feat(auth): 实现多平台OAuth登录支持与令牌管理优化

新增Web、Android和Windows平台的OAuth回调处理
重构令牌管理逻辑支持Cookie存储与恢复
优化用户信息解析增加容错处理
添加IP地址检测与设备UUID标准化
分离不同平台的回调页面与配置

Author: LeafS825

lib/models/auth_token.dart

@@ -21,10 +21,17 @@ class AuthToken {
     final expiresAt = expiresIn > 0
         ? DateTime.now().add(Duration(seconds: expiresIn))
         : null;
+    final rawAccessToken = json['access_token'] as String;
+    final rawRefreshToken = json['refresh_token'] as String?;
+
+    final tokenParts = rawAccessToken.split('|');
+    final normalizedAccessToken = tokenParts.first;
+    final normalizedRefreshToken =
+        rawRefreshToken ?? (tokenParts.length > 1 ? tokenParts[1] : null);
 
     return AuthToken(
-      accessToken: json['access_token'] as String,
-      refreshToken: json['refresh_token'] as String?,
+      accessToken: normalizedAccessToken,
+      refreshToken: normalizedRefreshToken,
       tokenType: json['token_type'] as String? ?? 'Bearer',
       expiresIn: expiresIn,
       expiresAt: expiresAt,

lib/models/pending_auth_session.dart

@@ -1,20 +1,22 @@
 import 'dart:convert';
 
-enum PendingAuthTargetPlatform { web, android, desktop }
+enum PendingAuthTargetPlatform { web, android, windows }
 
 class PendingAuthSession {
   const PendingAuthSession({
     required this.state,
     required this.codeVerifier,
     required this.targetPlatform,
+    required this.redirectUri,
     required this.createdAt,
-    this.desktopPort,
+    this.loopbackPort,
   });
 
   final String state;
   final String codeVerifier;
   final PendingAuthTargetPlatform targetPlatform;
-  final int? desktopPort;
+  final String redirectUri;
+  final int? loopbackPort;
   final DateTime createdAt;
 
   bool get isExpired =>
@@ -25,7 +27,8 @@ class PendingAuthSession {
       'state': state,
       'code_verifier': codeVerifier,
       'target_platform': targetPlatform.name,
-      'desktop_port': desktopPort,
+      'redirect_uri': redirectUri,
+      'loopback_port': loopbackPort,
       'created_at': createdAt.toIso8601String(),
     };
   }
@@ -36,10 +39,9 @@ class PendingAuthSession {
     return PendingAuthSession(
       state: json['state'] as String,
       codeVerifier: json['code_verifier'] as String,
-      targetPlatform: PendingAuthTargetPlatform.values.firstWhere(
-        (value) => value.name == json['target_platform'],
-      ),
-      desktopPort: json['desktop_port'] as int?,
+      targetPlatform: _parseTargetPlatform(json['target_platform'] as String?),
+      redirectUri: (json['redirect_uri'] as String?) ?? '',
+      loopbackPort: (json['loopback_port'] ?? json['desktop_port']) as int?,
       createdAt: DateTime.parse(json['created_at'] as String),
     );
   }
@@ -49,4 +51,17 @@ class PendingAuthSession {
       jsonDecode(jsonString) as Map<String, dynamic>,
     );
   }
+
+  static PendingAuthTargetPlatform _parseTargetPlatform(String? value) {
+    if (value == PendingAuthTargetPlatform.web.name) {
+      return PendingAuthTargetPlatform.web;
+    }
+    if (value == PendingAuthTargetPlatform.android.name) {
+      return PendingAuthTargetPlatform.android;
+    }
+    if (value == PendingAuthTargetPlatform.windows.name || value == 'desktop') {
+      return PendingAuthTargetPlatform.windows;
+    }
+    return PendingAuthTargetPlatform.web;
+  }
 }

lib/models/user_info.dart

@@ -60,16 +60,18 @@ class UserInfo {
 
   factory UserInfo.fromJson(Map<String, dynamic> json) {
     return UserInfo(
-      userId: json['user_id'] as String,
-      email: json['email'] as String,
-      name: json['name'] as String,
+      userId: _stringValue(json['user_id']),
+      email: _stringValue(json['email']),
+      name: _stringValue(json['name'], fallback: '用户'),
       githubUsername: json['github_username'] as String?,
-      permission: json['permission'].toString(),
-      role: json['role'] as String,
+      permission: _stringValue(json['permission'], fallback: 'user'),
+      role: _stringValue(json['role'], fallback: '普通用户'),
       avatarUrl: json['avatar_url'] as String?,
       backgroundUrl: json['background_url'] as String?,
       bio: json['bio'] as String? ?? '',
-      tags: json['tags'] is List ? (json['tags'] as List<dynamic>).map((e) => e.toString()).toList() : [],
+      tags: json['tags'] is List
+          ? (json['tags'] as List<dynamic>).map((e) => e.toString()).toList()
+          : [],
       gender: json['gender'] as String? ?? 'secret',
       genderVisible: json['gender_visible'] as bool? ?? false,
       birthDate: json['birth_date'] as String?,
@@ -80,15 +82,32 @@ class UserInfo {
       locationVisible: json['location_visible'] as bool? ?? false,
       website: json['website'] as String?,
       emailVisible: json['email_visible'] as bool? ?? false,
-      developedPlatforms: (json['developed_platforms'] as List<dynamic>?)?.map((e) => e.toString()).toList() ?? [],
-      contributedPlatforms: (json['contributed_platforms'] as List<dynamic>?)?.map((e) => e.toString()).toList() ?? [],
+      developedPlatforms:
+          (json['developed_platforms'] as List<dynamic>?)
+              ?.map((e) => e.toString())
+              .toList() ??
+          [],
+      contributedPlatforms:
+          (json['contributed_platforms'] as List<dynamic>?)
+              ?.map((e) => e.toString())
+              .toList() ??
+          [],
       userType: json['user_type'] as String? ?? 'normal',
-      createdAt: json['created_at'] as String,
-      platformId: json['platform_id'] as String,
-      loginTime: json['login_time'] as String,
+      createdAt: _stringValue(json['created_at']),
+      platformId: _stringValue(json['platform_id']),
+      loginTime: _stringValue(json['login_time']),
     );
   }
 
+  static String _stringValue(Object? value, {String fallback = ''}) {
+    if (value == null) {
+      return fallback;
+    }
+
+    final text = value.toString();
+    return text.isEmpty ? fallback : text;
+  }
+
   Map<String, dynamic> toJson() {
     return {
       'user_id': userId,

lib/services/auth/auth_config.dart

@@ -19,6 +19,23 @@ class AuthConfig {
     defaultValue: 'https://secrandom-online.sectl.top/auth_callback',
   );
 
+  static const String authCallbackWebUrl = String.fromEnvironment(
+    'SECTL_AUTH_CALLBACK_WEB_URL',
+    defaultValue: 'https://secrandom-online.sectl.top/auth_callback_web.html',
+  );
+
+  static const String authCallbackAndroidUrl = String.fromEnvironment(
+    'SECTL_AUTH_CALLBACK_ANDROID_URL',
+    defaultValue:
+        'https://secrandom-online.sectl.top/auth_callback_android.html',
+  );
+
+  static const String authCallbackWindowsUrl = String.fromEnvironment(
+    'SECTL_AUTH_CALLBACK_WINDOWS_URL',
+    defaultValue:
+        'https://secrandom-online.sectl.top/auth_callback_windows.html',
+  );
+
   static const String webAppUrl = String.fromEnvironment(
     'SECTL_WEB_APP_URL',
     defaultValue: 'https://secrandom-online.sectl.top/',
@@ -35,15 +52,30 @@ class AuthConfig {
   static const String refreshEndpoint = '/api/oauth/refresh';
   static const String userInfoEndpoint = '/api/oauth/userinfo';
   static const String logoutEndpoint = '/api/oauth/logout';
+  static const String publicIpLookupUrl = String.fromEnvironment(
+    'SECTL_PUBLIC_IP_URL',
+    defaultValue: 'https://api64.ipify.org?format=json',
+  );
 
   static const String callbackScheme = 'secrandom';
   static const String callbackHost = 'auth';
   static const String callbackPath = '/callback';
 
   static const String loopbackHost = '127.0.0.1';
-  static const int loopbackPort = 8788;
+  static const int windowsLoopbackPort = int.fromEnvironment(
+    'SECTL_WINDOWS_LOOPBACK_PORT',
+    defaultValue: 8788,
+  );
+  static const int androidLoopbackPort = int.fromEnvironment(
+    'SECTL_ANDROID_LOOPBACK_PORT',
+    defaultValue: 8789,
+  );
   static const String loopbackPath = '/callback';
 
+  static const int webAuthCookieMaxAgeDays = 30;
+  static const String webCookieAuthSignalKey = 'oauth_cookie';
+  static const String webCookieAuthSignalValue = '1';
+
   static const String accessTokenKey = 'sectl_access_token';
   static const String refreshTokenKey = 'sectl_refresh_token';
   static const String tokenExpiresAtKey = 'sectl_token_expires_at';
@@ -60,6 +92,33 @@ class AuthConfig {
     return authCallbackBridgeUrl;
   }
 
+  static String get webOauthRedirectUri {
+    if (useMockAuth &&
+        authCallbackWebUrl ==
+            'https://secrandom-online.sectl.top/auth_callback_web.html') {
+      return '$mockAuthBaseUrl/auth_callback_web.html';
+    }
+    return authCallbackWebUrl;
+  }
+
+  static String get androidOauthRedirectUri {
+    if (useMockAuth &&
+        authCallbackAndroidUrl ==
+            'https://secrandom-online.sectl.top/auth_callback_android.html') {
+      return '$mockAuthBaseUrl/auth_callback_android.html';
+    }
+    return authCallbackAndroidUrl;
+  }
+
+  static String get windowsOauthRedirectUri {
+    if (useMockAuth &&
+        authCallbackWindowsUrl ==
+            'https://secrandom-online.sectl.top/auth_callback_windows.html') {
+      return '$mockAuthBaseUrl/auth_callback_windows.html';
+    }
+    return authCallbackWindowsUrl;
+  }
+
   static String get deepLinkCallbackUri =>
       '$callbackScheme://$callbackHost$callbackPath';
 

lib/services/auth/auth_web_security.dart

@@ -10,7 +10,7 @@ bool isTrustedWebPopupCallbackMessage({
   required Object? href,
   required String eventOrigin,
   required bool isFromExpectedPopupWindow,
-  String callbackBridgeUrl = AuthConfig.authCallbackBridgeUrl,
+  String callbackBridgeUrl = AuthConfig.authCallbackWebUrl,
   String webAppUrl = AuthConfig.webAppUrl,
 }) {
   if (messageType != 'sectl-auth-callback') {

lib/services/auth/client_ip.dart

@@ -0,0 +1 @@
+export 'client_ip_web.dart' if (dart.library.io) 'client_ip_io.dart';

lib/services/auth/client_ip_io.dart

@@ -0,0 +1,24 @@
+import 'dart:io';
+
+Future<String?> getLocalIpAddress() async {
+  try {
+    final interfaces = await NetworkInterface.list(
+      type: InternetAddressType.any,
+      includeLoopback: false,
+    );
+
+    for (final interface in interfaces) {
+      for (final address in interface.addresses) {
+        if (address.type == InternetAddressType.IPv4 &&
+            !address.isLoopback &&
+            address.address.isNotEmpty) {
+          return address.address;
+        }
+      }
+    }
+  } catch (_) {
+    // Fall back to caller defaults.
+  }
+
+  return '127.0.0.1';
+}

lib/services/auth/client_ip_web.dart

@@ -0,0 +1 @@
+Future<String?> getLocalIpAddress() async => null;