, - } - var data struct { - Id int `json:"id"` - Name string `json:"login"` - Email string `json:"email"` - } - var err error - r, err := transport.Client().Get(s.Transport.Scope) - if err != nil { - return nil, err - } - defer r.Body.Close() - if err = json.NewDecoder(r.Body).Decode(&data); err != nil { - return nil, err - } - return &BasicUserInfo{ - Identity: strconv.Itoa(data.Id), - Name: data.Name, - Email: data.Email, - }, nil -} - -// ________ .__ -// / _____/ ____ ____ ____ | | ____ -// / \ ___ / _ \ / _ \ / ___\| | _/ __ \ -// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/ -// \______ /\____/ \____/\___ /|____/\___ > -// \/ /_____/ \/ - -type SocialGoogle struct { - Token *oauth.Token - *oauth.Transport -} - -func (s *SocialGoogle) Type() int { - return models.OT_GOOGLE -} - -func init() { - google := &SocialGoogle{} - name := "google" - // get client id and secret from - // https://console.developers.google.com/project - config := &oauth.Config{ - ClientId: "849753812404-mpd7ilvlb8c7213qn6bre6p6djjskti9.apps.googleusercontent.com", //base.OauthService.GitHub.ClientId, // FIXME: panic when set - ClientSecret: "VukKc4MwaJUSmiyv3D7ANVCa", //base.OauthService.GitHub.ClientSecret, - Scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile", - AuthURL: "https://accounts.google.com/o/oauth2/auth", - TokenURL: "https://accounts.google.com/o/oauth2/token", - } - google.Transport = &oauth.Transport{ - Config: config, - Transport: http.DefaultTransport, - } - SocialMap[name] = google -} - -func (s *SocialGoogle) SetRedirectUrl(url string) { - s.Transport.Config.RedirectURL = url -} - -func (s *SocialGoogle) UserInfo(token *oauth.Token, _ *url.URL) (*BasicUserInfo, error) { - transport := &oauth.Transport{Token: token} - var data struct { - Id string `json:"id"` - Name string `json:"name"` - Email string `json:"email"` - } - var err error - - reqUrl := "https://www.googleapis.com/oauth2/v1/userinfo" - r, err := transport.Client().Get(reqUrl) - if err != nil { - return nil, err - } - defer r.Body.Close() - if err = json.NewDecoder(r.Body).Decode(&data); err != nil { - return nil, err - } - return &BasicUserInfo{ - Identity: data.Id, - Name: data.Name, - Email: data.Email, - }, nil -} - -// ________ ________ -// \_____ \ \_____ \ -// / / \ \ / / \ \ -// / \_/. \/ \_/. \ -// \_____\ \_/\_____\ \_/ -// \__> \__> - -type SocialQQ struct { - Token *oauth.Token - *oauth.Transport - reqUrl string -} - -func (s *SocialQQ) Type() int { - return models.OT_QQ -} - -func init() { - qq := &SocialQQ{} - name := "qq" - config := &oauth.Config{ - ClientId: "801497180", //base.OauthService.GitHub.ClientId, // FIXME: panic when set - ClientSecret: "16cd53b8ad2e16a36fc2c8f87d9388f2", //base.OauthService.GitHub.ClientSecret, - Scope: "all", - AuthURL: "https://open.t.qq.com/cgi-bin/oauth2/authorize", - TokenURL: "https://open.t.qq.com/cgi-bin/oauth2/access_token", - } - qq.reqUrl = "https://open.t.qq.com/api/user/info" - qq.Transport = &oauth.Transport{ - Config: config, - Transport: http.DefaultTransport, - } - SocialMap[name] = qq -} - -func (s *SocialQQ) SetRedirectUrl(url string) { - s.Transport.Config.RedirectURL = url -} - -func (s *SocialQQ) UserInfo(token *oauth.Token, URL *url.URL) (*BasicUserInfo, error) { - var data struct { - Data struct { - Id string `json:"openid"` - Name string `json:"name"` - Email string `json:"email"` - } `json:"data"` - } - var err error - // https://open.t.qq.com/api/user/info? - //oauth_consumer_key=APP_KEY& - //access_token=ACCESSTOKEN&openid=openid - //clientip=CLIENTIP&oauth_version=2.a - //scope=all - var urls = url.Values{ - "oauth_consumer_key": {s.Transport.Config.ClientId}, - "access_token": {token.AccessToken}, - "openid": URL.Query()["openid"], - "oauth_version": {"2.a"}, - "scope": {"all"}, - } - r, err := http.Get(s.reqUrl + "?" + urls.Encode()) - if err != nil { - return nil, err - } - defer r.Body.Close() - if err = json.NewDecoder(r.Body).Decode(&data); err != nil { - return nil, err - } - return &BasicUserInfo{ - Identity: data.Data.Id, - Name: data.Data.Name, - Email: data.Data.Email, - }, nil -} diff --git a/routers/user/user.go b/routers/user/user.go index bcb2e9783..56b9dc205 100644 --- a/routers/user/user.go +++ b/routers/user/user.go @@ -19,9 +19,15 @@ import ( func SignIn(ctx *middleware.Context) { ctx.Data["Title"] = "Log In" + if _, ok := ctx.Session.Get("socialId").(int64); ok { + ctx.Data["IsSocialLogin"] = true + ctx.HTML(200, "user/signin") + return + } + if base.OauthService != nil { ctx.Data["OauthEnabled"] = true - ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled + ctx.Data["OauthService"] = base.OauthService } // Check auto-login. @@ -34,7 +40,7 @@ func SignIn(ctx *middleware.Context) { isSucceed := false defer func() { if !isSucceed { - log.Trace("%s auto-login cookie cleared: %s", ctx.Req.RequestURI, userName) + log.Trace("user.SignIn(auto-login cookie cleared): %s", userName) ctx.SetCookie(base.CookieUserName, "", -1) ctx.SetCookie(base.CookieRememberName, "", -1) return @@ -70,9 +76,12 @@ func SignIn(ctx *middleware.Context) { func SignInPost(ctx *middleware.Context, form auth.LogInForm) { ctx.Data["Title"] = "Log In" - if base.OauthService != nil { + sid, isOauth := ctx.Session.Get("socialId").(int64) + if isOauth { + ctx.Data["IsSocialLogin"] = true + } else if base.OauthService != nil { ctx.Data["OauthEnabled"] = true - ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled + ctx.Data["OauthService"] = base.OauthService } if ctx.HasError() { @@ -99,13 +108,20 @@ func SignInPost(ctx *middleware.Context, form auth.LogInForm) { ctx.SetSecureCookie(secret, base.CookieRememberName, user.Name, days) } - // Bind with social account - if sid, ok := ctx.Session.Get("socialId").(int64); ok { + // Bind with social account. + if isOauth { if err = models.BindUserOauth2(user.Id, sid); err != nil { - log.Error("bind user error: %v", err) + if err == models.ErrOauth2RecordNotExist { + ctx.Handle(404, "user.SignInPost(GetOauth2ById)", err) + } else { + ctx.Handle(500, "user.SignInPost(GetOauth2ById)", err) + } + return } ctx.Session.Delete("socialId") + log.Trace("%s OAuth binded: %s -> %d", ctx.Req.RequestURI, form.UserName, sid) } + ctx.Session.Set("userId", user.Id) ctx.Session.Set("userName", user.Name) if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 { @@ -117,6 +133,27 @@ func SignInPost(ctx *middleware.Context, form auth.LogInForm) { ctx.Redirect("/") } +func oauthSignInPost(ctx *middleware.Context, sid int64) { + ctx.Data["Title"] = "OAuth Sign Up" + ctx.Data["PageIsSignUp"] = true + + if _, err := models.GetOauth2ById(sid); err != nil { + if err == models.ErrOauth2RecordNotExist { + ctx.Handle(404, "user.oauthSignUp(GetOauth2ById)", err) + } else { + ctx.Handle(500, "user.oauthSignUp(GetOauth2ById)", err) + } + return + } + + ctx.Data["IsSocialLogin"] = true + ctx.Data["username"] = ctx.Session.Get("socialName") + ctx.Data["email"] = ctx.Session.Get("socialEmail") + log.Trace("user.oauthSignUp(social ID): %v", ctx.Session.Get("socialId")) + + ctx.HTML(200, "user/signup") +} + func SignOut(ctx *middleware.Context) { ctx.Session.Delete("userId") ctx.Session.Delete("userName") @@ -132,23 +169,37 @@ func SignUp(ctx *middleware.Context) { ctx.Data["Title"] = "Sign Up" ctx.Data["PageIsSignUp"] = true - if sid, ok := ctx.Session.Get("socialId").(int64); ok { - var err error - if _, err = models.GetOauth2ById(sid); err == nil { - ctx.Data["IsSocialLogin"] = true - // FIXME: don't set in error page - ctx.Data["username"] = ctx.Session.Get("socialName") - ctx.Data["email"] = ctx.Session.Get("socialEmail") - } else { - log.Error("unaccepted oauth error: %s", err) // FIXME: should it show in page - } - } if base.Service.DisenableRegisteration { ctx.Data["DisenableRegisteration"] = true ctx.HTML(200, "user/signup") return } - log.Info("session: %v", ctx.Session.Get("socialId")) + + if sid, ok := ctx.Session.Get("socialId").(int64); ok { + oauthSignUp(ctx, sid) + return + } + + ctx.HTML(200, "user/signup") +} + +func oauthSignUp(ctx *middleware.Context, sid int64) { + ctx.Data["Title"] = "OAuth Sign Up" + ctx.Data["PageIsSignUp"] = true + + if _, err := models.GetOauth2ById(sid); err != nil { + if err == models.ErrOauth2RecordNotExist { + ctx.Handle(404, "user.oauthSignUp(GetOauth2ById)", err) + } else { + ctx.Handle(500, "user.oauthSignUp(GetOauth2ById)", err) + } + return + } + + ctx.Data["IsSocialLogin"] = true + ctx.Data["username"] = strings.Replace(ctx.Session.Get("socialName").(string), " ", "", -1) + ctx.Data["email"] = ctx.Session.Get("socialEmail") + log.Trace("user.oauthSignUp(social ID): %v", ctx.Session.Get("socialId")) ctx.HTML(200, "user/signup") } @@ -162,6 +213,11 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) { return } + sid, isOauth := ctx.Session.Get("socialId").(int64) + if isOauth { + ctx.Data["IsSocialLogin"] = true + } + if form.Password != form.RetypePasswd { ctx.Data["HasError"] = true ctx.Data["Err_Password"] = true @@ -179,7 +235,7 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) { Name: form.UserName, Email: form.Email, Passwd: form.Password, - IsActive: !base.Service.RegisterEmailConfirm, + IsActive: !base.Service.RegisterEmailConfirm || isOauth, } var err error @@ -192,20 +248,25 @@ func SignUpPost(ctx *middleware.Context, form auth.RegisterForm) { case models.ErrUserNameIllegal: ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "user/signup", &form) default: - ctx.Handle(500, "user.SignUp", err) + ctx.Handle(500, "user.SignUp(RegisterUser)", err) } return } - log.Trace("%s User created: %s", ctx.Req.RequestURI, strings.ToLower(form.UserName)) - // Bind Social Account - if sid, ok := ctx.Session.Get("socialId").(int64); ok { - models.BindUserOauth2(u.Id, sid) + log.Trace("%s User created: %s", ctx.Req.RequestURI, form.UserName) + + // Bind social account. + if isOauth { + if err = models.BindUserOauth2(u.Id, sid); err != nil { + ctx.Handle(500, "user.SignUp(BindUserOauth2)", err) + return + } ctx.Session.Delete("socialId") + log.Trace("%s OAuth binded: %s -> %d", ctx.Req.RequestURI, form.UserName, sid) } - // Send confirmation e-mail. - if base.Service.RegisterEmailConfirm && u.Id > 1 { + // Send confirmation e-mail, no need for social account. + if !isOauth && base.Service.RegisterEmailConfirm && u.Id > 1 { mailer.SendRegisterMail(ctx.Render, u) ctx.Data["IsSendRegisterMail"] = true ctx.Data["Email"] = u.Email diff --git a/templates/user/dashboard.tmpl b/templates/user/dashboard.tmpl index 167ae9abb..bc363ddaa 100644 --- a/templates/user/dashboard.tmpl +++ b/templates/user/dashboard.tmpl @@ -44,7 +44,7 @@
{{.Description}}
or
- - {{if .OauthGitHubEnabled}} - - GitHub - {{end}} + {{if .OauthService.GitHub}}GitHub{{end}} + {{if .OauthService.Google}}Google{{end}} + {{if .OauthService.Tencent}}Twitter{{end}} + {{if .OauthService.Tencent}}QQ{{end}}