thread-master/apps/backend/internal/logic/auth/o_auth_start_logic.go

46 lines
1.4 KiB
Go

package auth
import (
"context"
"fmt"
"strings"
"apps/backend/internal/svc"
"apps/backend/internal/types"
"github.com/zeromicro/go-zero/core/logx"
)
type OAuthStartLogic struct {
logx.Logger
ctx context.Context
svcCtx *svc.ServiceContext
}
func NewOAuthStartLogic(ctx context.Context, svcCtx *svc.ServiceContext) *OAuthStartLogic {
return &OAuthStartLogic{Logger: logx.WithContext(ctx), ctx: ctx, svcCtx: svcCtx}
}
func (l *OAuthStartLogic) OAuthStart(req *types.AuthOAuthProviderPath) (resp *types.AuthOAuthStartData, err error) {
p := strings.ToLower(strings.TrimSpace(req.Provider))
if p == "" {
p = "google"
}
// The current API accepts a verified provider credential in callback; it
// does not yet expose a state-consuming browser callback, so returning a
// fabricated authorization URL would be an authentication bypass.
switch p {
case "google":
if strings.TrimSpace(l.svcCtx.Config.OAuth.GoogleClientID) == "" {
return nil, fmt.Errorf("google OAuth is not configured")
}
case "line":
if strings.TrimSpace(l.svcCtx.Config.OAuth.LineClientID) == "" || strings.TrimSpace(l.svcCtx.Config.OAuth.LineClientSecret) == "" {
return nil, fmt.Errorf("LINE OAuth is not configured")
}
default:
return nil, fmt.Errorf("unsupported OAuth provider: %s", p)
}
return nil, fmt.Errorf("interactive OAuth start is unavailable until Redis-backed state and PKCE callback are configured")
}