fix(external-admin): hide app catalog before login
This commit is contained in:
parent
7748b186f5
commit
c556b44cf6
@ -236,15 +236,6 @@ func (h *Handler) ResetPassword(c *gin.Context) {
|
|||||||
response.OK(c, account)
|
response.OK(c, account)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *Handler) ListApps(c *gin.Context) {
|
|
||||||
apps, err := h.service.ListApps(c.Request.Context())
|
|
||||||
if err != nil {
|
|
||||||
response.ServerError(c, "获取 App 列表失败")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
response.OK(c, gin.H{"items": apps, "total": len(apps)})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (h *Handler) Login(c *gin.Context) {
|
func (h *Handler) Login(c *gin.Context) {
|
||||||
// The global App middleware supplies the main-admin default before this anonymous
|
// The global App middleware supplies the main-admin default before this anonymous
|
||||||
// route runs. No tenant is authoritative until a credential row resolves, so do
|
// route runs. No tenant is authoritative until a credential row resolves, so do
|
||||||
|
|||||||
@ -49,7 +49,6 @@ func RegisterExternalRoutes(api *gin.RouterGroup, h *Handler, handlers BusinessH
|
|||||||
// service workers or intermediary proxies. This middleware runs before session
|
// service workers or intermediary proxies. This middleware runs before session
|
||||||
// auth so 4xx/5xx responses carry the same protection as successful responses.
|
// auth so 4xx/5xx responses carry the same protection as successful responses.
|
||||||
auth.Use(noStore())
|
auth.Use(noStore())
|
||||||
auth.GET("/apps", h.ListApps)
|
|
||||||
auth.POST("/login", h.Login)
|
auth.POST("/login", h.Login)
|
||||||
|
|
||||||
protectedAuth := auth.Group("")
|
protectedAuth := auth.Group("")
|
||||||
|
|||||||
@ -43,3 +43,16 @@ func TestExternalAuthResponsesAlwaysDisableCachingIncludingErrors(t *testing.T)
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestExternalAuthDoesNotExposeAppCatalogBeforeLogin(t *testing.T) {
|
||||||
|
gin.SetMode(gin.TestMode)
|
||||||
|
engine := gin.New()
|
||||||
|
RegisterExternalRoutes(engine.Group("/api/v1"), New(nil, nil, Config{}, nil), BusinessHandlers{})
|
||||||
|
|
||||||
|
request := httptest.NewRequest(http.MethodGet, "/api/v1/external/auth/apps", nil)
|
||||||
|
responseRecorder := httptest.NewRecorder()
|
||||||
|
engine.ServeHTTP(responseRecorder, request)
|
||||||
|
if responseRecorder.Code != http.StatusNotFound {
|
||||||
|
t.Fatalf("anonymous App catalog status=%d body=%s", responseRecorder.Code, responseRecorder.Body.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@ -65,30 +65,6 @@ func NewService(db *gorm.DB, userDB *sql.DB, cfg Config) *Service {
|
|||||||
return &Service{db: db, userDB: userDB, cfg: cfg, dummyHash: dummyHash}
|
return &Service{db: db, userDB: userDB, cfg: cfg, dummyHash: dummyHash}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) ListApps(ctx context.Context) ([]App, error) {
|
|
||||||
if s.userDB == nil {
|
|
||||||
return nil, errors.New("user mysql is not configured")
|
|
||||||
}
|
|
||||||
rows, err := s.userDB.QueryContext(ctx, `
|
|
||||||
SELECT app_code, app_name, logo_url
|
|
||||||
FROM apps
|
|
||||||
WHERE status = 'active'
|
|
||||||
ORDER BY app_name ASC, app_code ASC`)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer rows.Close()
|
|
||||||
apps := []App{}
|
|
||||||
for rows.Next() {
|
|
||||||
var app App
|
|
||||||
if err := rows.Scan(&app.AppCode, &app.AppName, &app.LogoURL); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
apps = append(apps, app)
|
|
||||||
}
|
|
||||||
return apps, rows.Err()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Service) ResolveTarget(ctx context.Context, appCode string, target string) (LinkedUser, error) {
|
func (s *Service) ResolveTarget(ctx context.Context, appCode string, target string) (LinkedUser, error) {
|
||||||
appCode = normalizeAppCode(appCode)
|
appCode = normalizeAppCode(appCode)
|
||||||
target = strings.TrimSpace(target)
|
target = strings.TrimSpace(target)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user