kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

aws ses 구현

Browse Source
This commit is contained in:
조찬영
2026-01-19 17:04:48 +09:00
parent 27b8ff2ac1
commit 3c41c0dc62
8 changed files with 268 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

255
frontend/lib/features/auth/presentation/login_screen.dart
View File

@@ -1,4 +1,5 @@
import 'dart:async';
import 'dart:convert';
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_dotenv/flutter_dotenv.dart';
@@ -23,10 +24,8 @@ class LoginScreen extends ConsumerStatefulWidget {
class _LoginScreenState extends ConsumerState<LoginScreen>
with SingleTickerProviderStateMixin {
late TabController _tabController;
final TextEditingController _emailController = TextEditingController();
final TextEditingController _passwordController = TextEditingController();
final TextEditingController _phoneController = TextEditingController();
final TextEditingController _smsCodeController = TextEditingController();
final TextEditingController _idController = TextEditingController();
final TextEditingController _smsCodeController = TextEditingController(); // Keep if needed for verification inputs later? Actually not used in link flow.
bool _smsSent = false;
String? _redirectUrl;
@@ -41,7 +40,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
@override
void initState() {
super.initState();
_tabController = TabController(length: 3, vsync: this, initialIndex: 1);
_tabController = TabController(length: 2, vsync: this);
_tabController.addListener(_handleTabSelection);
// Check for tokens (Path Parameter or Legacy Query Parameter)
@@ -62,10 +61,26 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
});
}
// Helper to decode JWT and get loginId
String _getLoginIdFromJwt(String jwt) {
try {
final parts = jwt.split('.');
if (parts.length != 3) return 'User';
final payload = utf8.decode(base64Url.decode(base64Url.normalize(parts[1])));
final data = json.decode(payload);
// Descope tokens usually have 'name', 'email', or 'sub'
return data['name'] ?? data['email'] ?? data['sub'] ?? 'User';
} catch (e) {
debugPrint("[JWT] Decode error: $e");
return 'User';
}
}
void _handleTabSelection() {
if (_tabController.index == 2 && _qrPendingRef == null) {
if (_tabController.index == 1 && _qrPendingRef == null) {
_startQrFlow();
} else if (_tabController.index != 2) {
} else if (_tabController.index != 1) {
_stopQrPolling();
}
}
@@ -125,12 +140,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
_qrCountdownTimer?.cancel();
final jwt = res['sessionJwt'];
// Create Dummy User & Session for Descope SDK
final displayName = _getLoginIdFromJwt(jwt);
// Create User & Session for Descope SDK
final dummyUser = DescopeUser(
'unknown', // userId
[], // loginIds
0, // createdAt
'User', // name
displayName, // name
null, // picture (Uri?)
'', // email
false, // isVerifiedEmail
@@ -180,9 +196,10 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
debugPrint("[Auth] Verification successful for token: $token");
if (jwt != null && mounted) {
// Create Dummy User & Session for Descope SDK to log in this tab
final displayName = _getLoginIdFromJwt(jwt);
// Create User & Session for Descope SDK to log in this tab
final dummyUser = DescopeUser(
'unknown', [], 0, 'User', null, '', false, '', false, {}, '', '', '', false, 'enabled', [], [], [],
'unknown', [], 0, displayName, null, '', false, '', false, {}, '', '', '', false, 'enabled', [], [], [],
);
final session = DescopeSession.fromJwt(jwt, jwt, dummyUser);
Descope.sessionManager.manageSession(session);
@@ -213,49 +230,29 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
void dispose() {
_stopQrPolling();
_tabController.dispose();
_emailController.dispose();
_passwordController.dispose();
_phoneController.dispose();
_idController.dispose();
_smsCodeController.dispose();
super.dispose();
}
Future<void> _handleEmailLogin() async {
final email = _emailController.text.trim();
if (email.isEmpty) return;
Future<void> _handleLogin() async {
final input = _idController.text.trim();
if (input.isEmpty) return;
final password = _passwordController.text;
if (password.isNotEmpty) {
debugPrint("[Auth] Attempting Email/Password login for: $email");
try {
final authResponse = await Descope.password.signIn(
loginId: email,
password: password,
);
final session = DescopeSession.fromAuthenticationResponse(authResponse);
Descope.sessionManager.manageSession(session);
debugPrint("[Auth] Email login successful");
if (mounted) _onLoginSuccess(session.sessionToken.jwt);
} catch (e) {
debugPrint("[Auth] Email login failed: $e");
_showError("Email/Password Login Failed: $e");
String loginId = input;
if (!input.contains('@')) {
// Format phone number if it's not an email
loginId = input.replaceAll(RegExp(r'[-\s]'), '');
if (loginId.startsWith('010')) {
loginId = '+82${loginId.substring(1)}';
}
} else {
debugPrint("[Auth] Initiating Email Enchanted Link for: $email");
_initiateDescopeLinkFlow(email, isSms: false);
}
debugPrint("[Auth] Initiating Enchanted Link for: $loginId");
_startEnchantedFlow(loginId, isEmail: input.contains('@'));
}
Future<void> _handleSmsLogin() async {
final rawPhone = _phoneController.text.trim();
if (rawPhone.isEmpty) return;
String phone = rawPhone.replaceAll(RegExp(r'[-\s]'), '');
if (phone.startsWith('010')) {
phone = '+82${phone.substring(1)}'; // Convert 010 to +8210
}
debugPrint("[Auth] Initiating SMS Enchanted Link for: $phone");
Future<void> _startEnchantedFlow(String loginId, {required bool isEmail}) async {
try {
if (mounted) {
showDialog(
@@ -265,10 +262,10 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
);
}
// 1. Init via Backend API
final initResponse = await AuthProxyService.initEnchantedLink(phone);
// 1. Init via Backend API (Now handles both SMS and SES Email)
final initResponse = await AuthProxyService.initEnchantedLink(loginId);
final pendingRef = initResponse['pendingRef'];
debugPrint("[Auth] SMS Sent. PendingRef: $pendingRef");
debugPrint("[Auth] Link Sent. PendingRef: $pendingRef");
if (mounted) {
Navigator.of(context).pop(); // Close Loading
@@ -277,11 +274,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
context: context,
barrierDismissible: false,
builder: (context) => AlertDialog(
title: const Text("SMS Sent"),
title: Text(isEmail ? "이메일 전송됨" : "SMS 전송됨"),
content: Column(
mainAxisSize: MainAxisSize.min,
children: [
const Text("Please check the link sent to your phone."),
Text(isEmail
? "입력하신 이메일로 로그인 링크를 보냈습니다."
: "입력하신 번호로 로그인 링크를 보냈습니다."),
const SizedBox(height: 16),
const LinearProgressIndicator(),
const SizedBox(height: 16),
@@ -290,7 +289,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
debugPrint("[Auth] Polling canceled by user");
Navigator.of(context).pop();
},
child: const Text("Cancel")
child: const Text("취소")
)
],
),
@@ -301,9 +300,9 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
_pollForSession(pendingRef);
}
} catch (e) {
debugPrint("[Auth] SMS initialization failed: $e");
debugPrint("[Auth] Initialization failed: $e");
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop();
_showError("Failed to send SMS: $e");
_showError("전송 실패: $e");
}
}
@@ -324,13 +323,14 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
if (jwt != null) {
debugPrint("[Auth] Polling SUCCESS. Token received.");
final displayName = _getLoginIdFromJwt(jwt);
// Descope SDK 세션 강제 주입
// Note: DescopeUser in 0.9.11 requires 18 positional arguments.
final dummyUser = DescopeUser(
'unknown', // userId
[], // loginIds
0, // createdAt
'User', // name
displayName, // name
null, // picture (Uri?)
'', // email
false, // isVerifiedEmail
@@ -368,65 +368,15 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
}
}
Future<void> _initiateDescopeLinkFlow(String loginId, {required bool isSms}) async {
void _showError(String message) {
if (!mounted) return;
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text(message), backgroundColor: Colors.red),
);
try {
if (mounted) {
showDialog(
context: context,
barrierDismissible: false,
builder: (context) => const Center(child: CircularProgressIndicator()),
);
}
// 1. Init via Descope SDK
final frontendUrl = dotenv.env['FRONTEND_URL'] ?? 'http://ssologin.hmac.kr';
final signUpOrInResponse = await Descope.enchantedLink.signUpOrIn(
loginId: loginId,
redirectUrl: "$frontendUrl/auth/callback",
);
if (mounted) {
Navigator.of(context).pop(); // Close Loading
showDialog(
context: context,
barrierDismissible: false,
builder: (context) => AlertDialog(
title: Text(isSms ? "SMS Sent" : "Email Sent"),
content: Column(
mainAxisSize: MainAxisSize.min,
children: [
Text("We sent a login link to ${isSms ? loginId.split('@')[0] : loginId}"),
const SizedBox(height: 16),
// For SMS, we might not get a Link ID in the message if the template doesn't include it.
// But Enchanted Link always has one.
Text(
"Security Number: ${signUpOrInResponse.linkId}",
style: const TextStyle(fontSize: 24, fontWeight: FontWeight.bold, color: Colors.blue),
),
const SizedBox(height: 8),
const Text("Click the matching number."),
const SizedBox(height: 16),
const LinearProgressIndicator(),
],
),
),
);
// 2. Poll via Descope SDK
final authResponse = await Descope.enchantedLink.pollForSession(pendingRef: signUpOrInResponse.pendingRef);
final session = DescopeSession.fromAuthenticationResponse(authResponse);
Descope.sessionManager.manageSession(session);
if (mounted) {
Navigator.of(context).pop(); // Close Dialog
_onLoginSuccess(session.sessionToken.jwt);
}
}
AuthProxyService.logError(message);
} catch (e) {
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop();
_showError("Login Failed: $e");
// ignore
}
}
@@ -463,18 +413,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
}
}
void _showError(String message) {
if (!mounted) return;
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text(message), backgroundColor: Colors.red),
);
try {
AuthProxyService.logError(message);
} catch (e) {
// ignore
}
}
@override
Widget build(BuildContext context) {
return Scaffold(
@@ -504,8 +442,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
TabBar(
controller: _tabController,
tabs: const [
Tab(text: "이메일"),
Tab(text: "전화번호"),
Tab(text: "로그인"),
Tab(text: "QR 코드"),
],
),
@@ -516,69 +453,35 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
child: TabBarView(
controller: _tabController,
children: [
// Email Form
// Unified Login Form
Padding(
padding: const EdgeInsets.only(top: 16.0),
child: Column(
children: [
TextField(
controller: _emailController,
controller: _idController,
decoration: const InputDecoration(
labelText: "이메일",
labelText: "이메일 또는 휴대폰 번호",
hintText: "",
border: OutlineInputBorder(),
prefixIcon: Icon(Icons.email_outlined),
),
),
const SizedBox(height: 16),
TextField(
controller: _passwordController,
obscureText: true,
decoration: const InputDecoration(
labelText: "비밀번호 (선택)",
border: OutlineInputBorder(),
prefixIcon: Icon(Icons.lock_outline),
prefixIcon: Icon(Icons.person_outline),
),
onSubmitted: (_) => _handleLogin(),
),
const SizedBox(height: 24),
FilledButton(
onPressed: _handleEmailLogin,
onPressed: _handleLogin,
style: FilledButton.styleFrom(
minimumSize: const Size.fromHeight(50),
),
child: const Text("로그인 / 링크 전송"),
child: const Text("로그인 링크 전송"),
),
const SizedBox(height: 16),
const Text(
"입력하신 정보로 로그인 링크를 전송합니다.",
style: TextStyle(color: Colors.grey, fontSize: 12),
textAlign: TextAlign.center,
),
],
),
),
// Phone Form
Padding(
padding: const EdgeInsets.only(top: 16.0),
child: Column(
children: [
TextField(
controller: _phoneController,
decoration: const InputDecoration(
labelText: "휴대폰 번호",
hintText: "010-1234-5678",
border: OutlineInputBorder(),
prefixIcon: Icon(Icons.phone_android),
),
),
const SizedBox(height: 24),
FilledButton(
onPressed: _handleSmsLogin,
style: FilledButton.styleFrom(
minimumSize: const Size.fromHeight(50),
),
child: const Text("로그인 링크 전송"),
),
const SizedBox(height: 16),
const Text(
"입력하신 번호로 로그인 링크를 문자로 보내드립니다.",
style: TextStyle(color: Colors.grey, fontSize: 12),
textAlign: TextAlign.center,
),
],
),
),
@@ -586,11 +489,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
// QR Login View
Column(
mainAxisAlignment: MainAxisAlignment.center,
crossAxisAlignment: CrossAxisAlignment.center,
children: [
if (_isQrLoading)
const CircularProgressIndicator()
else if (_qrImageBase64 != null)
Column(
crossAxisAlignment: CrossAxisAlignment.center,
children: [
Container(
padding: const EdgeInsets.all(16),
@@ -609,6 +514,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
_qrRemainingSeconds > 0
? "남은 시간: ${_formatTime(_qrRemainingSeconds)}"
: "QR 코드 만료됨",
textAlign: TextAlign.center,
style: TextStyle(
color: _qrRemainingSeconds > 30 ? Colors.blue : Colors.red,
fontWeight: FontWeight.bold,
@@ -617,6 +523,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
const SizedBox(height: 8),
const Text(
"모바일 앱으로 스캔하세요",
textAlign: TextAlign.center,
style: TextStyle(color: Colors.grey, fontSize: 12),
),
TextButton(
@@ -626,7 +533,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
],
)
else
const Text("QR 코드를 불러오지 못했습니다."),
const Text("QR 코드를 불러오지 못했습니다.", textAlign: TextAlign.center),
],
),
],