2026-07-10 12:54:45 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2026-07-13 08:59:13 +00:00
|
|
|
"fmt"
|
|
|
|
|
"strings"
|
2026-07-10 12:54:45 +00:00
|
|
|
|
|
|
|
|
"apps/backend/internal/svc"
|
|
|
|
|
"apps/backend/internal/types"
|
|
|
|
|
|
|
|
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OAuthStartLogic struct {
|
|
|
|
|
logx.Logger
|
|
|
|
|
ctx context.Context
|
|
|
|
|
svcCtx *svc.ServiceContext
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewOAuthStartLogic(ctx context.Context, svcCtx *svc.ServiceContext) *OAuthStartLogic {
|
|
|
|
|
return &OAuthStartLogic{Logger: logx.WithContext(ctx), ctx: ctx, svcCtx: svcCtx}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (l *OAuthStartLogic) OAuthStart(req *types.AuthOAuthProviderPath) (resp *types.AuthOAuthStartData, err error) {
|
2026-07-13 08:59:13 +00:00
|
|
|
p := strings.ToLower(strings.TrimSpace(req.Provider))
|
2026-07-10 12:54:45 +00:00
|
|
|
if p == "" {
|
|
|
|
|
p = "google"
|
|
|
|
|
}
|
2026-07-13 08:59:13 +00:00
|
|
|
// The current API accepts a verified provider credential in callback; it
|
|
|
|
|
// does not yet expose a state-consuming browser callback, so returning a
|
|
|
|
|
// fabricated authorization URL would be an authentication bypass.
|
|
|
|
|
switch p {
|
|
|
|
|
case "google":
|
|
|
|
|
if strings.TrimSpace(l.svcCtx.Config.OAuth.GoogleClientID) == "" {
|
|
|
|
|
return nil, fmt.Errorf("google OAuth is not configured")
|
|
|
|
|
}
|
|
|
|
|
case "line":
|
|
|
|
|
if strings.TrimSpace(l.svcCtx.Config.OAuth.LineClientID) == "" || strings.TrimSpace(l.svcCtx.Config.OAuth.LineClientSecret) == "" {
|
|
|
|
|
return nil, fmt.Errorf("LINE OAuth is not configured")
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
return nil, fmt.Errorf("unsupported OAuth provider: %s", p)
|
|
|
|
|
}
|
|
|
|
|
return nil, fmt.Errorf("interactive OAuth start is unavailable until Redis-backed state and PKCE callback are configured")
|
2026-07-10 12:54:45 +00:00
|
|
|
}
|