kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

aws ses 구현

Browse Source
This commit is contained in:
조찬영
2026-01-19 17:04:48 +09:00
parent 27b8ff2ac1
commit 3c41c0dc62
8 changed files with 268 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.env.sample
View File

@@ -34,4 +34,10 @@ NAVER_CLOUD_SECRET_KEY=ncp_iam_...
NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:... NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:...
NAVER_SENDER_PHONE_NUMBER=... NAVER_SENDER_PHONE_NUMBER=...
# --- AWS SES Configuration ---
AWS_REGION=ap-northeast-2
AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...
AWS_SES_SENDER=no-reply@baron.co.kr
ADMIN_PASSWORD=admin ADMIN_PASSWORD=admin

15
backend/go.mod
View File

@@ -12,6 +12,21 @@ require (
require ( require (
github.com/ClickHouse/ch-go v0.69.0 // indirect github.com/ClickHouse/ch-go v0.69.0 // indirect
github.com/andybalholm/brotli v1.2.0 // indirect github.com/andybalholm/brotli v1.2.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.41.1 // indirect
github.com/aws/aws-sdk-go-v2/config v1.32.7 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.19.7 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect
github.com/aws/aws-sdk-go-v2/service/ses v1.34.18 // indirect
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 // indirect
github.com/aws/smithy-go v1.24.0 // indirect
github.com/bwmarrin/snowflake v0.3.0 // indirect github.com/bwmarrin/snowflake v0.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect

30
backend/go.sum
View File

@@ -4,6 +4,36 @@ github.com/ClickHouse/clickhouse-go/v2 v2.42.0 h1:MdujEfIrpXesQUH0k0AnuVtJQXk6RZ
github.com/ClickHouse/clickhouse-go/v2 v2.42.0/go.mod h1:riWnuo4YMVdajYll0q6FzRBomdyCrXyFY3VXeXczA8s= github.com/ClickHouse/clickhouse-go/v2 v2.42.0/go.mod h1:riWnuo4YMVdajYll0q6FzRBomdyCrXyFY3VXeXczA8s=
github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ= github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY= github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
github.com/aws/aws-sdk-go-v2 v1.41.1 h1:ABlyEARCDLN034NhxlRUSZr4l71mh+T5KAeGh6cerhU=
github.com/aws/aws-sdk-go-v2 v1.41.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
github.com/aws/aws-sdk-go-v2/config v1.32.7 h1:vxUyWGUwmkQ2g19n7JY/9YL8MfAIl7bTesIUykECXmY=
github.com/aws/aws-sdk-go-v2/config v1.32.7/go.mod h1:2/Qm5vKUU/r7Y+zUk/Ptt2MDAEKAfUtKc1+3U1Mo3oY=
github.com/aws/aws-sdk-go-v2/credentials v1.19.7 h1:tHK47VqqtJxOymRrNtUXN5SP/zUTvZKeLx4tH6PGQc8=
github.com/aws/aws-sdk-go-v2/credentials v1.19.7/go.mod h1:qOZk8sPDrxhf+4Wf4oT2urYJrYt3RejHSzgAquYeppw=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 h1:I0GyV8wiYrP8XpA70g1HBcQO1JlQxCMTW9npl5UbDHY=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17/go.mod h1:tyw7BOl5bBe/oqvoIeECFJjMdzXoa/dfVz3QQ5lgHGA=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 h1:xOLELNKGp2vsiteLsvLPwxC+mYmO6OZ8PYgiuPJzF8U=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17/go.mod h1:5M5CI3D12dNOtH3/mk6minaRwI2/37ifCURZISxA/IQ=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 h1:WWLqlh79iO48yLkj1v3ISRNiv+3KdQoZ6JWyfcsyQik=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17/go.mod h1:EhG22vHRrvF8oXSTYStZhJc1aUgKtnJe+aOiFEV90cM=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 h1:RuNSMoozM8oXlgLG/n6WLaFGoea7/CddrCfIiSA+xdY=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17/go.mod h1:F2xxQ9TZz5gDWsclCtPQscGpP0VUOc8RqgFM3vDENmU=
github.com/aws/aws-sdk-go-v2/service/ses v1.34.18 h1:2Lnd3ZNTyWpFJJM55y0mP0aESovm+vFuFEwLijucUL8=
github.com/aws/aws-sdk-go-v2/service/ses v1.34.18/go.mod h1:BLwHw6wdkA6NfnW/cFaVcvpwdIXHLAkpe6nsLF9BVww=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 h1:VrhDvQib/i0lxvr3zqlUwLwJP4fpmpyD9wYG1vfSu+Y=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5/go.mod h1:k029+U8SY30/3/ras4G/Fnv/b88N4mAfliNn08Dem4M=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 h1:v6EiMvhEYBoHABfbGB4alOYmCIrcgyPPiBE1wZAEbqk=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9/go.mod h1:yifAsgBxgJWn3ggx70A3urX2AN49Y5sJTD1UQFlfqBw=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 h1:gd84Omyu9JLriJVCbGApcLzVR3XtmC4ZDPcAI6Ftvds=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13/go.mod h1:sTGThjphYE4Ohw8vJiRStAcu3rbjtXRsdNB0TvZ5wwo=
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 h1:5fFjR/ToSOzB2OQ/XqWpZBmNvmP/pJ1jOWYlFDJTjRQ=
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6/go.mod h1:qgFDZQSD/Kys7nJnVqYlWKnh0SSdMjAi0uSwON4wgYQ=
github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk=
github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0= github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0=
github.com/bwmarrin/snowflake v0.3.0/go.mod h1:NdZxfVWX+oR6y2K0o6qAYv6gIOP9rjG0/E9WsDpxqwE= github.com/bwmarrin/snowflake v0.3.0/go.mod h1:NdZxfVWX+oR6y2K0o6qAYv6gIOP9rjG0/E9WsDpxqwE=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=

6
backend/internal/domain/email_models.go Normal file
View File

@@ -0,0 +1,6 @@
package domain
// EmailService defines the interface for sending emails.
type EmailService interface {
SendEmail(to, subject, body string) error
}

46
backend/internal/handler/auth_handler.go
View File

@@ -35,6 +35,7 @@ const (
type AuthHandler struct { type AuthHandler struct {
ProjectID string ProjectID string
SmsService domain.SmsService SmsService domain.SmsService
EmailService domain.EmailService
RedisService *service.RedisService RedisService *service.RedisService
DescopeClient *client.DescopeClient DescopeClient *client.DescopeClient
} }
@@ -71,6 +72,7 @@ func NewAuthHandler() *AuthHandler {
return &AuthHandler{ return &AuthHandler{
ProjectID: projectID, ProjectID: projectID,
SmsService: service.NewSmsService(), SmsService: service.NewSmsService(),
EmailService: service.NewEmailService(),
RedisService: redisService, RedisService: redisService,
DescopeClient: descopeClient, DescopeClient: descopeClient,
} }
@@ -143,24 +145,52 @@ func (h *AuthHandler) InitEnchantedLink(c *fiber.Ctx) error {
h.RedisService.Set(prefixSession+pendingRef, fmt.Sprintf(`{"status":"%s"}`, statusPending), defaultExpiration) h.RedisService.Set(prefixSession+pendingRef, fmt.Sprintf(`{"status":"%s"}`, statusPending), defaultExpiration)
h.RedisService.Set(prefixToken+token, fmt.Sprintf(`{"pendingRef":"%s","loginId":"%s"}`, pendingRef, loginID), defaultExpiration) h.RedisService.Set(prefixToken+token, fmt.Sprintf(`{"pendingRef":"%s","loginId":"%s"}`, pendingRef, loginID), defaultExpiration)
// Send SMS // Generate Link
frontendURL := os.Getenv("FRONTEND_URL") frontendURL := os.Getenv("FRONTEND_URL")
if frontendURL == "" { if frontendURL == "" {
frontendURL = "http://ssologin.hmac.kr" frontendURL = "http://ssologin.hmac.kr"
} }
link := fmt.Sprintf("%s/verify/%s", frontendURL, token) link := fmt.Sprintf("%s/verify/%s", frontendURL, token)
content := fmt.Sprintf("[Baron SSO] 로그인 링크: %s", link)
log.Printf("[Enchanted] Sending SMS to %s via Naver Cloud", loginID) // Route based on LoginID type
if strings.Contains(loginID, "@") {
// Send Email
if h.EmailService == nil {
log.Printf("[Enchanted] Email Service not configured")
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Email service not configured"})
}
if err := h.SmsService.SendSms(loginID, content); err != nil { subject := "[Baron SSO] 로그인 링크"
log.Printf("[Enchanted] SMS Failed: %v", err) body := fmt.Sprintf(`
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send SMS"}) <div style="font-family: sans-serif; padding: 20px; border: 1px solid #eee; border-radius: 10px; max-width: 500px;">
<h2 style="color: #1A1F2C;">Baron SSO 로그인</h2>
<p>안녕하세요,</p>
<p>아래 버튼을 클릭하여 로그인을 완료해 주세요. 이 링크는 5분 동안 유효합니다.</p>
<div style="margin: 30px 0;">
<a href="%s" style="background-color: #1A1F2C; color: white; padding: 12px 24px; text-decoration: none; border-radius: 5px; font-weight: bold;">로그인 완료하기</a>
</div>
<p style="font-size: 12px; color: #888;">만약 본인이 요청하지 않았다면 이 메일을 무시하셔도 됩니다.</p>
</div>
`, link)
log.Printf("[Enchanted] Sending Email to %s via AWS SES", loginID)
if err := h.EmailService.SendEmail(loginID, subject, body); err != nil {
log.Printf("[Enchanted] Email Failed: %v", err)
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send Email"})
}
} else {
// Send SMS
content := fmt.Sprintf("[Baron SSO] 로그인 링크: %s", link)
log.Printf("[Enchanted] Sending SMS to %s via Naver Cloud", loginID)
if err := h.SmsService.SendSms(loginID, content); err != nil {
log.Printf("[Enchanted] SMS Failed: %v", err)
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send SMS"})
}
} }
log.Printf("[Enchanted] SMS sent successfully to %s", loginID)
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"linkId": "SMS Sent", "linkId": "Sent",
"pendingRef": pendingRef, "pendingRef": pendingRef,
"maskedEmail": loginID, "maskedEmail": loginID,
}) })

79
backend/internal/service/ses_service.go Normal file
View File

@@ -0,0 +1,79 @@
package service
import (
"context"
"fmt"
"log"
"os"
"baron-sso-backend/internal/domain"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/service/ses"
"github.com/aws/aws-sdk-go-v2/service/ses/types"
)
type SesServiceImpl struct {
client *ses.Client
sender string
}
func NewEmailService() domain.EmailService {
region := os.Getenv("AWS_REGION")
accessKey := os.Getenv("AWS_ACCESS_KEY_ID")
secretKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
sender := os.Getenv("AWS_SES_SENDER")
if region == "" || accessKey == "" || secretKey == "" {
log.Println("[EmailService] AWS configuration missing, email service will not work")
return nil
}
cfg, err := config.LoadDefaultConfig(context.TODO(),
config.WithRegion(region),
config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")),
)
if err != nil {
log.Printf("[EmailService] Failed to load AWS config: %v", err)
return nil
}
return &SesServiceImpl{
client: ses.NewFromConfig(cfg),
sender: sender,
}
}
func (s *SesServiceImpl) SendEmail(to, subject, body string) error {
if s == nil || s.client == nil {
return fmt.Errorf("email service not initialized")
}
input := &ses.SendEmailInput{
Destination: &types.Destination{
ToAddresses: []string{to},
},
Message: &types.Message{
Body: &types.Body{
Html: &types.Content{
Charset: aws.String("UTF-8"),
Data: aws.String(body),
},
},
Subject: &types.Content{
Charset: aws.String("UTF-8"),
Data: aws.String(subject),
},
},
Source: aws.String(s.sender),
}
_, err := s.client.SendEmail(context.TODO(), input)
if err != nil {
log.Printf("[EmailService] Failed to send email to %s: %v", to, err)
} else {
log.Printf("[EmailService] Email sent successfully to %s", to)
}
return err
}

255
frontend/lib/features/auth/presentation/login_screen.dart
View File

@@ -1,4 +1,5 @@
import 'dart:async'; import 'dart:async';
import 'dart:convert';
import 'package:flutter/material.dart'; import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart'; import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_dotenv/flutter_dotenv.dart'; import 'package:flutter_dotenv/flutter_dotenv.dart';
@@ -23,10 +24,8 @@ class LoginScreen extends ConsumerStatefulWidget {
class _LoginScreenState extends ConsumerState<LoginScreen> class _LoginScreenState extends ConsumerState<LoginScreen>
with SingleTickerProviderStateMixin { with SingleTickerProviderStateMixin {
late TabController _tabController; late TabController _tabController;
final TextEditingController _emailController = TextEditingController(); final TextEditingController _idController = TextEditingController();
final TextEditingController _passwordController = TextEditingController(); final TextEditingController _smsCodeController = TextEditingController(); // Keep if needed for verification inputs later? Actually not used in link flow.
final TextEditingController _phoneController = TextEditingController();
final TextEditingController _smsCodeController = TextEditingController();
bool _smsSent = false; bool _smsSent = false;
String? _redirectUrl; String? _redirectUrl;
@@ -41,7 +40,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
@override @override
void initState() { void initState() {
super.initState(); super.initState();
_tabController = TabController(length: 3, vsync: this, initialIndex: 1); _tabController = TabController(length: 2, vsync: this);
_tabController.addListener(_handleTabSelection); _tabController.addListener(_handleTabSelection);
// Check for tokens (Path Parameter or Legacy Query Parameter) // Check for tokens (Path Parameter or Legacy Query Parameter)
@@ -62,10 +61,26 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
}); });
} }
// Helper to decode JWT and get loginId
String _getLoginIdFromJwt(String jwt) {
try {
final parts = jwt.split('.');
if (parts.length != 3) return 'User';
final payload = utf8.decode(base64Url.decode(base64Url.normalize(parts[1])));
final data = json.decode(payload);
// Descope tokens usually have 'name', 'email', or 'sub'
return data['name'] ?? data['email'] ?? data['sub'] ?? 'User';
} catch (e) {
debugPrint("[JWT] Decode error: $e");
return 'User';
}
}
void _handleTabSelection() { void _handleTabSelection() {
if (_tabController.index == 2 && _qrPendingRef == null) { if (_tabController.index == 1 && _qrPendingRef == null) {
_startQrFlow(); _startQrFlow();
} else if (_tabController.index != 2) { } else if (_tabController.index != 1) {
_stopQrPolling(); _stopQrPolling();
} }
} }
@@ -125,12 +140,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
_qrCountdownTimer?.cancel(); _qrCountdownTimer?.cancel();
final jwt = res['sessionJwt']; final jwt = res['sessionJwt'];
// Create Dummy User & Session for Descope SDK final displayName = _getLoginIdFromJwt(jwt);
// Create User & Session for Descope SDK
final dummyUser = DescopeUser( final dummyUser = DescopeUser(
'unknown', // userId 'unknown', // userId
[], // loginIds [], // loginIds
0, // createdAt 0, // createdAt
'User', // name displayName, // name
null, // picture (Uri?) null, // picture (Uri?)
'', // email '', // email
false, // isVerifiedEmail false, // isVerifiedEmail
@@ -180,9 +196,10 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
debugPrint("[Auth] Verification successful for token: $token"); debugPrint("[Auth] Verification successful for token: $token");
if (jwt != null && mounted) { if (jwt != null && mounted) {
// Create Dummy User & Session for Descope SDK to log in this tab final displayName = _getLoginIdFromJwt(jwt);
// Create User & Session for Descope SDK to log in this tab
final dummyUser = DescopeUser( final dummyUser = DescopeUser(
'unknown', [], 0, 'User', null, '', false, '', false, {}, '', '', '', false, 'enabled', [], [], [], 'unknown', [], 0, displayName, null, '', false, '', false, {}, '', '', '', false, 'enabled', [], [], [],
); );
final session = DescopeSession.fromJwt(jwt, jwt, dummyUser); final session = DescopeSession.fromJwt(jwt, jwt, dummyUser);
Descope.sessionManager.manageSession(session); Descope.sessionManager.manageSession(session);
@@ -213,49 +230,29 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
void dispose() { void dispose() {
_stopQrPolling(); _stopQrPolling();
_tabController.dispose(); _tabController.dispose();
_emailController.dispose(); _idController.dispose();
_passwordController.dispose();
_phoneController.dispose();
_smsCodeController.dispose(); _smsCodeController.dispose();
super.dispose(); super.dispose();
} }
Future<void> _handleEmailLogin() async { Future<void> _handleLogin() async {
final email = _emailController.text.trim(); final input = _idController.text.trim();
if (email.isEmpty) return; if (input.isEmpty) return;
final password = _passwordController.text; String loginId = input;
if (password.isNotEmpty) { if (!input.contains('@')) {
debugPrint("[Auth] Attempting Email/Password login for: $email"); // Format phone number if it's not an email
try { loginId = input.replaceAll(RegExp(r'[-\s]'), '');
final authResponse = await Descope.password.signIn( if (loginId.startsWith('010')) {
loginId: email, loginId = '+82${loginId.substring(1)}';
password: password,
);
final session = DescopeSession.fromAuthenticationResponse(authResponse);
Descope.sessionManager.manageSession(session);
debugPrint("[Auth] Email login successful");
if (mounted) _onLoginSuccess(session.sessionToken.jwt);
} catch (e) {
debugPrint("[Auth] Email login failed: $e");
_showError("Email/Password Login Failed: $e");
} }
} else {
debugPrint("[Auth] Initiating Email Enchanted Link for: $email");
_initiateDescopeLinkFlow(email, isSms: false);
} }
debugPrint("[Auth] Initiating Enchanted Link for: $loginId");
_startEnchantedFlow(loginId, isEmail: input.contains('@'));
} }
Future<void> _handleSmsLogin() async { Future<void> _startEnchantedFlow(String loginId, {required bool isEmail}) async {
final rawPhone = _phoneController.text.trim();
if (rawPhone.isEmpty) return;
String phone = rawPhone.replaceAll(RegExp(r'[-\s]'), '');
if (phone.startsWith('010')) {
phone = '+82${phone.substring(1)}'; // Convert 010 to +8210
}
debugPrint("[Auth] Initiating SMS Enchanted Link for: $phone");
try { try {
if (mounted) { if (mounted) {
showDialog( showDialog(
@@ -265,10 +262,10 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
); );
} }
// 1. Init via Backend API // 1. Init via Backend API (Now handles both SMS and SES Email)
final initResponse = await AuthProxyService.initEnchantedLink(phone); final initResponse = await AuthProxyService.initEnchantedLink(loginId);
final pendingRef = initResponse['pendingRef']; final pendingRef = initResponse['pendingRef'];
debugPrint("[Auth] SMS Sent. PendingRef: $pendingRef"); debugPrint("[Auth] Link Sent. PendingRef: $pendingRef");
if (mounted) { if (mounted) {
Navigator.of(context).pop(); // Close Loading Navigator.of(context).pop(); // Close Loading
@@ -277,11 +274,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
context: context, context: context,
barrierDismissible: false, barrierDismissible: false,
builder: (context) => AlertDialog( builder: (context) => AlertDialog(
title: const Text("SMS Sent"), title: Text(isEmail ? "이메일 전송됨" : "SMS 전송됨"),
content: Column( content: Column(
mainAxisSize: MainAxisSize.min, mainAxisSize: MainAxisSize.min,
children: [ children: [
const Text("Please check the link sent to your phone."), Text(isEmail
? "입력하신 이메일로 로그인 링크를 보냈습니다."
: "입력하신 번호로 로그인 링크를 보냈습니다."),
const SizedBox(height: 16), const SizedBox(height: 16),
const LinearProgressIndicator(), const LinearProgressIndicator(),
const SizedBox(height: 16), const SizedBox(height: 16),
@@ -290,7 +289,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
debugPrint("[Auth] Polling canceled by user"); debugPrint("[Auth] Polling canceled by user");
Navigator.of(context).pop(); Navigator.of(context).pop();
}, },
child: const Text("Cancel") child: const Text("취소")
) )
], ],
), ),
@@ -301,9 +300,9 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
_pollForSession(pendingRef); _pollForSession(pendingRef);
} }
} catch (e) { } catch (e) {
debugPrint("[Auth] SMS initialization failed: $e"); debugPrint("[Auth] Initialization failed: $e");
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop(); if (mounted && Navigator.canPop(context)) Navigator.of(context).pop();
_showError("Failed to send SMS: $e"); _showError("전송 실패: $e");
} }
} }
@@ -324,13 +323,14 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
if (jwt != null) { if (jwt != null) {
debugPrint("[Auth] Polling SUCCESS. Token received."); debugPrint("[Auth] Polling SUCCESS. Token received.");
final displayName = _getLoginIdFromJwt(jwt);
// Descope SDK 세션 강제 주입 // Descope SDK 세션 강제 주입
// Note: DescopeUser in 0.9.11 requires 18 positional arguments. // Note: DescopeUser in 0.9.11 requires 18 positional arguments.
final dummyUser = DescopeUser( final dummyUser = DescopeUser(
'unknown', // userId 'unknown', // userId
[], // loginIds [], // loginIds
0, // createdAt 0, // createdAt
'User', // name displayName, // name
null, // picture (Uri?) null, // picture (Uri?)
'', // email '', // email
false, // isVerifiedEmail false, // isVerifiedEmail
@@ -368,65 +368,15 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
} }
} }
Future<void> _initiateDescopeLinkFlow(String loginId, {required bool isSms}) async { void _showError(String message) {
if (!mounted) return;
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text(message), backgroundColor: Colors.red),
);
try { try {
if (mounted) { AuthProxyService.logError(message);
showDialog(
context: context,
barrierDismissible: false,
builder: (context) => const Center(child: CircularProgressIndicator()),
);
}
// 1. Init via Descope SDK
final frontendUrl = dotenv.env['FRONTEND_URL'] ?? 'http://ssologin.hmac.kr';
final signUpOrInResponse = await Descope.enchantedLink.signUpOrIn(
loginId: loginId,
redirectUrl: "$frontendUrl/auth/callback",
);
if (mounted) {
Navigator.of(context).pop(); // Close Loading
showDialog(
context: context,
barrierDismissible: false,
builder: (context) => AlertDialog(
title: Text(isSms ? "SMS Sent" : "Email Sent"),
content: Column(
mainAxisSize: MainAxisSize.min,
children: [
Text("We sent a login link to ${isSms ? loginId.split('@')[0] : loginId}"),
const SizedBox(height: 16),
// For SMS, we might not get a Link ID in the message if the template doesn't include it.
// But Enchanted Link always has one.
Text(
"Security Number: ${signUpOrInResponse.linkId}",
style: const TextStyle(fontSize: 24, fontWeight: FontWeight.bold, color: Colors.blue),
),
const SizedBox(height: 8),
const Text("Click the matching number."),
const SizedBox(height: 16),
const LinearProgressIndicator(),
],
),
),
);
// 2. Poll via Descope SDK
final authResponse = await Descope.enchantedLink.pollForSession(pendingRef: signUpOrInResponse.pendingRef);
final session = DescopeSession.fromAuthenticationResponse(authResponse);
Descope.sessionManager.manageSession(session);
if (mounted) {
Navigator.of(context).pop(); // Close Dialog
_onLoginSuccess(session.sessionToken.jwt);
}
}
} catch (e) { } catch (e) {
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop(); // ignore
_showError("Login Failed: $e");
} }
} }
@@ -463,18 +413,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
} }
} }
void _showError(String message) {
if (!mounted) return;
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text(message), backgroundColor: Colors.red),
);
try {
AuthProxyService.logError(message);
} catch (e) {
// ignore
}
}
@override @override
Widget build(BuildContext context) { Widget build(BuildContext context) {
return Scaffold( return Scaffold(
@@ -504,8 +442,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
TabBar( TabBar(
controller: _tabController, controller: _tabController,
tabs: const [ tabs: const [
Tab(text: "이메일"), Tab(text: "로그인"),
Tab(text: "전화번호"),
Tab(text: "QR 코드"), Tab(text: "QR 코드"),
], ],
), ),
@@ -516,69 +453,35 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
child: TabBarView( child: TabBarView(
controller: _tabController, controller: _tabController,
children: [ children: [
// Email Form // Unified Login Form
Padding( Padding(
padding: const EdgeInsets.only(top: 16.0), padding: const EdgeInsets.only(top: 16.0),
child: Column( child: Column(
children: [ children: [
TextField( TextField(
controller: _emailController, controller: _idController,
decoration: const InputDecoration( decoration: const InputDecoration(
labelText: "이메일", labelText: "이메일 또는 휴대폰 번호",
hintText: "",
border: OutlineInputBorder(), border: OutlineInputBorder(),
prefixIcon: Icon(Icons.email_outlined), prefixIcon: Icon(Icons.person_outline),
),
),
const SizedBox(height: 16),
TextField(
controller: _passwordController,
obscureText: true,
decoration: const InputDecoration(
labelText: "비밀번호 (선택)",
border: OutlineInputBorder(),
prefixIcon: Icon(Icons.lock_outline),
), ),
onSubmitted: (_) => _handleLogin(),
), ),
const SizedBox(height: 24), const SizedBox(height: 24),
FilledButton( FilledButton(
onPressed: _handleEmailLogin, onPressed: _handleLogin,
style: FilledButton.styleFrom( style: FilledButton.styleFrom(
minimumSize: const Size.fromHeight(50), minimumSize: const Size.fromHeight(50),
), ),
child: const Text("로그인 / 링크 전송"), child: const Text("로그인 링크 전송"),
),
const SizedBox(height: 16),
const Text(
"입력하신 정보로 로그인 링크를 전송합니다.",
style: TextStyle(color: Colors.grey, fontSize: 12),
textAlign: TextAlign.center,
), ),
],
),
),
// Phone Form
Padding(
padding: const EdgeInsets.only(top: 16.0),
child: Column(
children: [
TextField(
controller: _phoneController,
decoration: const InputDecoration(
labelText: "휴대폰 번호",
hintText: "010-1234-5678",
border: OutlineInputBorder(),
prefixIcon: Icon(Icons.phone_android),
),
),
const SizedBox(height: 24),
FilledButton(
onPressed: _handleSmsLogin,
style: FilledButton.styleFrom(
minimumSize: const Size.fromHeight(50),
),
child: const Text("로그인 링크 전송"),
),
const SizedBox(height: 16),
const Text(
"입력하신 번호로 로그인 링크를 문자로 보내드립니다.",
style: TextStyle(color: Colors.grey, fontSize: 12),
textAlign: TextAlign.center,
),
], ],
), ),
), ),
@@ -586,11 +489,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
// QR Login View // QR Login View
Column( Column(
mainAxisAlignment: MainAxisAlignment.center, mainAxisAlignment: MainAxisAlignment.center,
crossAxisAlignment: CrossAxisAlignment.center,
children: [ children: [
if (_isQrLoading) if (_isQrLoading)
const CircularProgressIndicator() const CircularProgressIndicator()
else if (_qrImageBase64 != null) else if (_qrImageBase64 != null)
Column( Column(
crossAxisAlignment: CrossAxisAlignment.center,
children: [ children: [
Container( Container(
padding: const EdgeInsets.all(16), padding: const EdgeInsets.all(16),
@@ -609,6 +514,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
_qrRemainingSeconds > 0 _qrRemainingSeconds > 0
? "남은 시간: ${_formatTime(_qrRemainingSeconds)}" ? "남은 시간: ${_formatTime(_qrRemainingSeconds)}"
: "QR 코드 만료됨", : "QR 코드 만료됨",
textAlign: TextAlign.center,
style: TextStyle( style: TextStyle(
color: _qrRemainingSeconds > 30 ? Colors.blue : Colors.red, color: _qrRemainingSeconds > 30 ? Colors.blue : Colors.red,
fontWeight: FontWeight.bold, fontWeight: FontWeight.bold,
@@ -617,6 +523,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
const SizedBox(height: 8), const SizedBox(height: 8),
const Text( const Text(
"모바일 앱으로 스캔하세요", "모바일 앱으로 스캔하세요",
textAlign: TextAlign.center,
style: TextStyle(color: Colors.grey, fontSize: 12), style: TextStyle(color: Colors.grey, fontSize: 12),
), ),
TextButton( TextButton(
@@ -626,7 +533,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
], ],
) )
else else
const Text("QR 코드를 불러오지 못했습니다."), const Text("QR 코드를 불러오지 못했습니다.", textAlign: TextAlign.center),
], ],
), ),
], ],

19
frontend/lib/features/dashboard/presentation/dashboard_screen.dart
View File

@@ -67,13 +67,8 @@ class DashboardScreen extends StatelessWidget {
SizedBox( SizedBox(
width: double.infinity, width: double.infinity,
height: 56, height: 56,
child: ElevatedButton.icon( child: ElevatedButton(
onPressed: () => _onScanQR(context), onPressed: () => _onScanQR(context),
icon: const Icon(Icons.qr_code_scanner, size: 28),
label: Text(
'QR 스캔하기',
style: GoogleFonts.notoSans(fontSize: 18, fontWeight: FontWeight.w600),
),
style: ElevatedButton.styleFrom( style: ElevatedButton.styleFrom(
backgroundColor: const Color(0xFF1A1F2C), backgroundColor: const Color(0xFF1A1F2C),
foregroundColor: Colors.white, foregroundColor: Colors.white,
@@ -82,6 +77,18 @@ class DashboardScreen extends StatelessWidget {
borderRadius: BorderRadius.circular(12), borderRadius: BorderRadius.circular(12),
), ),
), ),
child: Row(
mainAxisAlignment: MainAxisAlignment.center,
children: [
const Icon(Icons.qr_code_scanner, size: 28),
const SizedBox(width: 12),
Text(
'QR 스캔하기',
style: GoogleFonts.notoSans(fontSize: 18, fontWeight: FontWeight.w600),
),
const SizedBox(width: 40), // Icon size(28) + Spacing(12) to balance the centering
],
),
), ),
), ),
const SizedBox(height: 16), const SizedBox(height: 16),