template-monorepo/internal/logic/auth/login_logic.go

package auth

import (
	"context"
	"strings"

	"gateway/internal/svc"
	"gateway/internal/types"

	"github.com/zeromicro/go-zero/core/logx"
)

type LoginLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *LoginLogic {
	return &LoginLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

func (l *LoginLogic) Login(req *types.LoginReq) (*types.AuthTokenData, error) {
	if err := requireLoginDeps(l.svcCtx); err != nil {
		return nil, err
	}

	tenant, err := resolveTenant(l.ctx, l.svcCtx, req.TenantSlug)
	if err != nil {
		return nil, err
	}

	email := normalizeLoginEmail(req.Email)
	tok, err := l.svcCtx.Zitadel.VerifyPassword(l.ctx, email, req.Password)
	if err != nil {
		return nil, wrapZitadelErr(err)
	}

	identity, err := zitadelIdentityFromToken(l.ctx, l.svcCtx.Zitadel, tok)
	if err != nil {
		return nil, err
	}

	member, err := memberForLogin(l.ctx, l.svcCtx, tenant.TenantID, identity.Sub)
	if err != nil {
		return nil, err
	}
	if identity.Email != "" && !strings.EqualFold(strings.TrimSpace(member.ZitadelEmail), identity.Email) {
		// Prefer ZITADEL subject match; email mismatch is logged but does not block login.
		logx.WithContext(l.ctx).Infof("login: zitadel email mismatch for uid=%s", member.UID)
	}

	return issueAuthToken(l.ctx, l.svcCtx, tenant.TenantID, member.UID)
}
feat(auth): add unified registration/login module with Zitadel + lint cleanup - Introduce auth module: handlers, logic, domain/repository/usecase, JWT middleware, and Zitadel OIDC client (password + authorization code + userinfo + JWKS verification) - Wire member rate-limit, structured errors, and refactored member/ notification usecases (introduce shared errors, drop repo_errors.go) - Bring the codebase to zero golangci-lint issues: * goimports formatting * errcheck on io.ReadAll/Unlock cleanup paths * contextcheck: HandlerContext now takes (ctx, http.Request) gocritic: rename shadowed `max`, use http.NoBody * goconst: extract test fixtures and bsonOpSet * testifylint: switch to assert inside httptest handlers Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 06:45:35 +00:00			`package auth`

			`import (`
			`"context"`
			`"strings"`

			`"gateway/internal/svc"`
			`"gateway/internal/types"`

			`"github.com/zeromicro/go-zero/core/logx"`
			`)`

			`type LoginLogic struct {`
			`logx.Logger`
			`ctx context.Context`
			`svcCtx *svc.ServiceContext`
			`}`

			`func NewLoginLogic(ctx context.Context, svcCtx svc.ServiceContext) LoginLogic {`
			`return &LoginLogic{`
			`Logger: logx.WithContext(ctx),`
			`ctx: ctx,`
			`svcCtx: svcCtx,`
			`}`
			`}`

			`func (l LoginLogic) Login(req types.LoginReq) (*types.AuthTokenData, error) {`
			`if err := requireLoginDeps(l.svcCtx); err != nil {`
			`return nil, err`
			`}`

			`tenant, err := resolveTenant(l.ctx, l.svcCtx, req.TenantSlug)`
			`if err != nil {`
			`return nil, err`
			`}`

			`email := normalizeLoginEmail(req.Email)`
			`tok, err := l.svcCtx.Zitadel.VerifyPassword(l.ctx, email, req.Password)`
			`if err != nil {`
			`return nil, wrapZitadelErr(err)`
			`}`

			`identity, err := zitadelIdentityFromToken(l.ctx, l.svcCtx.Zitadel, tok)`
			`if err != nil {`
			`return nil, err`
			`}`

			`member, err := memberForLogin(l.ctx, l.svcCtx, tenant.TenantID, identity.Sub)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if identity.Email != "" && !strings.EqualFold(strings.TrimSpace(member.ZitadelEmail), identity.Email) {`
			`// Prefer ZITADEL subject match; email mismatch is logged but does not block login.`
			`logx.WithContext(l.ctx).Infof("login: zitadel email mismatch for uid=%s", member.UID)`
			`}`

			`return issueAuthToken(l.ctx, l.svcCtx, tenant.TenantID, member.UID)`
			`}`