forked from baron/baron-sso
log 추가
This commit is contained in:
@@ -39,8 +39,8 @@ type AuthHandler struct {
|
||||
DescopeClient *client.DescopeClient
|
||||
}
|
||||
|
||||
// Helper to generate secure random strings
|
||||
func generateSecureToken(length int) string {
|
||||
// GenerateSecureToken - Helper to generate secure random strings
|
||||
func GenerateSecureToken(length int) string {
|
||||
b := make([]byte, length)
|
||||
if _, err := crand.Read(b); err != nil {
|
||||
return ""
|
||||
@@ -126,36 +126,39 @@ func (h *AuthHandler) VerifySms(c *fiber.Ctx) error {
|
||||
func (h *AuthHandler) InitEnchantedLink(c *fiber.Ctx) error {
|
||||
var req domain.EnchantedLinkInitRequest
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
log.Printf("[Enchanted] Body parse error: %v", err)
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request body"})
|
||||
}
|
||||
|
||||
loginID := strings.ReplaceAll(req.LoginID, "-", "")
|
||||
loginID = strings.ReplaceAll(loginID, " ", "")
|
||||
|
||||
|
||||
// Generate secure tokens
|
||||
token := generateSecureToken(3)
|
||||
pendingRef := generateSecureToken(3)
|
||||
token := GenerateSecureToken(3)
|
||||
pendingRef := GenerateSecureToken(3)
|
||||
|
||||
log.Printf("[Enchanted] Initiating for %s. Token: %s, PendingRef: %s", loginID, token, pendingRef)
|
||||
|
||||
// Store in Redis
|
||||
h.RedisService.Set(prefixSession+pendingRef, fmt.Sprintf(`{"status":"%s"}`, statusPending), defaultExpiration)
|
||||
h.RedisService.Set(prefixToken+token, fmt.Sprintf(`{"pendingRef":"%s","loginId":"%s"}`, pendingRef, loginID), defaultExpiration)
|
||||
|
||||
// Send SMS
|
||||
// Frontend URL should be dynamic or env based
|
||||
frontendURL := os.Getenv("FRONTEND_URL")
|
||||
if frontendURL == "" {
|
||||
frontendURL = "http://ssologin.hmac.kr"
|
||||
}
|
||||
link := fmt.Sprintf("%s/verify/%s", frontendURL, token)
|
||||
content := fmt.Sprintf("[Baron SSO] 로그인 링크: %s", link)
|
||||
|
||||
log.Printf("[Enchanted] Sending link to %s", loginID)
|
||||
|
||||
log.Printf("[Enchanted] Sending SMS to %s via Naver Cloud", loginID)
|
||||
|
||||
if err := h.SmsService.SendSms(loginID, content); err != nil {
|
||||
log.Printf("[Enchanted] SMS Failed: %v", err)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send SMS"})
|
||||
}
|
||||
|
||||
log.Printf("[Enchanted] SMS sent successfully to %s", loginID)
|
||||
return c.JSON(fiber.Map{
|
||||
"linkId": "SMS Sent",
|
||||
"pendingRef": pendingRef,
|
||||
@@ -179,6 +182,7 @@ func (h *AuthHandler) PollEnchantedLink(c *fiber.Ctx) error {
|
||||
json.Unmarshal([]byte(val), &data)
|
||||
|
||||
if data["status"] == statusSuccess {
|
||||
log.Printf("[Poll] Success for ref: %s", req.PendingRef)
|
||||
return c.JSON(fiber.Map{
|
||||
"sessionJwt": data["jwt"],
|
||||
"status": "ok",
|
||||
@@ -192,12 +196,16 @@ func (h *AuthHandler) PollEnchantedLink(c *fiber.Ctx) error {
|
||||
func (h *AuthHandler) VerifyMagicLink(c *fiber.Ctx) error {
|
||||
var req domain.MagicLinkVerifyRequest
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
log.Printf("[Verify] Body parse error: %v", err)
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request body"})
|
||||
}
|
||||
|
||||
log.Printf("[Verify] Attempting to verify token: %s", req.Token)
|
||||
|
||||
tokenKey := prefixToken + req.Token
|
||||
val, err := h.RedisService.Get(tokenKey)
|
||||
if err != nil || val == "" {
|
||||
log.Printf("[Verify] Token not found or expired in Redis: %s", req.Token)
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid or expired token"})
|
||||
}
|
||||
|
||||
@@ -206,73 +214,68 @@ func (h *AuthHandler) VerifyMagicLink(c *fiber.Ctx) error {
|
||||
pendingRef := tokenData["pendingRef"]
|
||||
loginID := tokenData["loginId"]
|
||||
|
||||
log.Printf("[Verify] Token valid. LoginID: %s, PendingRef: %s", loginID, pendingRef)
|
||||
|
||||
// 1. Generate Descope Session Directly (Management SDK)
|
||||
if h.DescopeClient == nil {
|
||||
log.Printf("[Verify] Descope Client is nil!")
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Descope Client not configured"})
|
||||
}
|
||||
|
||||
// Use GenerateEmbeddedLink to get a temporary token directly for the user.
|
||||
// This generates a token that will be exchanged for a real session.
|
||||
log.Printf("[Verify] Generating embedded link for %s", loginID)
|
||||
embeddedToken, err := h.DescopeClient.Management.User().GenerateEmbeddedLink(context.Background(), loginID, nil, 0)
|
||||
if err != nil {
|
||||
// If user does not exist, create it and retry
|
||||
if strings.Contains(err.Error(), "User not found") || strings.Contains(err.Error(), "E062108") {
|
||||
log.Printf("User %s not found. Creating new user...", loginID)
|
||||
|
||||
// Format LoginID for Descope (E.164 for phones)
|
||||
log.Printf("[Verify] User %s not found. Creating...", loginID)
|
||||
|
||||
descopeLoginID := loginID
|
||||
userObj := &descope.UserRequest{}
|
||||
|
||||
if strings.Contains(loginID, "@") {
|
||||
userObj.Email = loginID
|
||||
} else {
|
||||
// LoginID is likely a phone number
|
||||
if strings.HasPrefix(loginID, "010") {
|
||||
descopeLoginID = "+82" + loginID[1:]
|
||||
}
|
||||
userObj.Phone = descopeLoginID
|
||||
}
|
||||
|
||||
// Create user using the formatted LoginID
|
||||
_, errCreate := h.DescopeClient.Management.User().Create(context.Background(), descopeLoginID, userObj)
|
||||
if errCreate != nil {
|
||||
log.Printf("Failed to create user: %v", errCreate)
|
||||
log.Printf("[Verify] Failed to create user: %v", errCreate)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to create new user"})
|
||||
}
|
||||
|
||||
// Retry generating embedded token with the Descope LoginID
|
||||
|
||||
embeddedToken, err = h.DescopeClient.Management.User().GenerateEmbeddedLink(context.Background(), descopeLoginID, nil, 0)
|
||||
if err != nil {
|
||||
log.Printf("Failed to generate Descope Session after creation: %v", err)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to generate token for new user"})
|
||||
log.Printf("[Verify] Failed to generate token after creation: %v", err)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to generate upstream token"})
|
||||
}
|
||||
} else {
|
||||
log.Printf("Failed to generate Descope Session: %v", err)
|
||||
log.Printf("[Verify] Descope Error: %v", err)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to generate upstream token"})
|
||||
}
|
||||
}
|
||||
|
||||
// Exchange the Embedded Token for a real User Session JWT
|
||||
log.Printf("[Verify] Exchanging embedded token for session JWT")
|
||||
authInfo, err := h.DescopeClient.Auth.MagicLink().Verify(context.Background(), embeddedToken, nil)
|
||||
if err != nil {
|
||||
log.Printf("Failed to verify embedded token: %v", err)
|
||||
log.Printf("[Verify] Final verification failed: %v", err)
|
||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to verify upstream token"})
|
||||
}
|
||||
sessionToken := authInfo.SessionToken.JWT
|
||||
|
||||
// Update Session in Redis for the polling client
|
||||
log.Printf("[Verify] Success! Updating Redis session: %s", pendingRef)
|
||||
sessionData, _ := json.Marshal(map[string]string{
|
||||
"status": statusSuccess,
|
||||
"jwt": sessionToken,
|
||||
})
|
||||
h.RedisService.Set(prefixSession+pendingRef, string(sessionData), defaultExpiration)
|
||||
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"token": sessionToken,
|
||||
"message": "Login successful",
|
||||
})
|
||||
}
|
||||
|
||||
// ProxyToDescope (Placeholder)
|
||||
func (h *AuthHandler) ProxyToDescope(c *fiber.Ctx, path string, payload interface{}) error {
|
||||
return c.Status(501).SendString("Descope Proxy Disabled")
|
||||
|
||||
Reference in New Issue
Block a user