kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

빌드오류 수정

Browse Source
This commit is contained in:
조찬영
2026-02-03 15:10:13 +09:00
parent 3868f5967e
commit 1c8a599d46
2 changed files with 29 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/cmd/server/main.go
View File

@@ -245,7 +245,7 @@ func main() {
userRepo := repository.NewUserRepository(db) userRepo := repository.NewUserRepository(db)
auditHandler := handler.NewAuditHandler(auditRepo) auditHandler := handler.NewAuditHandler(auditRepo)
authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, tenantService, ketoService, userRepo) authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, oathkeeperRepo, tenantService, ketoService, userRepo)
adminHandler := handler.NewAdminHandler() adminHandler := handler.NewAdminHandler()
devHandler := handler.NewDevHandler(redisService) devHandler := handler.NewDevHandler(redisService)
tenantHandler := handler.NewTenantHandler(db, tenantService) tenantHandler := handler.NewTenantHandler(db, tenantService)

111
backend/internal/handler/auth_handler.go
View File

@@ -2575,57 +2575,12 @@ func (h *AuthHandler) formatPhoneForStorage(phone string) string {
// GetMe - Returns current user's profile with enriched data from local DB // GetMe - Returns current user's profile with enriched data from local DB
func (h *AuthHandler) GetMe(c *fiber.Ctx) error { func (h *AuthHandler) GetMe(c *fiber.Ctx) error {
token := h.getBearerToken(c) profile, err := h.resolveCurrentProfile(c)
if token != "" { if err != nil {
if looksLikeJWT(token) && h.DescopeClient != nil { return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": err.Error()})
authorized, userToken, err := h.DescopeClient.Auth.ValidateSessionWithToken(c.Context(), token)
if err == nil && authorized {
userResponse, err := h.DescopeClient.Management.User().Load(c.Context(), userToken.ID)
if err != nil {
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to load user profile"})
}
identityID, resolveErr := h.resolveKratosIdentityID(
c.Context(),
userResponse.Email,
normalizePhoneForLoginID(userResponse.Phone),
)
if resolveErr != nil || identityID == "" {
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to resolve user identity"})
}
dept, _ := userResponse.CustomAttributes["department"].(string)
affType, _ := userResponse.CustomAttributes["affiliationType"].(string)
compCode, _ := userResponse.CustomAttributes["companyCode"].(string)
resp := domain.UserProfileResponse{
ID: identityID,
Email: userResponse.Email,
Name: userResponse.Name,
Phone: h.formatPhoneForDisplay(userResponse.Phone),
Department: dept,
AffiliationType: affType,
CompanyCode: compCode,
Metadata: userResponse.CustomAttributes,
}
if compCode != "" {
if tenant, err := h.TenantService.GetTenantBySlug(c.Context(), compCode); err == nil && tenant != nil {
resp.Tenant = tenant
}
}
return c.JSON(resp)
}
}
profile, err := h.getKratosProfile(token)
if err != nil {
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid session"})
}
return c.JSON(profile)
} }
return c.JSON(profile)
}
// GetEnrichedProfile - Exported wrapper for resolveCurrentProfile used by middlewares // GetEnrichedProfile - Exported wrapper for resolveCurrentProfile used by middlewares
func (h *AuthHandler) GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) { func (h *AuthHandler) GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) {
return h.resolveCurrentProfile(c) return h.resolveCurrentProfile(c)
@@ -3488,7 +3443,7 @@ func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileRe
if testRole == "" { if testRole == "" {
testRole = c.Cookies("X-Mock-Role") testRole = c.Cookies("X-Mock-Role")
} }
if testRole == "" { if testRole == "" {
testRole = domain.RoleUser // 기본값을 user로 변경하여 차단 확인 testRole = domain.RoleUser // 기본값을 user로 변경하여 차단 확인
} }
@@ -3512,39 +3467,31 @@ func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileRe
authorized, userToken, err := h.DescopeClient.Auth.ValidateSessionWithToken(c.Context(), token) authorized, userToken, err := h.DescopeClient.Auth.ValidateSessionWithToken(c.Context(), token)
if err == nil && authorized { if err == nil && authorized {
userResponse, err := h.DescopeClient.Management.User().Load(c.Context(), userToken.ID) userResponse, err := h.DescopeClient.Management.User().Load(c.Context(), userToken.ID)
if err != nil { if err == nil {
return nil, err identityID, resolveErr := h.resolveKratosIdentityID(
c.Context(),
userResponse.Email,
normalizePhoneForLoginID(userResponse.Phone),
)
if resolveErr == nil && identityID != "" {
dept, _ := userResponse.CustomAttributes["department"].(string)
affType, _ := userResponse.CustomAttributes["affiliationType"].(string)
compCode, _ := userResponse.CustomAttributes["companyCode"].(string)
profile = &domain.UserProfileResponse{
ID: identityID,
Email: userResponse.Email,
Name: userResponse.Name,
Phone: h.formatPhoneForDisplay(userResponse.Phone),
Department: dept,
AffiliationType: affType,
CompanyCode: compCode,
Metadata: userResponse.CustomAttributes,
}
}
} }
identityID, resolveErr := h.resolveKratosIdentityID(
c.Context(),
userResponse.Email,
normalizePhoneForLoginID(userResponse.Phone),
)
if resolveErr != nil || identityID == "" {
return nil, fmt.Errorf("failed to resolve kratos identity for profile")
}
dept, _ := userResponse.CustomAttributes["department"].(string)
affType, _ := userResponse.CustomAttributes["affiliationType"].(string)
compCode, _ := userResponse.CustomAttributes["companyCode"].(string)
return &domain.UserProfileResponse{
ID: identityID,
Email: userResponse.Email,
Name: userResponse.Name,
Phone: h.formatPhoneForDisplay(userResponse.Phone),
Department: dept,
AffiliationType: affType,
CompanyCode: compCode,
}, nil
} }
} }
profile, err := h.getKratosProfile(token)
if err != nil {
return nil, err
}
return profile, nil
}
if profile == nil { if profile == nil {
profile, err = h.getKratosProfile(token) profile, err = h.getKratosProfile(token)
} }
@@ -3569,9 +3516,8 @@ func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileRe
if profile.Tenant == nil && localUser.Tenant != nil { if profile.Tenant == nil && localUser.Tenant != nil {
profile.Tenant = localUser.Tenant profile.Tenant = localUser.Tenant
} }
// 병합되지 않은 메타데이터 처리 (필요시)
} else { } else {
// 로컬 DB에 없으면 기본 권한 부여 (또는 강제 생성 정책) // 로컬 DB에 없으면 기본 권한 부여
profile.Role = domain.RoleUser profile.Role = domain.RoleUser
} }
} }
@@ -3585,7 +3531,6 @@ func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileRe
return profile, nil return profile, nil
} }
func (h *AuthHandler) resolveConsentSubject(c *fiber.Ctx) (string, error) { func (h *AuthHandler) resolveConsentSubject(c *fiber.Ctx) (string, error) {
token := h.getBearerToken(c) token := h.getBearerToken(c)
if token != "" { if token != "" {