Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Auth Provider Configuration
# Set to "casdoor" to use Casdoor SSO, or "built-in" (default) for built-in auth.
PAGODE_AUTH_PROVIDER=built-in

# Casdoor Configuration (only needed when PAGODE_AUTH_PROVIDER=casdoor)
# See casdoor/README.md for setup instructions.
PAGODE_AUTH_CASDOOR_ENDPOINT=http://localhost:8100
PAGODE_AUTH_CASDOOR_CLIENTID=your-client-id
PAGODE_AUTH_CASDOOR_CLIENTSECRET=your-client-secret
PAGODE_AUTH_CASDOOR_CERTIFICATE="-----BEGIN CERTIFICATE-----\nyour-certificate-here\n-----END CERTIFICATE-----"
PAGODE_AUTH_CASDOOR_ORGANIZATIONNAME=built-in
PAGODE_AUTH_CASDOOR_APPLICATIONNAME=pagode
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,4 @@ build/
.aider.input.history
.aider.tags.cache.v4/
static/chat-uploads/
.env
66 changes: 66 additions & 0 deletions casdoor/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Casdoor Integration

Pagode supports [Casdoor](https://casdoor.org) as an opt-in external authentication provider. When enabled, login and registration are handled by Casdoor via OAuth 2.0, while Pagode manages local sessions and user data.

## Quick Start

### 1. Start Casdoor

```bash
docker compose up -d casdoor
```

Casdoor will be available at http://localhost:8100.
Default credentials: `admin` / `123`

### 2. Configure a Pagode Application in Casdoor

1. Open http://localhost:8100 and log in
2. Go to **Applications** > **Add**
3. Set **Name**: `pagode`
4. Set **Organization**: `built-in`
5. Set **Redirect URL**: `http://localhost:8000/auth/casdoor/callback`
6. Copy the **Client ID** and **Client Secret**
7. Save

### 3. Get the Certificate

1. Go to **Certs** in the Casdoor admin panel
2. Find the `cert-built-in` certificate
3. Copy the certificate content (the public key)

### 4. Configure Pagode

Set the following environment variables (or update `config/config.yaml`):

```bash
export PAGODE_AUTH_PROVIDER=casdoor
export PAGODE_AUTH_CASDOOR_ENDPOINT=http://localhost:8100
export PAGODE_AUTH_CASDOOR_CLIENTID=<your-client-id>
export PAGODE_AUTH_CASDOOR_CLIENTSECRET=<your-client-secret>
export PAGODE_AUTH_CASDOOR_CERTIFICATE=<certificate-content>
export PAGODE_AUTH_CASDOOR_ORGANIZATIONNAME=built-in
export PAGODE_AUTH_CASDOOR_APPLICATIONNAME=pagode
```

### 5. Run Pagode

```bash
make run
```

Login and registration will now redirect to Casdoor.

## Production

In production, run Casdoor as a separate service (Docker, Kubernetes, or bare metal). See the [Casdoor deployment docs](https://casdoor.org/docs/basic/server-installation) for details.

Update the environment variables to point to your production Casdoor instance.

## How It Works

- When `auth.provider=casdoor`, the login/register pages redirect to Casdoor
- After authentication, Casdoor redirects back with an authorization code
- Pagode exchanges the code for a JWT token and extracts the user's email/name
- A local user is created (or linked by email) and a session is established
- All downstream features (dashboard, payments, chat, admin) work unchanged
13 changes: 8 additions & 5 deletions cmd/admin/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package main

import (
"context"
"crypto/rand"
"encoding/hex"
"flag"
"fmt"
"os"
Expand Down Expand Up @@ -29,14 +31,15 @@ func main() {
invalid("email is required")
}

// Generate a password.
pw, err := c.Auth.RandomToken(10)
if err != nil {
// Generate a random placeholder password (Casdoor manages real passwords).
b := make([]byte, 32)
if _, err := rand.Read(b); err != nil {
invalid("failed to generate a random password")
}
pw := hex.EncodeToString(b)

// Create the admin user.
err = c.ORM.User.
err := c.ORM.User.
Create().
SetEmail(email).
SetName("Admin").
Expand All @@ -52,7 +55,7 @@ func main() {
fmt.Println("")
fmt.Println("-- ADMIN USER CREATED --")
fmt.Printf("Email: %s\n", email)
fmt.Printf("Password: %s\n", pw)
fmt.Println("Password is managed by Casdoor SSO.")
fmt.Println("----")
fmt.Println("")
}
Expand Down
28 changes: 28 additions & 0 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"strings"
"time"

"github.com/joho/godotenv"
"github.com/spf13/viper"
)

Expand Down Expand Up @@ -58,6 +59,7 @@ type (
Tasks TasksConfig
Mail MailConfig
Payment PaymentConfig
Auth AuthConfig
Chat ChatConfig
}

Expand Down Expand Up @@ -142,6 +144,21 @@ type (
Currency string
}

// AuthConfig stores the authentication configuration (Casdoor SSO).
AuthConfig struct {
Casdoor CasdoorConfig
}

// CasdoorConfig stores the Casdoor-specific configuration.
CasdoorConfig struct {
Endpoint string
ClientId string
ClientSecret string
Certificate string
OrganizationName string
ApplicationName string
}

// ChatConfig stores the chat configuration.
ChatConfig struct {
Enabled bool
Expand All @@ -160,6 +177,9 @@ type (
func GetConfig() (Config, error) {
var c Config

// Load .env file if present (does not override existing env vars).
_ = godotenv.Load()

// Load the config file.
viper.SetConfigName("config")
viper.SetConfigType("yaml")
Expand All @@ -173,6 +193,14 @@ func GetConfig() (Config, error) {
viper.AutomaticEnv()
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))

// Explicitly bind Casdoor env vars so Viper picks them up.
viper.BindEnv("auth.casdoor.endpoint")
viper.BindEnv("auth.casdoor.clientid")
viper.BindEnv("auth.casdoor.clientsecret")
viper.BindEnv("auth.casdoor.certificate")
viper.BindEnv("auth.casdoor.organizationname")
viper.BindEnv("auth.casdoor.applicationname")

if err := viper.ReadInConfig(); err != nil {
return c, err
}
Expand Down
9 changes: 9 additions & 0 deletions config/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,15 @@ payment:
webhookSecret: "whsec_your_webhook_secret_here"
currency: "usd"

auth:
casdoor:
endpoint: ""
clientId: ""
clientSecret: ""
certificate: ""
organizationName: ""
applicationName: ""

chat:
enabled: true
defaultRoom: "general"
Expand Down
9 changes: 9 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
version: "3.8"

services:
casdoor:
image: casbin/casdoor-all-in-one
container_name: pagode-casdoor
ports:
- "8100:8000"
restart: unless-stopped
7 changes: 7 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ require (
github.com/andybalholm/cascadia v1.3.3 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/bmatcuk/doublestar v1.3.4 // indirect
github.com/casdoor/casdoor-go-sdk v1.44.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dolthub/maphash v0.1.0 // indirect
github.com/fsnotify/fsnotify v1.9.0 // indirect
Expand All @@ -39,12 +40,15 @@ require (
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/context v1.1.2 // indirect
github.com/gorilla/securecookie v1.1.2 // indirect
github.com/gorilla/websocket v1.5.3 // indirect
github.com/hashicorp/hcl/v2 v2.24.0 // indirect
github.com/joho/godotenv v1.5.1 // indirect
github.com/labstack/gommon v0.4.2 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
Expand All @@ -64,10 +68,13 @@ require (
go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/mod v0.33.0 // indirect
golang.org/x/net v0.50.0 // indirect
golang.org/x/oauth2 v0.13.0 // indirect
golang.org/x/sync v0.19.0 // indirect
golang.org/x/sys v0.41.0 // indirect
golang.org/x/text v0.34.0 // indirect
golang.org/x/time v0.14.0 // indirect
golang.org/x/tools v0.42.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
22 changes: 22 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
github.com/casdoor/casdoor-go-sdk v1.44.0 h1:tKxzgSvgPAaotjywBA9rXvi0GUHSfCMpHQDsXnAyFls=
github.com/casdoor/casdoor-go-sdk v1.44.0/go.mod h1:7aXOpfl6s5M5/yjHgIGuPBwdHeSCV/jha1iYsnE1MNc=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dolthub/maphash v0.1.0 h1:bsQ7JsF4FkkWyrP3oCnFJgrCUAFbFf3kOl4L/QxPDyQ=
Expand All @@ -40,8 +42,15 @@ github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
Expand All @@ -59,6 +68,8 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/hashicorp/hcl/v2 v2.24.0 h1:2QJdZ454DSsYGoaE6QheQZjtKZSUs9Nh2izTWiwQxvE=
github.com/hashicorp/hcl/v2 v2.24.0/go.mod h1:oGoO1FIQYfn/AgyOhlg9qLC6/nOJPX3qGbkZpYAcqfM=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
Expand Down Expand Up @@ -139,6 +150,7 @@ golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
Expand All @@ -150,6 +162,8 @@ golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand Down Expand Up @@ -183,6 +197,7 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
Expand All @@ -204,6 +219,13 @@ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxb
golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
Expand Down
Loading