1
0
forked from baron/baron-sso

가입 전략 수립

This commit is contained in:
2026-02-19 15:10:36 +09:00
parent e6bfcf465f
commit 5cb713a009
7 changed files with 95 additions and 35 deletions

View File

@@ -23,12 +23,13 @@ type TenantService interface {
}
type tenantService struct {
repo repository.TenantRepository
keto KetoService
repo repository.TenantRepository
userRepo repository.UserRepository
keto KetoService
}
func NewTenantService(repo repository.TenantRepository) TenantService {
return &tenantService{repo: repo}
func NewTenantService(repo repository.TenantRepository, userRepo repository.UserRepository) TenantService {
return &tenantService{repo: repo, userRepo: userRepo}
}
func (s *tenantService) SetKetoService(keto KetoService) {
@@ -136,7 +137,7 @@ func (s *tenantService) RegisterTenant(ctx context.Context, name, slug, descript
// 3. Add Domains (Auto-verify for manual admin registration)
for _, d := range domains {
if err := s.repo.AddDomain(ctx, tenant.ID, d); err != nil {
if err := s.repo.AddDomain(ctx, tenant.ID, d, true); err != nil {
slog.Error("Failed to add domain to tenant", "tenant", slug, "domain", d, "error", err)
}
}
@@ -169,10 +170,7 @@ func (s *tenantService) RequestRegistration(ctx context.Context, name, slug, des
}
// Add Domain as unverified
// TODO: Create a more nuanced AddDomain that takes 'verified' param
// For now, Repo.AddDomain sets verified=true. I should fix Repo or just manually do it here if needed.
// Let's fix Repo later.
if err := s.repo.AddDomain(ctx, tenant.ID, domainName); err != nil {
if err := s.repo.AddDomain(ctx, tenant.ID, domainName, false); err != nil {
return nil, err
}
@@ -192,12 +190,23 @@ func (s *tenantService) ApproveTenant(ctx context.Context, id string) error {
// [Keto] Sync relation
if s.keto != nil {
// 테넌트 자체를 정의 (Zanzibar style)
// 만약 신청 시 관리자 이메일이 있었다면 해당 사용자를 찾아 admin 권한 부여 시도
if adminEmail, ok := tenant.Config["adminEmail"].(string); ok && adminEmail != "" {
slog.Info("Syncing tenant admin to Keto", "tenant", tenant.Slug, "adminEmail", adminEmail)
// 여기서는 나중에 사용자가 가입할 때 처리하거나, 이미 가입된 사용자인지 확인 필요
// 우선 테넌트 관리자 관계 생성 로직은 사용자 가입/역할 변경 시점에 주로 발생하도록 설계
// Check if user already exists in our Read-Model
if s.userRepo != nil {
user, err := s.userRepo.FindByEmail(ctx, adminEmail)
if err == nil && user != nil {
// User exists, assign Admin role in Keto
err = s.keto.CreateRelation(ctx, "Tenant", tenant.ID, "admin", "User:"+user.ID)
if err != nil {
slog.Error("Failed to assign tenant admin in Keto", "tenant", tenant.ID, "user", user.ID, "error", err)
} else {
slog.Info("Assigned tenant admin in Keto", "tenant", tenant.ID, "user", user.ID)
}
} else {
slog.Info("Tenant admin user not found in local DB, will need manual sync or sync on signup", "email", adminEmail)
}
}
}
}