kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

테넌트 접속 제한 백엔드 로직 수정

Browse Source
This commit is contained in:
김용연
2026-04-28 09:55:37 +09:00
parent 3f85f6cfe3
commit 367368805a
6 changed files with 107 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
backend/internal/handler/auth_handler.go
View File

@@ -5132,10 +5132,8 @@ func (h *AuthHandler) GetConsentRequest(c *fiber.Ctx) error {
)
profile, err := h.resolveCurrentProfile(c)
if err == nil && profile != nil {
if !isClientTenantAccessAllowed(profile, consentRequest.Client) {
return tenantNotAllowedError(c)
}
if tenantErr := enforceClientTenantAccess(c, consentRequest.Client, profile, err); tenantErr != nil {
return tenantErr
}
// [New] 로컬 DB에서 기존 동의 내역 확인 (강제 자동 승인 전략)
@@ -5344,10 +5342,8 @@ func (h *AuthHandler) AcceptConsentRequest(c *fiber.Ctx) error {
consentRequest.RequestedScope = mergeRequestedScopesWithClientRequirements(consentRequest.Client, consentRequest.RequestedScope)
profile, err := h.resolveCurrentProfile(c)
if err == nil && profile != nil {
if !isClientTenantAccessAllowed(profile, consentRequest.Client) {
return tenantNotAllowedError(c)
}
if tenantErr := enforceClientTenantAccess(c, consentRequest.Client, profile, err); tenantErr != nil {
return tenantErr
}
// 3. Hydra에 승인 요청
@@ -5489,10 +5485,8 @@ func (h *AuthHandler) AcceptOidcLoginRequest(c *fiber.Ctx) error {
profile, err := h.resolveCurrentProfile(c)
if loginReq != nil {
if err == nil && profile != nil {
if !isClientTenantAccessAllowed(profile, loginReq.Client) {
return tenantNotAllowedError(c)
}
if tenantErr := enforceClientTenantAccess(c, loginReq.Client, profile, err); tenantErr != nil {
return tenantErr
}
}