digimon
/
template-monorepo
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
template-monorepo/internal/logic/auth/register_logic.go

157 lines
5.0 KiB
Go
Raw Normal View History

feat(auth): add unified registration/login module with Zitadel + lint cleanup - Introduce auth module: handlers, logic, domain/repository/usecase, JWT middleware, and Zitadel OIDC client (password + authorization code + userinfo + JWKS verification) - Wire member rate-limit, structured errors, and refactored member/ notification usecases (introduce shared errors, drop repo_errors.go) - Bring the codebase to zero golangci-lint issues: * goimports formatting * errcheck on io.ReadAll/Unlock cleanup paths * contextcheck: HandlerContext now takes (ctx, *http.Request) * gocritic: rename shadowed `max`, use http.NoBody * goconst: extract test fixtures and bsonOpSet * testifylint: switch to assert inside httptest handlers Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 06:45:35 +00:00
package auth
import (
"context"
"strings"
"time"
"gateway/internal/library/zitadel"
authmetaenum "gateway/internal/model/auth/domain/enum"
domauth "gateway/internal/model/auth/domain/usecase"
memberdom "gateway/internal/model/member/domain"
dommember "gateway/internal/model/member/domain/usecase"
notifenum "gateway/internal/model/notification/domain/enum"
notifuc "gateway/internal/model/notification/domain/usecase"
"gateway/internal/svc"
"gateway/internal/types"
"github.com/zeromicro/go-zero/core/logx"
)
type RegisterLogic struct {
logx.Logger
ctx context.Context
svcCtx *svc.ServiceContext
}
func NewRegisterLogic(ctx context.Context, svcCtx *svc.ServiceContext) *RegisterLogic {
return &RegisterLogic{
Logger: logx.WithContext(ctx),
ctx: ctx,
svcCtx: svcCtx,
}
}
func (l *RegisterLogic) Register(req *types.RegisterReq) (*types.RegisterData, error) {
if err := requireRegistrationDeps(l.svcCtx); err != nil {
return nil, err
}
tenant, err := resolveTenant(l.ctx, l.svcCtx, req.TenantSlug)
if err != nil {
return nil, err
}
regCfg := l.svcCtx.Config.Member.Defaults().Registration
var inviteCodeID string
if regCfg.RequireInviteCode {
if l.svcCtx.AuthInvite == nil {
return nil, errb.SysNotImplemented("invite validation not configured")
}
consumed, err := l.svcCtx.AuthInvite.Consume(l.ctx, &domauth.ConsumeInviteRequest{
TenantID: tenant.TenantID,
Code: req.InviteCode,
})
if err != nil {
return nil, err
}
inviteCodeID = consumed.ID
}
email := strings.TrimSpace(strings.ToLower(req.Email))
zResult, err := l.svcCtx.Zitadel.CreateHumanUser(l.ctx, zitadel.CreateHumanUserRequest{
OrgID: tenant.OrgID,
Email: email,
Password: req.Password,
DisplayName: strings.TrimSpace(req.DisplayName),
Language: strings.TrimSpace(req.Language),
})
if err != nil {
return nil, wrapZitadelErr(err)
}
memberDTO, err := l.svcCtx.MemberLifecycle.CreateUnverified(l.ctx, &dommember.CreatePlatformMemberRequest{
TenantID: tenant.TenantID,
Email: email,
DisplayName: strings.TrimSpace(req.DisplayName),
Language: strings.TrimSpace(req.Language),
ZitadelUserID: zResult.UserID,
})
if err != nil {
if deactErr := l.svcCtx.Zitadel.DeactivateUser(l.ctx, zResult.UserID); deactErr != nil {
logx.WithContext(l.ctx).Errorf("register: deactivate zitadel user after member failure: %v", deactErr)
}
return nil, err
}
if err := recordRegistrationMeta(l.ctx, l.svcCtx, tenant.TenantID, memberDTO.UID, inviteCodeID, req.AcceptTermsVersion, req.MarketingOptIn, authmetaenum.RegistrationChannelEmail); err != nil {
if abortErr := l.svcCtx.MemberLifecycle.AbortPending(l.ctx, tenant.TenantID, memberDTO.UID); abortErr != nil {
logx.WithContext(l.ctx).Errorf("register: abort pending member after metadata failure: %v", abortErr)
}
if deactErr := l.svcCtx.Zitadel.DeactivateUser(l.ctx, zResult.UserID); deactErr != nil {
logx.WithContext(l.ctx).Errorf("register: deactivate zitadel user after metadata failure: %v", deactErr)
}
return nil, err
}
data, err := sendRegistrationOTP(l.ctx, l.svcCtx, tenant.TenantID, memberDTO.UID, email)
if err != nil {
if abortErr := l.svcCtx.MemberLifecycle.AbortPending(l.ctx, tenant.TenantID, memberDTO.UID); abortErr != nil {
logx.WithContext(l.ctx).Errorf("register: abort pending member: %v", abortErr)
}
if deactErr := l.svcCtx.Zitadel.DeactivateUser(l.ctx, zResult.UserID); deactErr != nil {
logx.WithContext(l.ctx).Errorf("register: deactivate zitadel user after otp failure: %v", deactErr)
}
return nil, err
}
data.UID = memberDTO.UID
return data, nil
}
func sendRegistrationOTP(
ctx context.Context,
sc *svc.ServiceContext,
tenantID, uid, email string,
) (*types.RegisterData, error) {
cfg := sc.Config.Member.Defaults()
rateKey := memberdom.GetVerifyRateRedisKey(tenantID, uid, string(registrationPurpose()))
if err := sc.MemberVerifyRate.AssertResendAllowed(ctx, rateKey, time.Duration(cfg.OTP.ResendCooldownSeconds)*time.Second); err != nil {
return nil, err
}
dto, plainCode, err := sc.MemberOTP.Generate(ctx, &dommember.GenerateOTPRequest{
TenantID: tenantID,
UID: uid,
Purpose: registrationPurpose(),
Target: email,
})
if err != nil {
return nil, err
}
locale := sc.Config.Notification.DefaultLocale
if strings.TrimSpace(locale) == "" {
locale = "en-us"
}
if _, sendErr := sc.Notifier.Send(ctx, &notifuc.SendRequest{
TenantID: tenantID,
UID: uid,
Channel: notifenum.ChannelEmail,
Kind: notifenum.NotifyVerifyRegistrationEmail,
Target: email,
Locale: locale,
Data: map[string]any{"code": plainCode, "expires_in": dto.ExpiresIn},
IdempotencyKey: dto.ChallengeID,
DoNotPersistBody: true,
Severity: notifenum.SeverityInfo,
}); sendErr != nil {
if invErr := sc.MemberOTP.Invalidate(ctx, dto.ChallengeID); invErr != nil {
return nil, invErr
}
return nil, sendErr
}
return &types.RegisterData{
ChallengeID: dto.ChallengeID,
ExpiresIn: dto.ExpiresIn,
}, nil
}