2026-04-27 02:29:42 +08:00

43 lines
1.5 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package auth
import (
"context"
"strings"
authdomain "hyapp/services/user-service/internal/domain/auth"
)
// StaticThirdPartyVerifier 是本地 v1 verifier。
// credential 在首版本地实现中就是 provider_subject真实 SDK 可替换该接口。
type StaticThirdPartyVerifier struct {
// allowed 保存 provider allowlistkey 已统一小写。
allowed map[string]bool
}
// NewStaticThirdPartyVerifier 创建 provider allowlist 校验器。
func NewStaticThirdPartyVerifier(providers []string) *StaticThirdPartyVerifier {
allowed := make(map[string]bool, len(providers))
for _, provider := range providers {
// provider 名统一小写和 trim避免配置大小写影响登录。
provider = strings.ToLower(strings.TrimSpace(provider))
if provider != "" {
allowed[provider] = true
}
}
return &StaticThirdPartyVerifier{allowed: allowed}
}
// Verify 把本地 credential 解析为 provider_subject。
func (v *StaticThirdPartyVerifier) Verify(_ context.Context, provider string, credential string) (authdomain.ThirdPartyProfile, error) {
// 本地 v1 把 credential 当 provider_subject真实环境替换该接口即可。
provider = strings.ToLower(strings.TrimSpace(provider))
subject := strings.TrimSpace(credential)
if !v.allowed[provider] || subject == "" {
// provider 不允许或 credential 为空都统一 AUTH_FAILED。
return authdomain.ThirdPartyProfile{}, authFailed()
}
return authdomain.ThirdPartyProfile{ProviderSubject: subject}, nil
}