Add OAuth 2.0 authorization server to enable ChatGPT Web integration (#413)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com> Co-authored-by: samanhappy <samanhappy@gmail.com>
2026-01-01 04:08:52 -05:00 · 2025-11-21 13:25:02 +08:00
parent 1869f283ba
commit 449e6ea4fd
34 changed files with 4930 additions and 103 deletions
--- a/frontend/src/hooks/useSettingsData.ts
+++ b/frontend/src/hooks/useSettingsData.ts
@@ -34,6 +34,21 @@ interface MCPRouterConfig {
  baseUrl: string;
 }

+interface OAuthServerConfig {
+  enabled: boolean;
+  accessTokenLifetime: number;
+  refreshTokenLifetime: number;
+  authorizationCodeLifetime: number;
+  requireClientSecret: boolean;
+  allowedScopes: string[];
+  requireState: boolean;
+  dynamicRegistration: {
+    enabled: boolean;
+    allowedGrantTypes: string[];
+    requiresAuthentication: boolean;
+  };
+}
+
 interface SystemSettings {
  systemConfig?: {
    routing?: RoutingConfig;
@@ -41,6 +56,7 @@ interface SystemSettings {
    smartRouting?: SmartRoutingConfig;
    mcpRouter?: MCPRouterConfig;
    nameSeparator?: string;
+    oauthServer?: OAuthServerConfig;
    enableSessionRebuild?: boolean;
  };
 }
@@ -49,6 +65,21 @@ interface TempRoutingConfig {
  bearerAuthKey: string;
 }

+const getDefaultOAuthServerConfig = (): OAuthServerConfig => ({
+  enabled: true,
+  accessTokenLifetime: 3600,
+  refreshTokenLifetime: 1209600,
+  authorizationCodeLifetime: 300,
+  requireClientSecret: false,
+  allowedScopes: ['read', 'write'],
+  requireState: false,
+  dynamicRegistration: {
+    enabled: true,
+    allowedGrantTypes: ['authorization_code', 'refresh_token'],
+    requiresAuthentication: false,
+  },
+});
+
 export const useSettingsData = () => {
  const { t } = useTranslation();
  const { showToast } = useToast();
@@ -86,6 +117,10 @@ export const useSettingsData = () => {
    baseUrl: 'https://api.mcprouter.to/v1',
  });

+  const [oauthServerConfig, setOAuthServerConfig] = useState<OAuthServerConfig>(
+    getDefaultOAuthServerConfig(),
+  );
+
  const [nameSeparator, setNameSeparator] = useState<string>('-');
  const [enableSessionRebuild, setEnableSessionRebuild] = useState<boolean>(false);

@@ -140,6 +175,44 @@ export const useSettingsData = () => {
          baseUrl: data.data.systemConfig.mcpRouter.baseUrl || 'https://api.mcprouter.to/v1',
        });
      }
+      if (data.success) {
+        if (data.data?.systemConfig?.oauthServer) {
+          const oauth = data.data.systemConfig.oauthServer;
+          const defaultOauthConfig = getDefaultOAuthServerConfig();
+          const defaultDynamic = defaultOauthConfig.dynamicRegistration;
+          const allowedScopes = Array.isArray(oauth.allowedScopes)
+            ? [...oauth.allowedScopes]
+            : [...defaultOauthConfig.allowedScopes];
+          const dynamicAllowedGrantTypes = Array.isArray(
+            oauth.dynamicRegistration?.allowedGrantTypes,
+          )
+            ? [...oauth.dynamicRegistration!.allowedGrantTypes!]
+            : [...defaultDynamic.allowedGrantTypes];
+
+          setOAuthServerConfig({
+            enabled: oauth.enabled ?? defaultOauthConfig.enabled,
+            accessTokenLifetime:
+              oauth.accessTokenLifetime ?? defaultOauthConfig.accessTokenLifetime,
+            refreshTokenLifetime:
+              oauth.refreshTokenLifetime ?? defaultOauthConfig.refreshTokenLifetime,
+            authorizationCodeLifetime:
+              oauth.authorizationCodeLifetime ?? defaultOauthConfig.authorizationCodeLifetime,
+            requireClientSecret:
+              oauth.requireClientSecret ?? defaultOauthConfig.requireClientSecret,
+            requireState: oauth.requireState ?? defaultOauthConfig.requireState,
+            allowedScopes,
+            dynamicRegistration: {
+              enabled: oauth.dynamicRegistration?.enabled ?? defaultDynamic.enabled,
+              allowedGrantTypes: dynamicAllowedGrantTypes,
+              requiresAuthentication:
+                oauth.dynamicRegistration?.requiresAuthentication ??
+                defaultDynamic.requiresAuthentication,
+            },
+          });
+        } else {
+          setOAuthServerConfig(getDefaultOAuthServerConfig());
+        }
+      }
      if (data.success && data.data?.systemConfig?.nameSeparator !== undefined) {
        setNameSeparator(data.data.systemConfig.nameSeparator);
      }
@@ -395,6 +468,77 @@ export const useSettingsData = () => {
    }
  };

+  // Update OAuth server configuration
+  const updateOAuthServerConfig = async <T extends keyof OAuthServerConfig>(
+    key: T,
+    value: OAuthServerConfig[T],
+  ) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        oauthServer: {
+          [key]: value,
+        },
+      });
+
+      if (data.success) {
+        setOAuthServerConfig((prev) => ({
+          ...prev,
+          [key]: value,
+        }));
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update OAuth server config:', error);
+      const errorMessage =
+        error instanceof Error ? error.message : 'Failed to update OAuth server config';
+      setError(errorMessage);
+      showToast(errorMessage);
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Update multiple OAuth server config fields
+  const updateOAuthServerConfigBatch = async (updates: Partial<OAuthServerConfig>) => {
+    setLoading(true);
+    setError(null);
+
+    try {
+      const data = await apiPut('/system-config', {
+        oauthServer: updates,
+      });
+
+      if (data.success) {
+        setOAuthServerConfig((prev) => ({
+          ...prev,
+          ...updates,
+        }));
+        showToast(t('settings.systemConfigUpdated'));
+        return true;
+      } else {
+        showToast(data.message || t('errors.failedToUpdateSystemConfig'));
+        return false;
+      }
+    } catch (error) {
+      console.error('Failed to update OAuth server config:', error);
+      const errorMessage =
+        error instanceof Error ? error.message : 'Failed to update OAuth server config';
+      setError(errorMessage);
+      showToast(errorMessage);
+      return false;
+    } finally {
+      setLoading(false);
+    }
+  };
+
  // Update name separator
  const updateNameSeparator = async (value: string) => {
    setLoading(true);
@@ -490,6 +634,7 @@ export const useSettingsData = () => {
    installConfig,
    smartRoutingConfig,
    mcpRouterConfig,
+    oauthServerConfig,
    nameSeparator,
    enableSessionRebuild,
    loading,
@@ -504,6 +649,8 @@ export const useSettingsData = () => {
    updateRoutingConfigBatch,
    updateMCPRouterConfig,
    updateMCPRouterConfigBatch,
+    updateOAuthServerConfig,
+    updateOAuthServerConfigBatch,
    updateNameSeparator,
    updateSessionRebuild,
    exportMCPSettings,