From 9ccf1381e85429250475dd35a0712a456a536bfd Mon Sep 17 00:00:00 2001
From: Martial BE <me@xiao5.info>
Date: Tue, 16 Apr 2024 13:03:05 +0800
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat:=20add=20Lark=20OAuth=20(#149)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common/constants.go                           |   3 +
 controller/lark.go                            | 267 ++++++++++++++++++
 controller/misc.go                            |   1 +
 model/option.go                               |   2 +
 model/user.go                                 |  13 +
 router/api-router.go                          |   1 +
 web/src/assets/images/icons/lark.svg          |   1 +
 web/src/hooks/useLogin.js                     |  24 +-
 web/src/routes/OtherRoutes.js                 |   5 +
 web/src/utils/common.js                       |   7 +
 .../views/Authentication/Auth/LarkOAuth.js    |  95 +++++++
 .../Authentication/AuthForms/AuthLogin.js     |  28 +-
 web/src/views/Profile/index.js                |  40 ++-
 .../views/Setting/component/SystemSetting.js  |  70 ++++-
 14 files changed, 550 insertions(+), 7 deletions(-)
 create mode 100644 controller/lark.go
 create mode 100644 web/src/assets/images/icons/lark.svg
 create mode 100644 web/src/views/Authentication/Auth/LarkOAuth.js

diff --git a/common/constants.go b/common/constants.go
index 192303b2..6d6c9ca7 100644
--- a/common/constants.go
+++ b/common/constants.go
@@ -70,6 +70,9 @@ var SMTPToken = ""
 var GitHubClientId = ""
 var GitHubClientSecret = ""
 
+var LarkClientId = ""
+var LarkClientSecret = ""
+
 var WeChatServerAddress = ""
 var WeChatServerToken = ""
 var WeChatAccountQRCodeImageURL = ""
diff --git a/controller/lark.go b/controller/lark.go
new file mode 100644
index 00000000..0a77fc2c
--- /dev/null
+++ b/controller/lark.go
@@ -0,0 +1,267 @@
+package controller
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"one-api/common"
+	"one-api/model"
+	"strconv"
+	"time"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+)
+
+type LarkAppAccessTokenResponse struct {
+	Code           int    `json:"code"`
+	Msg            string `json:"msg"`
+	AppAccessToken string `json:"app_access_token"`
+}
+
+type LarkUserAccessTokenResponse struct {
+	Code int    `json:"code"`
+	Msg  string `json:"msg"`
+	Data struct {
+		AccessToken string `json:"access_token"`
+	} `json:"data"`
+}
+
+type LarkUser struct {
+	Code int    `json:"code"`
+	Msg  string `json:"msg"`
+	Data struct {
+		OpenID string `json:"open_id"`
+		Name   string `json:"name"`
+	} `json:"data"`
+}
+
+func getLarkAppAccessToken() (string, error) {
+	values := map[string]string{
+		"app_id":     common.LarkClientId,
+		"app_secret": common.LarkClientSecret,
+	}
+	jsonData, err := json.Marshal(values)
+	if err != nil {
+		return "", err
+	}
+	req, err := http.NewRequest("POST", "https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal/", bytes.NewBuffer(jsonData))
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		common.SysLog(err.Error())
+		return "", errors.New("无法连接至飞书服务器，请稍后重试！")
+	}
+	defer res.Body.Close()
+	var appAccessTokenResponse LarkAppAccessTokenResponse
+	err = json.NewDecoder(res.Body).Decode(&appAccessTokenResponse)
+	if err != nil {
+		return "", err
+	}
+
+	if appAccessTokenResponse.Code != 0 {
+		return "", errors.New(appAccessTokenResponse.Msg)
+	}
+	return appAccessTokenResponse.AppAccessToken, nil
+
+}
+
+func getLarkUserAccessToken(code string) (string, error) {
+	appAccessToken, err := getLarkAppAccessToken()
+	if err != nil {
+		return "", err
+	}
+	values := map[string]string{
+		"grant_type": "authorization_code",
+		"code":       code,
+	}
+	jsonData, err := json.Marshal(values)
+	if err != nil {
+		return "", err
+	}
+	req, err := http.NewRequest("POST", "https://open.feishu.cn/open-apis/authen/v1/oidc/access_token", bytes.NewBuffer(jsonData))
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", appAccessToken))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		common.SysLog(err.Error())
+		return "", errors.New("无法连接至飞书服务器，请稍后重试！")
+	}
+	defer res.Body.Close()
+	var larkUserAccessTokenResponse LarkUserAccessTokenResponse
+	err = json.NewDecoder(res.Body).Decode(&larkUserAccessTokenResponse)
+	if err != nil {
+		return "", err
+	}
+	if larkUserAccessTokenResponse.Code != 0 {
+		return "", errors.New(larkUserAccessTokenResponse.Msg)
+	}
+	return larkUserAccessTokenResponse.Data.AccessToken, nil
+}
+
+func getLarkUserInfoByCode(code string) (*LarkUser, error) {
+	if code == "" {
+		return nil, errors.New("无效的参数")
+	}
+
+	userAccessToken, err := getLarkUserAccessToken(code)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("GET", "https://open.feishu.cn/open-apis/authen/v1/user_info", nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", userAccessToken))
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res2, err := client.Do(req)
+	if err != nil {
+		common.SysLog(err.Error())
+		return nil, errors.New("无法连接至飞书服务器，请稍后重试！")
+	}
+	var larkUser LarkUser
+	err = json.NewDecoder(res2.Body).Decode(&larkUser)
+	if err != nil {
+		return nil, err
+	}
+	fmt.Println("larkUser", larkUser)
+	return &larkUser, nil
+}
+
+func LarkOAuth(c *gin.Context) {
+	session := sessions.Default(c)
+	state := c.Query("state")
+	if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "state is empty or not same",
+		})
+		return
+	}
+	username := session.Get("username")
+	if username != nil {
+		LarkBind(c)
+		return
+	}
+	code := c.Query("code")
+	larkUser, err := getLarkUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		LarkId: larkUser.Data.OpenID,
+	}
+	if model.IsLarkIdAlreadyTaken(user.LarkId) {
+		err := user.FillUserByLarkId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	} else {
+		if common.RegisterEnabled {
+			user.Username = "lark_" + strconv.Itoa(model.GetMaxUserId()+1)
+			if larkUser.Data.Name != "" {
+				user.DisplayName = larkUser.Data.Name
+			} else {
+				user.DisplayName = "Lark User"
+			}
+			user.Role = common.RoleCommonUser
+			user.Status = common.UserStatusEnabled
+
+			if err := user.Insert(0); err != nil {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": err.Error(),
+				})
+				return
+			}
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员关闭了新用户注册",
+			})
+			return
+		}
+	}
+
+	if user.Status != common.UserStatusEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "用户已被封禁",
+			"success": false,
+		})
+		return
+	}
+	setupLogin(&user, c)
+}
+
+func LarkBind(c *gin.Context) {
+	code := c.Query("code")
+	larkUser, err := getLarkUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		LarkId: larkUser.Data.OpenID,
+	}
+	if model.IsLarkIdAlreadyTaken(user.LarkId) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "该飞书账户已被绑定",
+		})
+		return
+	}
+	session := sessions.Default(c)
+	id := session.Get("id")
+	user.Id = id.(int)
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.LarkId = larkUser.Data.OpenID
+	err = user.Update(false)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "bind",
+	})
+}
diff --git a/controller/misc.go b/controller/misc.go
index 1ad29e63..3c3af82e 100644
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -28,6 +28,7 @@ func GetStatus(c *gin.Context) {
 			"email_verification":  common.EmailVerificationEnabled,
 			"github_oauth":        common.GitHubOAuthEnabled,
 			"github_client_id":    common.GitHubClientId,
+			"lark_client_id":      common.LarkClientId,
 			"system_name":         common.SystemName,
 			"logo":                common.Logo,
 			"footer_html":         common.Footer,
diff --git a/model/option.go b/model/option.go
index fd5cb05f..8ce6166a 100644
--- a/model/option.go
+++ b/model/option.go
@@ -166,6 +166,8 @@ var optionStringMap = map[string]*string{
 	"TurnstileSecretKey":          &common.TurnstileSecretKey,
 	"TopUpLink":                   &common.TopUpLink,
 	"ChatLink":                    &common.ChatLink,
+	"LarkClientId":                &common.LarkClientId,
+	"LarkClientSecret":            &common.LarkClientSecret,
 }
 
 func updateOptionMap(key string, value string) (err error) {
diff --git a/model/user.go b/model/user.go
index 532e3fb5..d339e61f 100644
--- a/model/user.go
+++ b/model/user.go
@@ -22,6 +22,7 @@ type User struct {
 	GitHubId         string         `json:"github_id" gorm:"column:github_id;index"`
 	WeChatId         string         `json:"wechat_id" gorm:"column:wechat_id;index"`
 	TelegramId       int64          `json:"telegram_id" gorm:"bigint,column:telegram_id;default:0;"`
+	LarkId           string         `json:"lark_id" gorm:"column:lark_id;index"`
 	VerificationCode string         `json:"verification_code" gorm:"-:all"`                                    // this field is only for Email verification, don't save it to database!
 	AccessToken      string         `json:"access_token" gorm:"type:char(32);column:access_token;uniqueIndex"` // this token is for system management
 	Quota            int            `json:"quota" gorm:"type:int;default:0"`
@@ -248,6 +249,14 @@ func (user *User) FillUserByWeChatId() error {
 	return nil
 }
 
+func (user *User) FillUserByLarkId() error {
+	if user.LarkId == "" {
+		return errors.New("lark id 为空！")
+	}
+	DB.Where(User{LarkId: user.LarkId}).First(user)
+	return nil
+}
+
 func (user *User) FillUserByUsername() error {
 	if user.Username == "" {
 		return errors.New("username 为空！")
@@ -268,6 +277,10 @@ func IsGitHubIdAlreadyTaken(githubId string) bool {
 	return DB.Where("github_id = ?", githubId).Find(&User{}).RowsAffected == 1
 }
 
+func IsLarkIdAlreadyTaken(githubId string) bool {
+	return DB.Where("lark_id = ?", githubId).Find(&User{}).RowsAffected == 1
+}
+
 func IsTelegramIdAlreadyTaken(telegramId int64) bool {
 	return DB.Where("telegram_id = ?", telegramId).Find(&User{}).RowsAffected == 1
 }
diff --git a/router/api-router.go b/router/api-router.go
index 923048ef..1aaf7373 100644
--- a/router/api-router.go
+++ b/router/api-router.go
@@ -25,6 +25,7 @@ func SetApiRouter(router *gin.Engine) {
 		apiRouter.GET("/reset_password", middleware.CriticalRateLimit(), middleware.TurnstileCheck(), controller.SendPasswordResetEmail)
 		apiRouter.POST("/user/reset", middleware.CriticalRateLimit(), controller.ResetPassword)
 		apiRouter.GET("/oauth/github", middleware.CriticalRateLimit(), controller.GitHubOAuth)
+		apiRouter.GET("/oauth/lark", middleware.CriticalRateLimit(), controller.LarkOAuth)
 		apiRouter.GET("/oauth/state", middleware.CriticalRateLimit(), controller.GenerateOAuthCode)
 		apiRouter.GET("/oauth/wechat", middleware.CriticalRateLimit(), controller.WeChatAuth)
 		apiRouter.GET("/oauth/wechat/bind", middleware.CriticalRateLimit(), middleware.UserAuth(), controller.WeChatBind)
diff --git a/web/src/assets/images/icons/lark.svg b/web/src/assets/images/icons/lark.svg
new file mode 100644
index 00000000..239e1bef
--- /dev/null
+++ b/web/src/assets/images/icons/lark.svg
@@ -0,0 +1 @@
+<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg"><rect width="48" height="48" fill="white"/><path d="M25.9958 24.7255L26.084 24.6373C26.1481 24.5812 26.2042 24.5171 26.2603 24.461L26.3805 24.3407L26.7492 23.9801L27.2543 23.4831L27.6871 23.0583L28.0878 22.6575L28.5127 22.2407L28.8974 21.8559L29.4345 21.3189C29.5387 21.2227 29.6429 21.1185 29.7471 21.0223C29.9394 20.846 30.1479 20.6696 30.3482 20.5013C30.5406 20.349 30.733 20.2047 30.9334 20.0604C31.214 19.86 31.4945 19.6757 31.791 19.4993C32.0876 19.323 32.3842 19.1707 32.6808 19.0264C32.9693 18.8901 33.2579 18.7619 33.5545 18.6497C33.7228 18.5856 33.8912 18.5214 34.0514 18.4653L34.3079 18.3852C33.5625 15.4434 32.1918 12.6941 30.2921 10.3215C29.9234 9.86464 29.3703 9.6001 28.7852 9.6001H13.2671C13.1067 9.6001 12.9785 9.72832 12.9785 9.88864C12.9785 9.98482 13.0186 10.065 13.0987 10.1211C18.397 14.0247 22.7816 19.0104 25.9637 24.7575L25.9958 24.7255Z" fill="#00CEB1"/><path d="M19.8406 38.3843C27.5836 38.3843 34.7175 34.1921 38.4768 27.427C38.605 27.1946 38.7253 26.9621 38.8455 26.7296C38.6611 27.0743 38.4607 27.411 38.2363 27.7396C38.1562 27.8518 38.076 27.9641 37.9959 28.0682C37.8916 28.2045 37.7794 28.3328 37.6752 28.461C37.5871 28.5652 37.4989 28.6614 37.4027 28.7576C37.2184 28.95 37.018 29.1343 36.8176 29.3106C36.7054 29.4068 36.5931 29.503 36.4729 29.5912C36.3366 29.6954 36.1924 29.7996 36.0561 29.8958C35.9679 29.9599 35.8717 30.016 35.7835 30.0722C35.6954 30.1283 35.5912 30.1923 35.487 30.2405C35.2866 30.3527 35.0782 30.4569 34.8698 30.5531C34.6854 30.6332 34.5011 30.7134 34.3167 30.7775C34.1163 30.8496 33.9079 30.9218 33.6995 30.9779C33.3869 31.0661 33.0663 31.1302 32.7376 31.1863C32.5052 31.2264 32.2728 31.2504 32.0323 31.2665C31.7838 31.2825 31.5353 31.2905 31.2788 31.2825C30.9982 31.2745 30.7177 31.2584 30.4372 31.2264C30.2287 31.2023 30.0204 31.1703 29.812 31.1382C29.6276 31.1061 29.4513 31.0661 29.2669 31.026C29.1707 31.0019 29.0745 30.9779 28.9783 30.9539C28.7138 30.8817 28.4413 30.8096 28.1768 30.7294L27.784 30.6092C27.5836 30.5531 27.3913 30.4889 27.1909 30.4328C27.0306 30.3848 26.8702 30.3287 26.7099 30.2805C26.5576 30.2324 26.4054 30.1844 26.253 30.1283L25.9404 30.024L25.5637 29.8878L25.2992 29.7916C25.1229 29.7275 24.9465 29.6633 24.7702 29.5992L24.4656 29.487L24.0568 29.3267C23.9125 29.2706 23.7682 29.2145 23.6239 29.1584L23.3434 29.0462L22.9987 28.9019L22.7342 28.7897L22.4617 28.6694L22.2212 28.5652L22.0048 28.469L21.7884 28.3728L21.5639 28.2686L21.2754 28.1324L20.9788 27.9881L20.6582 27.8358L20.3856 27.6995C15.6324 25.3189 11.3361 22.1127 7.69699 18.2251C7.58473 18.1049 7.40041 18.1049 7.28815 18.2091C7.23205 18.2652 7.20001 18.3373 7.20001 18.4175L7.20805 32.1161V33.2303C7.20805 33.8795 7.52863 34.4807 8.06569 34.8414C11.5525 37.1579 15.6484 38.3923 19.8406 38.3843Z" fill="#3370FF"/><path d="M37.8772 27.4253L37.8691 27.4414L37.8772 27.4253L37.9493 27.2891C37.9252 27.3372 37.9012 27.3773 37.8772 27.4253Z" fill="#133C92"/><path d="M38.2137 26.8012L38.2297 26.7611L38.2377 26.7451L38.2137 26.8012Z" fill="#133C92"/><path d="M43.3814 19.0825C40.6802 17.76 37.5781 17.4714 34.6845 18.289C34.5642 18.321 34.444 18.3611 34.3238 18.3932L34.0673 18.4733C33.899 18.5295 33.7307 18.5935 33.5703 18.6577C33.2738 18.7699 32.9852 18.8982 32.6966 19.0344C32.392 19.1787 32.0955 19.339 31.8069 19.5073C31.5183 19.6756 31.2297 19.86 30.9492 20.0685C30.7488 20.2127 30.5565 20.357 30.3641 20.5093C30.1557 20.6776 29.9553 20.8459 29.7629 21.0303C29.6587 21.1265 29.5545 21.2227 29.4503 21.3269L28.9133 21.8639L28.5285 22.2487L28.1117 22.6655L27.7109 23.0662L27.2781 23.4911L26.7731 23.9881L26.4044 24.3487L26.2842 24.469C26.228 24.5251 26.1639 24.5892 26.1078 24.6453L26.0196 24.7335L25.8834 24.8617L25.7231 25.006C24.3925 26.2324 22.9016 27.2824 21.3065 28.1321L21.5951 28.2684L21.8195 28.3726L22.0439 28.4688L22.2603 28.5649L22.5008 28.6692L22.7733 28.7894L23.0378 28.9016L23.3825 29.0459L23.6631 29.1581C23.8073 29.2142 23.9516 29.2703 24.0959 29.3264L24.5047 29.4867L24.8093 29.599C24.9857 29.6631 25.162 29.7272 25.3383 29.7913L25.6028 29.8875L25.9796 30.0157L26.2922 30.12C26.4444 30.1761 26.5968 30.2242 26.7491 30.2722C26.9094 30.3283 27.0697 30.3765 27.23 30.4246C27.4224 30.4887 27.6228 30.5448 27.8231 30.6009L28.2159 30.7212C28.4804 30.8013 28.745 30.8734 29.0175 30.9456C29.1137 30.9696 29.2098 30.9937 29.306 31.0177C29.4904 31.0578 29.6667 31.0978 29.8511 31.1299C30.0595 31.17 30.2679 31.1941 30.4763 31.2181C30.7568 31.2502 31.0374 31.2662 31.3179 31.2742C31.5744 31.2742 31.8229 31.2742 32.0714 31.2582C32.3119 31.2421 32.5443 31.2181 32.7768 31.178C33.0974 31.1299 33.418 31.0578 33.7226 30.9776C33.931 30.9215 34.1394 30.8574 34.3398 30.7773C34.5242 30.7131 34.7085 30.633 34.8929 30.5528C35.1013 30.4566 35.3097 30.3524 35.5101 30.2402C35.6063 30.1841 35.7105 30.128 35.8067 30.0719C35.9028 30.0157 35.991 29.9596 36.0792 29.8955C36.2235 29.7993 36.3597 29.6952 36.496 29.5909C36.6162 29.5027 36.7284 29.4066 36.8407 29.3104C37.041 29.134 37.2414 28.9497 37.4258 28.7573C37.522 28.6611 37.6102 28.5649 37.6983 28.4607C37.8105 28.3325 37.9148 28.2042 38.019 28.068C38.0991 27.9638 38.1793 27.8515 38.2595 27.7393C38.4839 27.4187 38.6843 27.0901 38.8686 26.7374L39.077 26.3206L40.9527 22.5773V22.5853C41.5218 21.2868 42.3554 20.0925 43.3814 19.0825Z" fill="#133C92"/><path d="M37.9012 27.4346L37.8932 27.4506L37.9012 27.4346L37.9733 27.2983L37.9012 27.4346Z" fill="#133C92"/><path d="M38.2295 26.809L38.2455 26.7689L38.2536 26.7529C38.2536 26.7769 38.2375 26.793 38.2295 26.809Z" fill="#133C92"/></svg>
\ No newline at end of file
diff --git a/web/src/hooks/useLogin.js b/web/src/hooks/useLogin.js
index 53626577..39d8b407 100644
--- a/web/src/hooks/useLogin.js
+++ b/web/src/hooks/useLogin.js
@@ -48,6 +48,28 @@ const useLogin = () => {
     }
   };
 
+  const larkLogin = async (code, state) => {
+    try {
+      const res = await API.get(`/api/oauth/lark?code=${code}&state=${state}`);
+      const { success, message, data } = res.data;
+      if (success) {
+        if (message === 'bind') {
+          showSuccess('绑定成功！');
+          navigate('/panel');
+        } else {
+          dispatch({ type: LOGIN, payload: data });
+          localStorage.setItem('user', JSON.stringify(data));
+          showSuccess('登录成功！');
+          navigate('/panel');
+        }
+      }
+      return { success, message };
+    } catch (err) {
+      // 请求失败，设置错误信息
+      return { success: false, message: '' };
+    }
+  };
+
   const wechatLogin = async (code) => {
     try {
       const res = await API.get(`/api/oauth/wechat?code=${code}`);
@@ -72,7 +94,7 @@ const useLogin = () => {
     navigate('/');
   };
 
-  return { login, logout, githubLogin, wechatLogin };
+  return { login, logout, githubLogin, wechatLogin, larkLogin };
 };
 
 export default useLogin;
diff --git a/web/src/routes/OtherRoutes.js b/web/src/routes/OtherRoutes.js
index 7531d72d..479e9ad8 100644
--- a/web/src/routes/OtherRoutes.js
+++ b/web/src/routes/OtherRoutes.js
@@ -8,6 +8,7 @@ import MinimalLayout from 'layout/MinimalLayout';
 const AuthLogin = Loadable(lazy(() => import('views/Authentication/Auth/Login')));
 const AuthRegister = Loadable(lazy(() => import('views/Authentication/Auth/Register')));
 const GitHubOAuth = Loadable(lazy(() => import('views/Authentication/Auth/GitHubOAuth')));
+const LarkOAuth = Loadable(lazy(() => import('views/Authentication/Auth/LarkOAuth')));
 const ForgetPassword = Loadable(lazy(() => import('views/Authentication/Auth/ForgetPassword')));
 const ResetPassword = Loadable(lazy(() => import('views/Authentication/Auth/ResetPassword')));
 const Home = Loadable(lazy(() => import('views/Home')));
@@ -49,6 +50,10 @@ const OtherRoutes = {
       path: '/oauth/github',
       element: <GitHubOAuth />
     },
+    {
+      path: '/oauth/lark',
+      element: <LarkOAuth />
+    },
     {
       path: '/404',
       element: <NotFoundView />
diff --git a/web/src/utils/common.js b/web/src/utils/common.js
index 32059e94..b15a5a0e 100644
--- a/web/src/utils/common.js
+++ b/web/src/utils/common.js
@@ -106,6 +106,13 @@ export async function onGitHubOAuthClicked(github_client_id, openInNewTab = fals
   }
 }
 
+export async function onLarkOAuthClicked(lark_client_id) {
+  const state = await getOAuthState();
+  if (!state) return;
+  let redirect_uri = `${window.location.origin}/oauth/lark`;
+  window.open(`https://open.feishu.cn/open-apis/authen/v1/authorize?redirect_uri=${redirect_uri}&app_id=${lark_client_id}&state=${state}`);
+}
+
 export function isAdmin() {
   let user = localStorage.getItem('user');
   if (!user) return false;
diff --git a/web/src/views/Authentication/Auth/LarkOAuth.js b/web/src/views/Authentication/Auth/LarkOAuth.js
new file mode 100644
index 00000000..ac9b1d55
--- /dev/null
+++ b/web/src/views/Authentication/Auth/LarkOAuth.js
@@ -0,0 +1,95 @@
+import { Link, useNavigate, useSearchParams } from 'react-router-dom';
+import React, { useEffect, useState } from 'react';
+import { showError } from 'utils/common';
+import useLogin from 'hooks/useLogin';
+
+// material-ui
+import { useTheme } from '@mui/material/styles';
+import { Grid, Stack, Typography, useMediaQuery, CircularProgress } from '@mui/material';
+
+// project imports
+import AuthWrapper from '../AuthWrapper';
+import AuthCardWrapper from '../AuthCardWrapper';
+import Logo from 'ui-component/Logo';
+
+// assets
+
+// ================================|| AUTH3 - LOGIN ||================================ //
+
+const LarkOAuth = () => {
+  const theme = useTheme();
+  const matchDownSM = useMediaQuery(theme.breakpoints.down('md'));
+
+  const [searchParams] = useSearchParams();
+  const [prompt, setPrompt] = useState('处理中...');
+  const { larkLogin } = useLogin();
+
+  let navigate = useNavigate();
+
+  const sendCode = async (code, state, count) => {
+    const { success, message } = await larkLogin(code, state);
+    if (!success) {
+      if (message) {
+        showError(message);
+      }
+      if (count === 0) {
+        setPrompt(`操作失败，重定向至登录界面中...`);
+        await new Promise((resolve) => setTimeout(resolve, 2000));
+        navigate('/login');
+        return;
+      }
+      count++;
+      setPrompt(`出现错误，第 ${count} 次重试中...`);
+      await new Promise((resolve) => setTimeout(resolve, 2000));
+      await sendCode(code, state, count);
+    }
+  };
+
+  useEffect(() => {
+    let code = searchParams.get('code');
+    let state = searchParams.get('state');
+    sendCode(code, state, 0).then();
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, []);
+
+  return (
+    <AuthWrapper>
+      <Grid container direction="column" justifyContent="flex-end">
+        <Grid item xs={12}>
+          <Grid container justifyContent="center" alignItems="center" sx={{ minHeight: 'calc(100vh - 136px)' }}>
+            <Grid item sx={{ m: { xs: 1, sm: 3 }, mb: 0 }}>
+              <AuthCardWrapper>
+                <Grid container spacing={2} alignItems="center" justifyContent="center">
+                  <Grid item sx={{ mb: 3 }}>
+                    <Link to="#">
+                      <Logo />
+                    </Link>
+                  </Grid>
+                  <Grid item xs={12}>
+                    <Grid container direction={matchDownSM ? 'column-reverse' : 'row'} alignItems="center" justifyContent="center">
+                      <Grid item>
+                        <Stack alignItems="center" justifyContent="center" spacing={1}>
+                          <Typography color={theme.palette.primary.main} gutterBottom variant={matchDownSM ? 'h3' : 'h2'}>
+                            飞书 登录
+                          </Typography>
+                        </Stack>
+                      </Grid>
+                    </Grid>
+                  </Grid>
+                  <Grid item xs={12} container direction="column" justifyContent="center" alignItems="center" style={{ height: '200px' }}>
+                    <CircularProgress />
+                    <Typography variant="h3" paddingTop={'20px'}>
+                      {prompt}
+                    </Typography>
+                  </Grid>
+                </Grid>
+              </AuthCardWrapper>
+            </Grid>
+          </Grid>
+        </Grid>
+      </Grid>
+    </AuthWrapper>
+  );
+};
+
+export default LarkOAuth;
diff --git a/web/src/views/Authentication/AuthForms/AuthLogin.js b/web/src/views/Authentication/AuthForms/AuthLogin.js
index a03738df..81d9f6ff 100644
--- a/web/src/views/Authentication/AuthForms/AuthLogin.js
+++ b/web/src/views/Authentication/AuthForms/AuthLogin.js
@@ -35,7 +35,8 @@ import VisibilityOff from '@mui/icons-material/VisibilityOff';
 
 import Github from 'assets/images/icons/github.svg';
 import Wechat from 'assets/images/icons/wechat.svg';
-import { onGitHubOAuthClicked } from 'utils/common';
+import Lark from 'assets/images/icons/lark.svg';
+import { onGitHubOAuthClicked, onLarkOAuthClicked } from 'utils/common';
 
 // ============================|| FIREBASE - LOGIN ||============================ //
 
@@ -49,7 +50,7 @@ const LoginForm = ({ ...others }) => {
   // const [checked, setChecked] = useState(true);
 
   let tripartiteLogin = false;
-  if (siteInfo.github_oauth || siteInfo.wechat_login) {
+  if (siteInfo.github_oauth || siteInfo.wechat_login || siteInfo.lark_client_id) {
     tripartiteLogin = true;
   }
 
@@ -121,6 +122,29 @@ const LoginForm = ({ ...others }) => {
               <WechatModal open={openWechat} handleClose={handleWechatClose} wechatLogin={wechatLogin} qrCode={siteInfo.wechat_qrcode} />
             </Grid>
           )}
+          {siteInfo.lark_client_id && (
+            <Grid item xs={12}>
+              <AnimateButton>
+                <Button
+                  disableElevation
+                  fullWidth
+                  onClick={() => onLarkOAuthClicked(siteInfo.lark_client_id)}
+                  size="large"
+                  variant="outlined"
+                  sx={{
+                    color: 'grey.700',
+                    backgroundColor: theme.palette.grey[50],
+                    borderColor: theme.palette.grey[100]
+                  }}
+                >
+                  <Box sx={{ mr: { xs: 1, sm: 2, width: 20 }, display: 'flex', alignItems: 'center' }}>
+                    <img src={Lark} alt="Lark" width={25} height={25} style={{ marginRight: matchDownSM ? 8 : 16 }} />
+                  </Box>
+                  使用飞书登录
+                </Button>
+              </AnimateButton>
+            </Grid>
+          )}
           <Grid item xs={12}>
             <Box
               sx={{
diff --git a/web/src/views/Profile/index.js b/web/src/views/Profile/index.js
index 7192a980..25daff9e 100644
--- a/web/src/views/Profile/index.js
+++ b/web/src/views/Profile/index.js
@@ -1,17 +1,32 @@
 import { useState, useEffect } from 'react';
 import UserCard from 'ui-component/cards/UserCard';
-import { Card, Button, InputLabel, FormControl, OutlinedInput, Stack, Alert, Divider, Chip, Typography } from '@mui/material';
+import {
+  Card,
+  Button,
+  InputLabel,
+  FormControl,
+  OutlinedInput,
+  Stack,
+  Alert,
+  Divider,
+  Chip,
+  Typography,
+  SvgIcon,
+  useMediaQuery
+} from '@mui/material';
 import Grid from '@mui/material/Unstable_Grid2';
 import SubCard from 'ui-component/cards/SubCard';
 import { IconBrandWechat, IconBrandGithub, IconMail, IconBrandTelegram } from '@tabler/icons-react';
 import Label from 'ui-component/Label';
 import { API } from 'utils/api';
-import { showError, showSuccess, onGitHubOAuthClicked, copy, trims } from 'utils/common';
+import { showError, showSuccess, onGitHubOAuthClicked, copy, trims, onLarkOAuthClicked } from 'utils/common';
 import * as Yup from 'yup';
 import WechatModal from 'views/Authentication/AuthForms/WechatModal';
 import { useSelector } from 'react-redux';
 import EmailModal from './component/EmailModal';
 import Turnstile from 'react-turnstile';
+import { ReactComponent as Lark } from 'assets/images/icons/lark.svg';
+import { useTheme } from '@mui/material/styles';
 
 const validationSchema = Yup.object().shape({
   username: Yup.string().required('用户名 不能为空').min(3, '用户名 不能小于 3 个字符'),
@@ -29,6 +44,8 @@ export default function Profile() {
   const [openWechat, setOpenWechat] = useState(false);
   const [openEmail, setOpenEmail] = useState(false);
   const status = useSelector((state) => state.siteInfo);
+  const theme = useTheme();
+  const matchDownSM = useMediaQuery(theme.breakpoints.down('md'));
 
   const handleWechatOpen = () => {
     setOpenWechat(true);
@@ -120,7 +137,13 @@ export default function Profile() {
       <UserCard>
         <Card sx={{ paddingTop: '20px' }}>
           <Stack spacing={2}>
-            <Stack direction="row" alignItems="center" justifyContent="center" spacing={2} sx={{ paddingBottom: '20px' }}>
+            <Stack
+              direction={matchDownSM ? 'column' : 'row'}
+              alignItems="center"
+              justifyContent="center"
+              spacing={2}
+              sx={{ paddingBottom: '20px' }}
+            >
               <Label variant="ghost" color={inputs.wechat_id ? 'primary' : 'default'}>
                 <IconBrandWechat /> {inputs.wechat_id || '未绑定'}
               </Label>
@@ -133,6 +156,9 @@ export default function Profile() {
               <Label variant="ghost" color={inputs.telegram_id ? 'primary' : 'default'}>
                 <IconBrandTelegram /> {inputs.telegram_id || '未绑定'}
               </Label>
+              <Label variant="ghost" color={inputs.lark_id ? 'primary' : 'default'}>
+                <SvgIcon component={Lark} inheritViewBox="0 0 24 24" /> {inputs.lark_id || '未绑定'}
+              </Label>
             </Stack>
             <SubCard title="个人信息">
               <Grid container spacing={2}>
@@ -202,6 +228,14 @@ export default function Profile() {
                   </Grid>
                 )}
 
+                {status.lark_client_id && !inputs.lark_id && (
+                  <Grid xs={12} md={4}>
+                    <Button variant="contained" onClick={() => onLarkOAuthClicked(status.lark_client_id)}>
+                      绑定 飞书 账号
+                    </Button>
+                  </Grid>
+                )}
+
                 <Grid xs={12} md={4}>
                   <Button
                     variant="contained"
diff --git a/web/src/views/Setting/component/SystemSetting.js b/web/src/views/Setting/component/SystemSetting.js
index 948be6e2..e4cf906e 100644
--- a/web/src/views/Setting/component/SystemSetting.js
+++ b/web/src/views/Setting/component/SystemSetting.js
@@ -31,6 +31,8 @@ const SystemSetting = () => {
     GitHubOAuthEnabled: '',
     GitHubClientId: '',
     GitHubClientSecret: '',
+    LarkClientId: '',
+    LarkClientSecret: '',
     Notice: '',
     SMTPServer: '',
     SMTPPort: '',
@@ -144,7 +146,9 @@ const SystemSetting = () => {
       name === 'WeChatAccountQRCodeImageURL' ||
       name === 'TurnstileSiteKey' ||
       name === 'TurnstileSecretKey' ||
-      name === 'EmailDomainWhitelist'
+      name === 'EmailDomainWhitelist' ||
+      name === 'LarkClientId' ||
+      name === 'LarkClientSecret'
     ) {
       setInputs((inputs) => ({ ...inputs, [name]: value }));
     } else {
@@ -209,6 +213,15 @@ const SystemSetting = () => {
     }
   };
 
+  const submitLarkOAuth = async () => {
+    if (originInputs['LarkClientId'] !== inputs.LarkClientId) {
+      await updateOption('LarkClientId', inputs.LarkClientId);
+    }
+    if (originInputs['LarkClientSecret'] !== inputs.LarkClientSecret && inputs.LarkClientSecret !== '') {
+      await updateOption('LarkClientSecret', inputs.LarkClientSecret);
+    }
+  };
+
   return (
     <>
       <Stack spacing={2}>
@@ -545,6 +558,61 @@ const SystemSetting = () => {
             </Grid>
           </Grid>
         </SubCard>
+        <SubCard
+          title="配置飞书授权登录"
+          subTitle={
+            <span>
+              {' '}
+              用以支持通过飞书进行登录注册，
+              <a href="https://open.feishu.cn/app" target="_blank" rel="noreferrer">
+                点击此处
+              </a>
+              管理你的飞书应用
+            </span>
+          }
+        >
+          <Grid container spacing={{ xs: 3, sm: 2, md: 4 }}>
+            <Grid xs={12}>
+              <Alert severity="info" sx={{ wordWrap: 'break-word' }}>
+                主页链接填 <code>{inputs.ServerAddress}</code>
+                ，重定向 URL 填 <code>{`${inputs.ServerAddress}/oauth/lark`}</code>
+              </Alert>
+            </Grid>
+            <Grid xs={12} md={6}>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="LarkClientId">App ID</InputLabel>
+                <OutlinedInput
+                  id="LarkClientId"
+                  name="LarkClientId"
+                  value={inputs.LarkClientId || ''}
+                  onChange={handleInputChange}
+                  label="App ID"
+                  placeholder="输入 App ID"
+                  disabled={loading}
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={12} md={6}>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="LarkClientSecret">App Secret</InputLabel>
+                <OutlinedInput
+                  id="LarkClientSecret"
+                  name="LarkClientSecret"
+                  value={inputs.LarkClientSecret || ''}
+                  onChange={handleInputChange}
+                  label="App Secret"
+                  placeholder="敏感信息不会发送到前端显示"
+                  disabled={loading}
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={12}>
+              <Button variant="contained" onClick={submitLarkOAuth}>
+                保存飞书 OAuth 设置
+              </Button>
+            </Grid>
+          </Grid>
+        </SubCard>
         <SubCard
           title="配置 Turnstile"
           subTitle={