feat(organization): add oauth2 login support

Author: duanhongyi

charts/passport/files/reserved-name-patterns.txt

@@ -0,0 +1,13 @@
+^backup$
+^catalog$
+^cert-manager$
+^default$
+^drycc(?:-[\w-]+)?$
+^istio(?:-[\w-]+)?$
+^kube(?:-[\w-]+)?$
+^longhorn-system$
+^metallb$
+^mount-s3$
+^topolvm$
+^rook-ceph$
+^personal$

charts/passport/templates/passport-configmap.yaml

@@ -5,11 +5,11 @@ metadata:
   labels:
     heritage: drycc
 data:
-  reserved-usernames.txt: |-
-{{- if .Values.reservedUsernames }}
-{{- (tpl .Values.reservedUsernames $) | nindent 4 }}
-{{- else}}
-{{- include "passport.defaultReservedUsernames" . | nindent 4 }}
-{{- end }}
   init-applications.json: |-
 {{ toPrettyJson .Values.initApplications | indent 4 }}
+  reserved-name-patterns.txt: |-
+    {{- if .Values.config.reservedNames }}
+    {{- (tpl .Values.config.reservedNames $)  | nindent 4 }}
+    {{- else}}
+    {{- .Files.Get "files/reserved-name-patterns.txt" | nindent 4 }}
+    {{- end }}

rootfs/Dockerfile

@@ -4,7 +4,7 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} as build-app
 ADD web /web
 WORKDIR /web
 
-ENV NODE_VERSION="22"
+ENV NODE_VERSION="24"
 
 RUN install-stack node $NODE_VERSION && . init-stack \
   && npm install --global yarn \
@@ -16,7 +16,7 @@ FROM registry.drycc.cc/drycc/base:${CODENAME}
 ARG DRYCC_UID=1001 \
   DRYCC_GID=1001 \
   DRYCC_HOME_DIR=/workspace \
-  PYTHON_VERSION="3.13"
+  PYTHON_VERSION="3.14"
 
 RUN groupadd drycc --gid ${DRYCC_GID} \
   && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR}

rootfs/Dockerfile.test

@@ -1,10 +1,31 @@
+ARG CODENAME
+FROM registry.drycc.cc/drycc/base:${CODENAME} as build-app
+
+ADD web /web
+WORKDIR /web
+
+ENV NODE_VERSION="24"
+
+RUN install-stack node $NODE_VERSION && . init-stack \
+  && npm install --global yarn \
+  && yarn install \
+  && yarn build
+
+
 ARG CODENAME
 FROM registry.drycc.cc/drycc/base:${CODENAME}
 
-ARG DRYCC_HOME_DIR=/workspace \
-  PYTHON_VERSION="3.13" \
-  POSTGRES_VERSION="17.6" \
-  GOSU_VERSION="1.18"
+ARG DRYCC_UID=1001 \
+  DRYCC_GID=1001 \
+  DRYCC_HOME_DIR=/workspace \
+  PYTHON_VERSION="3.14" \
+  VALKEY_VERSION="9.0.1" \
+  POSTGRES_VERSION="18.1" \
+  GOSU_VERSION="1.19"
+
+
+RUN groupadd drycc --gid ${DRYCC_GID} \
+  && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR}
 
 ENV PGDATA="/var/lib/postgresql/data"
 
@@ -16,6 +37,7 @@ RUN buildDeps='gcc rustc cargo libffi-dev musl-dev libldap2-dev libsasl2-dev'; \
   && curl -SsL https://cli.codecov.io/latest/$([ $(dpkg --print-architecture) == "arm64" ] && echo linux-arm64 || echo linux)/codecov -o /usr/local/bin/codecov \
   && chmod +x /usr/local/bin/codecov \
   && install-stack python $PYTHON_VERSION \
+  && install-stack valkey $VALKEY_VERSION \
   && install-stack postgresql $POSTGRES_VERSION \
   && install-stack gosu $GOSU_VERSION && . init-stack \
   && python3 -m venv ${DRYCC_HOME_DIR}/.venv \
@@ -50,6 +72,9 @@ RUN buildDeps='gcc rustc cargo libffi-dev musl-dev libldap2-dev libsasl2-dev'; \
   && gosu postgres initdb -D $PGDATA
 
 COPY . ${DRYCC_HOME_DIR}
+COPY --chown=${DRYCC_UID}:${DRYCC_GID} . ${DRYCC_HOME_DIR}
+COPY --chown=${DRYCC_UID}:${DRYCC_GID} --from=build-app /web/dist ${DRYCC_HOME_DIR}/web/dist
+
 WORKDIR ${DRYCC_HOME_DIR}
 CMD ["bin/boot"]
 EXPOSE 8000

rootfs/api/apps.py

@@ -0,0 +1,10 @@
+from django import apps
+
+
+class AppConfig(apps.AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'api'
+
+    def ready(self):
+        super(AppConfig, self).ready()
+        __import__("api.signals")

rootfs/api/apps_extra/__init__.py

@@ -0,0 +1,82 @@
+import json
+from os.path import join, dirname
+from pathlib import Path
+from social_core.backends.oauth import BaseOAuth2
+from social_core.backends.github import GithubOAuth2 as BaseGithubOAuth2
+from social_core.backends.google import GoogleOAuth2 as BaseGoogleOAuth2
+from social_core.backends.weixin import WeixinOAuth2 as BaseWeixinOAuth2
+
+
+def icon_path(name):
+    return Path(join(dirname(__file__), "icons", f"{name}.svg"))
+
+
+class GithubOAuth2(BaseGithubOAuth2):
+    icon = icon_path("github").read_text(encoding="utf-8")
+
+
+class GoogleOAuth2(BaseGoogleOAuth2):
+    name = "google"
+    icon = icon_path("google").read_text(encoding="utf-8")
+
+
+class WeixinOAuth2(BaseWeixinOAuth2):
+    icon = icon_path("weixin").read_text(encoding="utf-8")
+
+
+class FeiShuOAuth2(BaseOAuth2):
+    """FeiShu OAuth2 authentication backend"""
+    name = 'feishu'
+    icon = icon_path("feishu").read_text(encoding="utf-8")
+
+    AUTHORIZATION_URL = 'https://accounts.feishu.cn/open-apis/authen/v1/authorize'
+    ACCESS_TOKEN_URL = 'https://open.feishu.cn/open-apis/authen/v2/oauth/token'
+    USER_INFO_URL = 'https://open.feishu.cn/open-apis/authen/v1/user_info'
+
+    DEFAULT_SCOPE = ['']
+    REDIRECT_STATE = False
+    ACCESS_TOKEN_METHOD = 'POST'
+    EXTRA_DATA = [
+        ('refresh_token', 'refresh_token'),
+        ('expires_in', 'expires'),
+        ('union_id', 'union_id'),
+        ('access_token', 'access_token'),
+    ]
+
+    def request_access_token(self, *args, **kwargs):
+        """Override to send JSON request provided by FeiShu"""
+        if 'data' in kwargs:
+            kwargs['data']['app_id'] = self.setting('KEY')
+            kwargs['data']['app_secret'] = self.setting('SECRET')
+            kwargs['data'] = json.dumps(kwargs['data'])
+            if 'headers' not in kwargs:
+                kwargs['headers'] = {}
+            kwargs['headers']['Content-Type'] = 'application/json; charset=utf-8'
+        return super().request_access_token(*args, **kwargs)
+
+    def get_user_details(self, response):
+        """Return user details from FeiShu account"""
+        return {
+            'username': response.get('name', ''),
+            'email': response.get('email', ''),
+        }
+
+    def user_data(self, access_token, *args, **kwargs):
+        """Loads user data from service"""
+        headers = {
+            'Authorization': f'Bearer {access_token}',
+            'Content-Type': 'application/json; charset=utf-8'
+        }
+        response = self.get_json(
+            self.USER_INFO_URL,
+            headers=headers
+        )
+        # FeiShu returns data wrapped in 'data' field
+        if 'data' in response:
+            response.update(response['data'])
+
+        response['union_id'] = response.get('union_id', '')
+        return response
+
+
+__all__ = [GithubOAuth2, GoogleOAuth2, WeixinOAuth2, FeiShuOAuth2]