85 lines
2.2 KiB
Go
85 lines
2.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"gateway/internal/library/zitadel"
|
|
"gateway/internal/svc"
|
|
"gateway/internal/types"
|
|
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|
)
|
|
|
|
type LoginSocialCallbackLogic struct {
|
|
logx.Logger
|
|
ctx context.Context
|
|
svcCtx *svc.ServiceContext
|
|
}
|
|
|
|
func NewLoginSocialCallbackLogic(ctx context.Context, svcCtx *svc.ServiceContext) *LoginSocialCallbackLogic {
|
|
return &LoginSocialCallbackLogic{
|
|
Logger: logx.WithContext(ctx),
|
|
ctx: ctx,
|
|
svcCtx: svcCtx,
|
|
}
|
|
}
|
|
|
|
func (l *LoginSocialCallbackLogic) LoginSocialCallback(req *types.LoginSocialCallbackReq) (*types.LoginData, error) {
|
|
if err := requireLoginDeps(l.svcCtx); err != nil {
|
|
return nil, err
|
|
}
|
|
if l.svcCtx.AuthLoginSession == nil {
|
|
return nil, errb.SysNotImplemented("login session not configured")
|
|
}
|
|
|
|
sessionID, err := parseLoginOAuthState(req.State)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
session, err := l.svcCtx.AuthLoginSession.Get(l.ctx, sessionID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer func() {
|
|
if delErr := l.svcCtx.AuthLoginSession.Delete(l.ctx, sessionID); delErr != nil {
|
|
logx.WithContext(l.ctx).Errorf("login social callback: delete session: %v", delErr)
|
|
}
|
|
}()
|
|
|
|
tok, err := l.svcCtx.Zitadel.ExchangeAuthorizationCode(l.ctx, req.Code, session.RedirectURI)
|
|
if err != nil {
|
|
return nil, wrapZitadelErr(err)
|
|
}
|
|
|
|
var claims *zitadel.IDTokenClaims
|
|
if tok.IDToken != "" {
|
|
claims, err = l.svcCtx.Zitadel.VerifyIDToken(l.ctx, tok.IDToken)
|
|
} else {
|
|
claims, err = zitadelIdentityFromToken(l.ctx, l.svcCtx.Zitadel, tok)
|
|
}
|
|
if err != nil {
|
|
return nil, wrapZitadelErr(err)
|
|
}
|
|
|
|
trustSocial := l.svcCtx.Config.Member.Defaults().Registration.TrustSocialEmailVerified
|
|
if err := federatedEmailAllowed(claims, session.Provider, trustSocial); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
member, err := resolveMemberForFederatedLogin(l.ctx, l.svcCtx, session.TenantID, claims, session.Provider)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if member.TOTPEnrolled {
|
|
return beginLoginMFA(l.ctx, l.svcCtx, session.TenantID, session.TenantSlug, member.UID)
|
|
}
|
|
|
|
tokens, err := issueAuthToken(l.ctx, l.svcCtx, session.TenantID, member.UID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return loginDataFromTokens(tokens), nil
|
|
}
|