forked from baron/baron-sso
네이버 계정 정합성 맞춤
This commit is contained in:
66
backend/internal/handler/internal_domain_personal_policy.go
Normal file
66
backend/internal/handler/internal_domain_personal_policy.go
Normal file
@@ -0,0 +1,66 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"baron-sso-backend/internal/domain"
|
||||
"context"
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var internalEmailDomainsDisallowedForPersonal = map[string]bool{
|
||||
"brsw.kr": true,
|
||||
"hanmaceng.co.kr": true,
|
||||
"samaneng.com": true,
|
||||
"hallasanup.com": true,
|
||||
"jangheon.co.kr": true,
|
||||
"jangheon.com": true,
|
||||
"pre-cast.co.kr": true,
|
||||
}
|
||||
|
||||
func internalDomainPersonalPolicyMessage(email string) string {
|
||||
return fmt.Sprintf("내부 도메인 사용자는 개인 소속으로 생성하거나 변경할 수 없습니다: %s", strings.ToLower(strings.TrimSpace(email)))
|
||||
}
|
||||
|
||||
func emailUsesInternalPersonalRestrictedDomain(email string) bool {
|
||||
_, domainPart, err := domain.SplitEmailDomain(email)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
return internalEmailDomainsDisallowedForPersonal[strings.ToLower(strings.TrimSpace(domainPart))]
|
||||
}
|
||||
|
||||
func isPersonalTenantForInternalDomainPolicy(tenant *domain.Tenant) bool {
|
||||
if tenant == nil {
|
||||
return false
|
||||
}
|
||||
if strings.EqualFold(strings.TrimSpace(tenant.Type), domain.TenantTypePersonal) {
|
||||
return true
|
||||
}
|
||||
slug := strings.ToLower(strings.TrimSpace(tenant.Slug))
|
||||
return slug == "personal" || strings.HasPrefix(slug, "personal-")
|
||||
}
|
||||
|
||||
func (h *UserHandler) ensureInternalDomainNotAssignedToPersonal(ctx context.Context, email string, tenantID string, tenantSlug string, resolvedTenant *domain.Tenant) error {
|
||||
if !emailUsesInternalPersonalRestrictedDomain(email) {
|
||||
return nil
|
||||
}
|
||||
tenant := resolvedTenant
|
||||
if tenant == nil && h.TenantService != nil {
|
||||
if id := strings.TrimSpace(tenantID); id != "" {
|
||||
if found, err := h.TenantService.GetTenant(ctx, id); err == nil && found != nil {
|
||||
tenant = found
|
||||
}
|
||||
}
|
||||
if tenant == nil {
|
||||
if slug := strings.TrimSpace(tenantSlug); slug != "" {
|
||||
if found, err := h.TenantService.GetTenantBySlug(ctx, slug); err == nil && found != nil {
|
||||
tenant = found
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if isPersonalTenantForInternalDomainPolicy(tenant) {
|
||||
return fmt.Errorf("%s", internalDomainPersonalPolicyMessage(email))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user