43 lines
1.5 KiB
Go
43 lines
1.5 KiB
Go
package auth
|
||
|
||
import (
|
||
"context"
|
||
"strings"
|
||
|
||
authdomain "hyapp/services/user-service/internal/domain/auth"
|
||
)
|
||
|
||
// StaticThirdPartyVerifier 是测试和本地 mock verifier。
|
||
// credential 会被当作 provider_subject,不能用于 provider=firebase 或任何真实线上 provider。
|
||
type StaticThirdPartyVerifier struct {
|
||
// allowed 保存 provider allowlist,key 已统一小写。
|
||
allowed map[string]bool
|
||
}
|
||
|
||
// NewStaticThirdPartyVerifier 创建 provider allowlist 校验器。
|
||
func NewStaticThirdPartyVerifier(providers []string) *StaticThirdPartyVerifier {
|
||
allowed := make(map[string]bool, len(providers))
|
||
for _, provider := range providers {
|
||
// provider 名统一小写和 trim,避免配置大小写影响登录。
|
||
provider = strings.ToLower(strings.TrimSpace(provider))
|
||
if provider != "" {
|
||
allowed[provider] = true
|
||
}
|
||
}
|
||
|
||
return &StaticThirdPartyVerifier{allowed: allowed}
|
||
}
|
||
|
||
// Verify 把 mock credential 解析为 provider_subject。
|
||
func (v *StaticThirdPartyVerifier) Verify(_ context.Context, provider string, credential string) (authdomain.ThirdPartyProfile, error) {
|
||
// mock verifier 只服务显式 allowlist;provider=firebase 会被 RoutedThirdPartyVerifier 截获。
|
||
provider = strings.ToLower(strings.TrimSpace(provider))
|
||
subject := strings.TrimSpace(credential)
|
||
if !v.allowed[provider] || subject == "" {
|
||
// provider 不允许或 credential 为空都统一 AUTH_FAILED。
|
||
return authdomain.ThirdPartyProfile{}, authFailed()
|
||
}
|
||
|
||
return authdomain.ThirdPartyProfile{ProviderSubject: subject}, nil
|
||
}
|