Add GetOrCreateUserInfoByGitHubID to manage users by GitHub (#1193)

hackerwins · hackerwins · commit bee1e5731a63 · 2025-03-19T14:06:46.000+09:00
This commit enhanced authentication by integrating GitHub OAuth support.
Users can now sign in with GitHub, and profiles display the selected
authentication provider.
diff --git a/api/converter/from_pb.go b/api/converter/from_pb.go
@@ -33,9 +33,10 @@ import (
 // FromUser converts the given Protobuf formats to model format.
 func FromUser(pbUser *api.User) *types.User {
 	return &types.User{
-		ID:        types.ID(pbUser.Id),
-		Username:  pbUser.Username,
-		CreatedAt: pbUser.CreatedAt.AsTime(),
+		ID:           types.ID(pbUser.Id),
+		AuthProvider: pbUser.AuthProvider,
+		Username:     pbUser.Username,
+		CreatedAt:    pbUser.CreatedAt.AsTime(),
 	}
 }
 
diff --git a/api/converter/to_pb.go b/api/converter/to_pb.go
@@ -36,9 +36,10 @@ import (
 // ToUser converts the given model format to Protobuf format.
 func ToUser(user *types.User) *api.User {
 	return &api.User{
-		Id:        user.ID.String(),
-		Username:  user.Username,
-		CreatedAt: timestamppb.New(user.CreatedAt),
+		Id:           user.ID.String(),
+		AuthProvider: user.AuthProvider,
+		Username:     user.Username,
+		CreatedAt:    timestamppb.New(user.CreatedAt),
 	}
 }
 
diff --git a/api/docs/yorkie/v1/admin.openapi.yaml b/api/docs/yorkie/v1/admin.openapi.yaml
@@ -2187,7 +2187,7 @@ components:
           title: max_attachments_per_document
           type: object
         maxSubscribersPerDocument:
-          $ref: "#/components/schemas/google.protobuf.Int32Value"
+          $ref: '#/components/schemas/google.protobuf.Int32Value'
           additionalProperties: false
           description: ""
           title: max_subscribers_per_document
@@ -2259,6 +2259,11 @@ components:
       additionalProperties: false
       description: ""
       properties:
+        authProvider:
+          additionalProperties: false
+          description: ""
+          title: auth_provider
+          type: string
         createdAt:
           $ref: '#/components/schemas/google.protobuf.Timestamp'
           additionalProperties: false
diff --git a/api/docs/yorkie/v1/resources.openapi.yaml b/api/docs/yorkie/v1/resources.openapi.yaml
@@ -1742,7 +1742,7 @@ components:
           title: max_attachments_per_document
           type: object
         maxSubscribersPerDocument:
-          $ref: "#/components/schemas/google.protobuf.Int32Value"
+          $ref: '#/components/schemas/google.protobuf.Int32Value'
           additionalProperties: false
           description: ""
           title: max_subscribers_per_document
@@ -1785,6 +1785,11 @@ components:
       additionalProperties: false
       description: ""
       properties:
+        authProvider:
+          additionalProperties: false
+          description: ""
+          title: auth_provider
+          type: string
         createdAt:
           $ref: '#/components/schemas/google.protobuf.Timestamp'
           additionalProperties: false
diff --git a/api/types/user.go b/api/types/user.go
@@ -24,6 +24,10 @@ type User struct {
 	// ID is the unique ID of the user.
 	ID ID `json:"id"`
 
+	// AuthProvider is the authentication provider of the user. It can be
+	// "github" or empty string for local authentication.
+	AuthProvider string `json:"auth_provider"`
+
 	// Username is the username of the user.
 	Username string `json:"username"`
 
diff --git a/api/yorkie/v1/resources.pb.go b/api/yorkie/v1/resources.pb.go
diff --git a/api/yorkie/v1/resources.proto b/api/yorkie/v1/resources.proto
@@ -286,8 +286,9 @@ message TreePos {
 
 message User {
   string id = 1;
-  string username = 2;
-  google.protobuf.Timestamp created_at = 3;
+  string auth_provider = 2;
+  string username = 3;
+  google.protobuf.Timestamp created_at = 4;
 }
 
 message Project {
diff --git a/build/charts/yorkie-cluster/templates/yorkie/deployment.yaml b/build/charts/yorkie-cluster/templates/yorkie/deployment.yaml
@@ -92,6 +92,34 @@ spec:
           "--kafka-write-timeout",
           "{{ .Values.yorkie.args.kafkaWriteTimeout }}",
           {{- end }}
+          {{- if .Values.yorkie.args.GitHubClientID }}
+          "--auth-github-client-id",
+          "{{ .Values.yorkie.args.GitHubClientID }}",
+          {{- end }}
+          {{- if .Values.yorkie.args.GitHubClientSecret }}
+          "--auth-github-client-secret",
+          "{{ .Values.yorkie.args.GitHubClientSecret }}",
+          {{- end }}
+          {{- if .Values.yorkie.args.GitHubRedirectURL }}
+          "--auth-github-redirect-url",
+          "{{ .Values.yorkie.args.GitHubRedirectURL }}",
+          {{- end }}
+          {{- if .Values.yorkie.args.GitHubAuthURL }}
+          "--auth-github-auth-url",
+          "{{ .Values.yorkie.args.GitHubAuthURL }}",
+          {{- end }}
+          {{- if .Values.yorkie.args.GitHubTokenURL }}
+          "--auth-github-token-url",
+          "{{ .Values.yorkie.args.GitHubTokenURL }}",
+          {{- end }}
+          {{- if .Values.yorkie.args.GitHubUserURL }}
+          "--auth-github-user-url",
+          "{{ .Values.yorkie.args.GitHubUserURL }}",
+          {{- end }}
+          {{- if .Values.yorkie.args.GitHubDeviceAuthURL }}
+          "--auth-github-device-auth-url",
+          "{{ .Values.yorkie.args.GitHubDeviceAuthURL }}",
+          {{- end }}
           {{- end }}
         ]
         ports:
diff --git a/cmd/yorkie/login.go b/cmd/yorkie/login.go
@@ -53,6 +53,9 @@ func newLoginCmd() *cobra.Command {
 				cli.Close()
 			}()
 
+			// TODO(hackerwins): For now, the login command only supports the
+			// username/password login. We need to support other login methods
+			// like GitHub.
 			ctx := context.Background()
 			token, err := cli.LogIn(ctx, username, password)
 			if err != nil {
diff --git a/cmd/yorkie/server.go b/cmd/yorkie/server.go
@@ -39,7 +39,15 @@ var (
 	flagConfPath string
 	flagLogLevel string
 
-	adminTokenDuration        time.Duration
+	adminTokenDuration      time.Duration
+	authGitHubClientID      string
+	authGitHubClientSecret  string
+	authGitHubRedirectURL   string
+	authGitHubUserURL       string
+	authGitHubAuthURL       string
+	authGitHubTokenURL      string
+	authGitHubDeviceAuthURL string
+
 	housekeepingInterval      time.Duration
 	clientDeactivateThreshold string
 
@@ -72,6 +80,14 @@ func newServerCmd() *cobra.Command {
 		Use:   "server [options]",
 		Short: "Start Yorkie server",
 		RunE: func(cmd *cobra.Command, args []string) error {
+			conf.RPC.Auth.GitHubClientID = authGitHubClientID
+			conf.RPC.Auth.GitHubClientSecret = authGitHubClientSecret
+			conf.RPC.Auth.GitHubRedirectURL = authGitHubRedirectURL
+			conf.RPC.Auth.GitHubUserURL = authGitHubUserURL
+			conf.RPC.Auth.GitHubAuthURL = authGitHubAuthURL
+			conf.RPC.Auth.GitHubTokenURL = authGitHubTokenURL
+			conf.RPC.Auth.GitHubDeviceAuthURL = authGitHubDeviceAuthURL
+
 			conf.Backend.AdminTokenDuration = adminTokenDuration.String()
 
 			conf.Backend.ClientDeactivateThreshold = clientDeactivateThreshold
@@ -219,6 +235,56 @@ func init() {
 		false,
 		"Enable runtime profiling data via HTTP server.",
 	)
+
+	cmd.Flags().DurationVar(
+		&adminTokenDuration,
+		"backend-admin-token-duration",
+		server.DefaultAdminTokenDuration,
+		"The duration of the admin authentication token.",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubClientID,
+		"auth-github-client-id",
+		"",
+		"GitHub OAuth Client ID",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubClientSecret,
+		"auth-github-client-secret",
+		"",
+		"GitHub OAuth Client Secret",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubRedirectURL,
+		"auth-github-redirect-url",
+		"http://localhost:8080/auth/github/callback",
+		"GitHub OAuth callback URL",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubUserURL,
+		"auth-github-user-url",
+		server.DefaultGitHubUserURL,
+		"GitHub User API URL",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubAuthURL,
+		"auth-github-auth-url",
+		server.DefaultGitHubAuthURL,
+		"GitHub OAuth2 authorization URL",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubTokenURL,
+		"auth-github-token-url",
+		server.DefaultGitHubTokenURL,
+		"GitHub OAuth2 token URL",
+	)
+	cmd.Flags().StringVar(
+		&authGitHubDeviceAuthURL,
+		"auth-github-device-auth-url",
+		server.DefaultGitHubDeviceAuthURL,
+		"GitHub OAuth2 device authorization URL",
+	)
+
 	cmd.Flags().DurationVar(
 		&housekeepingInterval,
 		"housekeeping-interval",
@@ -279,12 +345,7 @@ func init() {
 		server.DefaultSecretKey,
 		"The secret key for signing authentication tokens for admin users.",
 	)
-	cmd.Flags().DurationVar(
-		&adminTokenDuration,
-		"backend-admin-token-duration",
-		server.DefaultAdminTokenDuration,
-		"The duration of the admin authentication token.",
-	)
+
 	cmd.Flags().BoolVar(
 		&conf.Backend.UseDefaultProject,
 		"backend-use-default-project",
diff --git a/server/backend/database/database.go b/server/backend/database/database.go
@@ -124,6 +124,9 @@ type Database interface {
 		hashedPassword string,
 	) (*UserInfo, error)
 
+	// GetOrCreateUserInfoByGitHubID returns a user by the given GitHub ID.
+	GetOrCreateUserInfoByGitHubID(ctx context.Context, githubID string) (*UserInfo, error)
+
 	// DeleteUserInfoByName deletes a user by name.
 	DeleteUserInfoByName(ctx context.Context, username string) error
 
diff --git a/server/backend/database/memory/database.go b/server/backend/database/memory/database.go
@@ -403,6 +403,45 @@ func (d *DB) CreateUserInfo(
 	return info, nil
 }
 
+// GetOrCreateUserInfoByGitHubID returns a user by the given GitHub ID.
+func (d *DB) GetOrCreateUserInfoByGitHubID(
+	_ context.Context,
+	githubID string,
+) (*database.UserInfo, error) {
+	txn := d.db.Txn(true)
+	defer txn.Abort()
+
+	raw, err := txn.First(tblUsers, "username", githubID)
+	if err != nil {
+		return nil, fmt.Errorf("find user by github id: %w", err)
+	}
+
+	now := gotime.Now()
+	var info *database.UserInfo
+
+	if raw == nil {
+		info = &database.UserInfo{
+			ID:           newID(),
+			Username:     githubID,
+			AuthProvider: "github",
+			CreatedAt:    now,
+			AccessedAt:   now,
+		}
+		if err := txn.Insert(tblUsers, info); err != nil {
+			return nil, fmt.Errorf("create user: %w", err)
+		}
+	} else {
+		info = raw.(*database.UserInfo).DeepCopy()
+		info.AccessedAt = now
+		if err := txn.Insert(tblUsers, info); err != nil {
+			return nil, fmt.Errorf("update user: %w", err)
+		}
+	}
+
+	txn.Commit()
+	return info, nil
+}
+
 // DeleteUserInfoByName deletes a user by name.
 func (d *DB) DeleteUserInfoByName(_ context.Context, username string) error {
 	txn := d.db.Txn(true)
diff --git a/server/backend/database/mongo/client.go b/server/backend/database/mongo/client.go
@@ -431,6 +431,42 @@ func (c *Client) CreateUserInfo(
 	return info, nil
 }
 
+// GetOrCreateUserInfoByGitHubID returns a user by the given GitHub ID.
+func (c *Client) GetOrCreateUserInfoByGitHubID(
+	ctx context.Context,
+	githubID string,
+) (*database.UserInfo, error) {
+	now := gotime.Now()
+	result := c.collection(ColUsers).FindOneAndUpdate(
+		ctx,
+		bson.M{
+			"username": githubID,
+		},
+		bson.M{
+			"$set": bson.M{
+				"accessed_at": now,
+			},
+			"$setOnInsert": bson.M{
+				"auth_provider": "github",
+				"created_at":    now,
+			},
+		},
+		options.FindOneAndUpdate().
+			SetUpsert(true).
+			SetReturnDocument(options.After),
+	)
+
+	info := database.UserInfo{}
+	if err := result.Decode(&info); err != nil {
+		if err == mongo.ErrNoDocuments {
+			return nil, fmt.Errorf("%s: %w", githubID, database.ErrUserNotFound)
+		}
+		return nil, fmt.Errorf("decode user info: %w", err)
+	}
+
+	return &info, nil
+}
+
 // DeleteUserInfoByName deletes a user by name.
 func (c *Client) DeleteUserInfoByName(ctx context.Context, username string) error {
 	deleteResult, err := c.collection(ColUsers).DeleteOne(ctx, bson.M{
diff --git a/server/backend/database/user_info.go b/server/backend/database/user_info.go
@@ -32,10 +32,25 @@ var (
 
 // UserInfo is a structure representing information of a user.
 type UserInfo struct {
-	ID             types.ID  `bson:"_id"`
-	Username       string    `bson:"username"`
-	HashedPassword string    `bson:"hashed_password"`
-	CreatedAt      time.Time `bson:"created_at"`
+	// ID is the unique ID of the user.
+	ID types.ID `bson:"_id"`
+
+	// AuthProvider is the provider of the authentication. Valid values are
+	// "github" and empty string for local authentication.
+	AuthProvider string `bson:"auth_provider"`
+
+	// Username is the username of the user.
+	Username string `bson:"username"`
+
+	// HashedPassword is the hashed password of the user. It is empty if the
+	// user is authenticated by github.
+	HashedPassword string `bson:"hashed_password"`
+
+	// CreatedAt is the time when the user was created.
+	CreatedAt time.Time `bson:"created_at"`
+
+	// AccessedAt is the time when the user was last accessed.
+	AccessedAt time.Time `bson:"accessed_at"`
 }
 
 // NewUserInfo creates a new UserInfo of the given username.
@@ -55,6 +70,7 @@ func (i *UserInfo) DeepCopy() *UserInfo {
 
 	return &UserInfo{
 		ID:             i.ID,
+		AuthProvider:   i.AuthProvider,
 		Username:       i.Username,
 		HashedPassword: i.HashedPassword,
 		CreatedAt:      i.CreatedAt,
@@ -64,9 +80,10 @@ func (i *UserInfo) DeepCopy() *UserInfo {
 // ToUser converts the UserInfo to a User.
 func (i *UserInfo) ToUser() *types.User {
 	return &types.User{
-		ID:        i.ID,
-		Username:  i.Username,
-		CreatedAt: i.CreatedAt,
+		ID:           i.ID,
+		AuthProvider: i.AuthProvider,
+		Username:     i.Username,
+		CreatedAt:    i.CreatedAt,
 	}
 }
 
diff --git a/server/config.go b/server/config.go
diff --git a/server/rpc/auth/auth_handler.go b/server/rpc/auth/auth_handler.go
diff --git a/server/users/users.go b/server/users/users.go

Original file line number	Diff line number	Diff line change
`@@ -33,9 +33,10 @@ import (`
`33`	`33`	`// FromUser converts the given Protobuf formats to model format.`
`34`	`34`	`func FromUser(pbUser api.User) types.User {`
`35`	`35`	`return &types.User{`
`36`		`- ID: types.ID(pbUser.Id),`
`37`		`- Username: pbUser.Username,`
`38`		`- CreatedAt: pbUser.CreatedAt.AsTime(),`
	`36`	`+ ID: types.ID(pbUser.Id),`
	`37`	`+ AuthProvider: pbUser.AuthProvider,`
	`38`	`+ Username: pbUser.Username,`
	`39`	`+ CreatedAt: pbUser.CreatedAt.AsTime(),`
`39`	`40`	`}`
`40`	`41`	`}`
`41`	`42`
Original file line number	Diff line number	Diff line change
`@@ -36,9 +36,10 @@ import (`
`36`	`36`	`// ToUser converts the given model format to Protobuf format.`
`37`	`37`	`func ToUser(user types.User) api.User {`
`38`	`38`	`return &api.User{`
`39`		`- Id: user.ID.String(),`
`40`		`- Username: user.Username,`
`41`		`- CreatedAt: timestamppb.New(user.CreatedAt),`
	`39`	`+ Id: user.ID.String(),`
	`40`	`+ AuthProvider: user.AuthProvider,`
	`41`	`+ Username: user.Username,`
	`42`	`+ CreatedAt: timestamppb.New(user.CreatedAt),`
`42`	`43`	`}`
`43`	`44`	`}`
`44`	`45`