Skip to content

sqkkyzx/FeiniuDingtalkAuth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

使用钉钉免密码登录飞牛

准备工作:

  1. 创建钉钉开放平台账号,创建一个应用,获取 agent_id, client_idclient_secret
    • 配置网页应用、安全设置的重定向URL、端内免登录地址。地址应当和环境变量的 BASE_URL 一致。
    • 权限管理中授权以下权限点:
      • open_app_api_base
      • qyapi_get_omp_sso_userinfo
      • qyapi_get_member
      • qyapi_hrm_read_user
      • Contact.User.Read
  2. 将飞牛使用 nginx 反向代理,并添加以下 location 配置:
    location / {
        set $auth_redirect /auth/dingtalk/login;
        if ($request_uri ~* ^/p) {
            set $auth_redirect /auth/dingtalk/login?custom_redirect_uri=https://$http_host$request_uri;
        }
        if ($http_cookie !~* "fnos-long-token=") {   
            return 302 $auth_redirect;  
        }
        proxy_http_version 1.1;  
        proxy_set_header Upgrade $http_upgrade;  
        proxy_set_header Connection $connection_upgrade;  
        add_header X-Served-By $http_host;  
        proxy_set_header Host $http_host;  
        proxy_set_header X-Forwarded-Scheme https;  
        proxy_set_header X-Forwarded-Proto https;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_set_header X-Real-IP $remote_addr;  
        proxy_pass http://<你的飞牛NAS的IP地址>:5666;  
    }
    location /v {
        if ($http_cookie !~* "Trim-MC-token=") {   
            return 302 /v/auth/dingtalk/login;  
        }
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        add_header X-Served-By $http_host;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Scheme https;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://<你的飞牛NAS的IP地址>:5666/v;
    }
    # 阻止用户更改密码
    location /v/api/v1/user/passwd {
        return 302 /v;
    }
    location ~ ^/(v/)?auth/dingtalk/login {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        add_header X-Served-By $http_host;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Scheme https;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://fn-dingtalk-auth:8080;
    }
    
  3. 启动容器和 nginx 服务。
  4. 在钉钉 智能人事 - 花名册 中,添加飞牛nas用户和飞牛nas密码两个字段,分别配置字段id到环境变量 USER_FIELD_CODEPWD_FIELD_CODE
  5. 启动容器和nginx代理。

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors