2026-04-30 02:30:32 +08:00

43 lines
1.5 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package auth
import (
"context"
"strings"
authdomain "hyapp/services/user-service/internal/domain/auth"
)
// StaticThirdPartyVerifier 是测试和本地 mock verifier。
// credential 会被当作 provider_subject不能用于 provider=firebase 或任何真实线上 provider。
type StaticThirdPartyVerifier struct {
// allowed 保存 provider allowlistkey 已统一小写。
allowed map[string]bool
}
// NewStaticThirdPartyVerifier 创建 provider allowlist 校验器。
func NewStaticThirdPartyVerifier(providers []string) *StaticThirdPartyVerifier {
allowed := make(map[string]bool, len(providers))
for _, provider := range providers {
// provider 名统一小写和 trim避免配置大小写影响登录。
provider = strings.ToLower(strings.TrimSpace(provider))
if provider != "" {
allowed[provider] = true
}
}
return &StaticThirdPartyVerifier{allowed: allowed}
}
// Verify 把 mock credential 解析为 provider_subject。
func (v *StaticThirdPartyVerifier) Verify(_ context.Context, provider string, credential string) (authdomain.ThirdPartyProfile, error) {
// mock verifier 只服务显式 allowlistprovider=firebase 会被 RoutedThirdPartyVerifier 截获。
provider = strings.ToLower(strings.TrimSpace(provider))
subject := strings.TrimSpace(credential)
if !v.allowed[provider] || subject == "" {
// provider 不允许或 credential 为空都统一 AUTH_FAILED。
return authdomain.ThirdPartyProfile{}, authFailed()
}
return authdomain.ThirdPartyProfile{ProviderSubject: subject}, nil
}