feat: 增加彩虹聚合登录功能，优化动态配置和回调处理

Author: Licoy

inc/ajax/page-oauth-login.php

@@ -15,7 +15,7 @@ function pk_oauth_quick_buttons($echo = false, $redirect = '')
     $oauth_list = pk_oauth_list();
     $out = "<div class='d-flex justify-content-center wh100 flex-wrap'>";
     foreach ($oauth_list as $key => $val) {
-        if (!isset($val['system']) || !$val['system'] || pk_is_checked('oauth_' . $key)) {
+        if (!isset($val['system']) || !$val['system'] || pk_oauth_is_enabled($key, $val)) {
             $url = $val['url'] ?? pk_oauth_url_page_ajax($key, $redirect);
             $icon = isset($val['icon']) ? str_starts_with($val['icon'], 'http') ? "<img src='{$val['icon']}' width='15' class='mr-1' alt='{$val['label']}'/>":"<i class='{$val['icon']} mr-1'></i>" : '';
             $color_type = $val['color_type'] ?? 'primary';

inc/classes/PuockUserCenter.php

@@ -141,7 +141,7 @@ public static function page_oauth()
 
         $enabled_oauth_list = [];
         foreach ($oauth_list as $item_key => $item_val) {
-            if (!pk_is_checked('oauth_' . $item_key)) {
+            if (!pk_oauth_is_enabled($item_key, $item_val)) {
                 continue;
             }
             $enabled_oauth_list[$item_key] = $item_val;
@@ -155,45 +155,62 @@ public static function page_oauth()
                     <?php _e('站点暂未开启任何第三方登录/绑定方式', PUOCK); ?>
                 </div>
             <?php else: ?>
-                <div class="table-responsive">
-                    <table class="table table-sm align-middle">
-                        <thead>
-                        <tr>
-                            <th><?php _e('平台', PUOCK); ?></th>
-                            <th><?php _e('状态', PUOCK); ?></th>
-                            <th class="text-end"><?php _e('操作', PUOCK); ?></th>
-                        </tr>
-                        </thead>
-                        <tbody>
-                        <?php foreach ($enabled_oauth_list as $item_key => $item_val): ?>
-                            <tr>
-                                <td><?php echo esc_html($item_val['label'] ?? $item_key); ?></td>
-                                <td>
-                                    <?php if (empty($item_val['openid'])): ?>
-                                        <span class="badge bg-secondary"><?php _e('未绑定', PUOCK); ?></span>
-                                    <?php else: ?>
-                                        <span class="badge bg-success"><?php _e('已绑定', PUOCK); ?></span>
-                                    <?php endif; ?>
-                                </td>
-                                <td class="text-end">
-                                    <?php if (empty($item_val['openid'])): ?>
-                                        <a class="btn btn-sm btn-outline-primary"
-                                           target="_blank"
-                                           href="<?php echo esc_url(pk_oauth_url_page_ajax($item_key, $redirect)); ?>">
-                                            <?php _e('立即绑定', PUOCK); ?>
-                                        </a>
-                                    <?php else: ?>
-                                        <a class="btn btn-sm btn-outline-danger"
-                                           href="<?php echo esc_url(pk_oauth_clear_bind_url2($item_key, $redirect)); ?>"
-                                           onclick="return confirm('<?php echo esc_js(__('确认解除绑定吗？', PUOCK)); ?>')">
-                                            <?php _e('解除绑定', PUOCK); ?>
-                                        </a>
-                                    <?php endif; ?>
-                                </td>
-                            </tr>
-                        <?php endforeach; ?>
-                        </tbody>
-                    </table>
+                <div class="d-flex flex-column gap-2 w-100">
+                    <?php foreach ($enabled_oauth_list as $item_key => $item_val):
+                        $bind_url = pk_oauth_url_page_ajax($item_key, $redirect);
+                        $unbind_url = pk_oauth_clear_bind_url2($item_key, $redirect);
+
+                        $is_bound = !empty($item_val['openid']);
+                        $label = (string)($item_val['label'] ?? $item_key);
+                        $color_type = (string)($item_val['color_type'] ?? 'primary');
+                        $icon = isset($item_val['icon']) ? (string)$item_val['icon'] : '';
+                        ?>
+                        <div class="pk-border-1 rounded px-3 py-2 d-flex align-items-center justify-content-between flex-wrap gap-3 w-100">
+                            <div class="d-flex align-items-center gap-2 flex-wrap">
+                                <?php if ($icon && (strpos($icon, 'http://') === 0 || strpos($icon, 'https://') === 0 || strpos($icon, '//') === 0)) : ?>
+                                    <img
+                                        src="<?php echo esc_url($icon); ?>"
+                                        alt="<?php echo esc_attr($label); ?>"
+                                        width="22"
+                                        height="22"
+                                        class="rounded-circle flex-shrink-0"
+                                    />
+                                <?php elseif ($icon) : ?>
+                                    <i class="<?php echo esc_attr($icon); ?> text-<?php echo esc_attr($color_type); ?> fs-5"></i>
+                                <?php endif; ?>
+
+                                <div class="fw-semibold lh-sm">
+                                    <?php echo esc_html($label); ?>
+                                </div>
+
+                                <?php if ($is_bound) : ?>
+                                    <span class="badge bg-success"><?php _e('已绑定', PUOCK); ?></span>
+                                <?php else : ?>
+                                    <span class="badge bg-secondary"><?php _e('未绑定', PUOCK); ?></span>
+                                <?php endif; ?>
+                            </div>
+
+                            <div class="d-flex align-items-center justify-content-end">
+                                <?php if ($is_bound) : ?>
+                                    <a
+                                        href="<?php echo esc_url($unbind_url); ?>"
+                                        class="btn btn-sm btn-outline-danger px-2 py-0"
+                                        onclick="return confirm('<?php echo esc_js(__('确认解除绑定吗？', PUOCK)); ?>');"
+                                    >
+                                        <?php _e('解除绑定', PUOCK); ?>
+                                    </a>
+                                <?php else : ?>
+                                    <a
+                                        href="<?php echo esc_url($bind_url); ?>"
+                                        class="btn btn-sm btn-outline-<?php echo esc_attr($color_type); ?> px-2 py-0"
+                                        target="_blank"
+                                    >
+                                        <?php _e('立即绑定', PUOCK); ?>
+                                    </a>
+                                <?php endif; ?>
+                            </div>
+                        </div>
+                    <?php endforeach; ?>
                 </div>
                 <div class="c-sub fs12">
                     <?php _e('绑定成功后，可使用第三方账号直接登录。', PUOCK); ?>

inc/oauth/RainbowOAuth.php

@@ -0,0 +1,188 @@
+<?php
+
+namespace Puock\Theme\oauth;
+
+use InvalidArgumentException;
+
+class RainbowOAuth
+{
+    public $appid;
+
+    public $appSecret;
+
+    public $callbackUrl;
+
+    public $state;
+
+    public $result = [];
+
+    public $accessToken;
+
+    public $openid;
+
+
+    public function __construct($appid = null, $appSecret = null, $callbackUrl = null)
+    {
+        $this->appid = trim((string)($appid ?? ''));
+        $this->appSecret = trim((string)($appSecret ?? ''));
+        $this->callbackUrl = trim((string)($callbackUrl ?? ''));
+    }
+
+    public function getAuthUrl($callbackUrl = null, $state = null, $scope = null)
+    {
+        $this->state = $state ?: md5(uniqid('', true));
+
+        $redirectUri = $callbackUrl ?: $this->callbackUrl;
+        if (empty($redirectUri))
+        {
+            throw new InvalidArgumentException('callbackUrl 不能为空');
+        }
+
+        // Append state for CSRF validation
+        $redirectUriWithState = add_query_arg('state', $this->state, $redirectUri);
+
+        $socialType = $this->getSocialType();
+
+        $data = $this->request([
+            'act' => 'login',
+            'appid' => $this->appid,
+            'appkey' => $this->appSecret,
+            'type' => $socialType,
+            'redirect_uri' => $redirectUriWithState,
+        ]);
+
+        $url = (string)($data['url'] ?? '');
+        if (empty($url))
+        {
+            throw new InvalidArgumentException('彩虹聚合登录返回的跳转地址为空');
+        }
+
+        return $url;
+    }
+
+    public function getAccessToken($storeState = '', $code = null, $state = null)
+    {
+        $state = $state ?? ($_GET['state'] ?? '');
+        if ((string)$storeState !== (string)$state)
+        {
+            throw new InvalidArgumentException('state验证失败');
+        }
+
+        $code = $code ?? ($_GET['code'] ?? '');
+        if (empty($code))
+        {
+            throw new InvalidArgumentException('缺少回调参数 code');
+        }
+
+        $socialType = $this->getSocialType();
+
+        $data = $this->request([
+            'act' => 'callback',
+            'appid' => $this->appid,
+            'appkey' => $this->appSecret,
+            'type' => $socialType,
+            'code' => $code,
+        ]);
+
+        $this->result = $data;
+        $this->accessToken = (string)($data['access_token'] ?? '');
+        $this->openid = (string)($data['social_uid'] ?? '');
+
+        if (empty($this->openid))
+        {
+            throw new InvalidArgumentException('彩虹聚合登录返回 social_uid 为空');
+        }
+
+        return $this->accessToken;
+    }
+
+    public function getUserInfo($accessToken = null)
+    {
+        if (!empty($this->result))
+        {
+            return $this->result;
+        }
+
+        if (empty($this->openid))
+        {
+            throw new InvalidArgumentException('openid 为空，无法查询用户信息');
+        }
+
+        $socialType = $this->getSocialType();
+
+        $data = $this->request([
+            'act' => 'query',
+            'appid' => $this->appid,
+            'appkey' => $this->appSecret,
+            'type' => $socialType,
+            'social_uid' => $this->openid,
+        ]);
+
+        $this->result = $data;
+        return $this->result;
+    }
+
+    private function getSocialType(): string
+    {
+        $allow = ['qq', 'wx', 'alipay', 'sina', 'baidu', 'huawei', 'xiaomi', 'douyin', 'bilibili', 'dingtalk'];
+
+        $providerType = sanitize_key($_GET['type'] ?? '');
+        if (in_array($providerType, $allow, true)) {
+            return $providerType;
+        }
+
+        if (str_starts_with($providerType, 'ccy_'))
+        {
+            $t = substr($providerType, strlen('ccy_'));
+            if (in_array($t, $allow, true))
+            {
+                return $t;
+            }
+        }
+
+        return 'qq';
+    }
+
+    private function request(array $query): array
+    {
+        if (empty($this->appid) || empty($this->appSecret))
+        {
+            throw new InvalidArgumentException('彩虹聚合登录 AppID/AppKey 未配置');
+        }
+
+        $apiBase = (string)(\pk_get_option('oauth_ccy_api') ?: 'https://u.cccyun.cc');
+        $apiBase = rtrim($apiBase, '/');
+        if (!str_starts_with($apiBase, 'http://') && !str_starts_with($apiBase, 'https://')) {
+            throw new InvalidArgumentException('接口地址格式不正确');
+        }
+
+        $apiUrl = $apiBase . '/connect.php';
+        $url = add_query_arg($query, $apiUrl);
+
+        $resp = wp_remote_get($url, [
+            'timeout' => 15,
+            'redirection' => 0,
+        ]);
+
+        if (is_wp_error($resp))
+        {
+            throw new InvalidArgumentException('请求彩虹聚合登录失败：' . $resp->get_error_message());
+        }
+
+        $body = wp_remote_retrieve_body($resp);
+        $data = json_decode($body, true);
+        if (!is_array($data))
+        {
+            throw new InvalidArgumentException('彩虹聚合登录返回数据解析失败');
+        }
+
+        $code = (int)($data['code'] ?? -1);
+        if ($code !== 0)
+        {
+            $msg = (string)($data['msg'] ?? '请求失败');
+            throw new InvalidArgumentException($msg);
+        }
+
+        return $data;
+    }
+}

inc/oauth/callback/ccy.php

@@ -0,0 +1,12 @@
+<?php
+
+require_once dirname(__DIR__) . '/../../../../../wp-load.php';
+
+$type = sanitize_key($_GET['pk_type'] ?? '');
+$redirect = $_GET['redirect'] ?? '';
+if (empty($redirect)) {
+    $redirect = home_url('/');
+}
+
+pk_oauth_callback_execute($type, $redirect);
+wp_die();

inc/oauth/callback/rainbow.php

@@ -0,0 +1,12 @@
+<?php
+
+require_once dirname(__DIR__) . '/../../../../../wp-load.php';
+
+$type = sanitize_key($_GET['pk_type'] ?? '');
+$redirect = $_GET['redirect'] ?? '';
+if (empty($redirect)) {
+    $redirect = home_url('/');
+}
+
+pk_oauth_callback_execute($type, $redirect);
+wp_die();