forked from baron/baron-sso
Merge pull request 'dev/qr' (#43) from dev/qr into main
Reviewed-on: ai-team/baron-sso#43
This commit is contained in:
@@ -34,4 +34,10 @@ NAVER_CLOUD_SECRET_KEY=ncp_iam_...
|
|||||||
NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:...
|
NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:...
|
||||||
NAVER_SENDER_PHONE_NUMBER=...
|
NAVER_SENDER_PHONE_NUMBER=...
|
||||||
|
|
||||||
|
# --- AWS SES Configuration ---
|
||||||
|
AWS_REGION=ap-northeast-2
|
||||||
|
AWS_ACCESS_KEY_ID=...
|
||||||
|
AWS_SECRET_ACCESS_KEY=...
|
||||||
|
AWS_SES_SENDER=no-reply@baron.co.kr
|
||||||
|
|
||||||
ADMIN_PASSWORD=admin
|
ADMIN_PASSWORD=admin
|
||||||
@@ -132,6 +132,9 @@ func main() {
|
|||||||
auth.Post("/magic-link/verify", authHandler.VerifyMagicLink)
|
auth.Post("/magic-link/verify", authHandler.VerifyMagicLink)
|
||||||
auth.Post("/sms", authHandler.SendSms)
|
auth.Post("/sms", authHandler.SendSms)
|
||||||
auth.Post("/verify-sms", authHandler.VerifySms)
|
auth.Post("/verify-sms", authHandler.VerifySms)
|
||||||
|
auth.Post("/qr/init", authHandler.InitQRLogin)
|
||||||
|
auth.Post("/qr/poll", authHandler.PollQRLogin)
|
||||||
|
auth.Post("/qr/approve", authHandler.ScanQRLogin)
|
||||||
|
|
||||||
// Admin Routes
|
// Admin Routes
|
||||||
admin := api.Group("/admin")
|
admin := api.Group("/admin")
|
||||||
|
|||||||
@@ -12,6 +12,21 @@ require (
|
|||||||
require (
|
require (
|
||||||
github.com/ClickHouse/ch-go v0.69.0 // indirect
|
github.com/ClickHouse/ch-go v0.69.0 // indirect
|
||||||
github.com/andybalholm/brotli v1.2.0 // indirect
|
github.com/andybalholm/brotli v1.2.0 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2 v1.41.1 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/config v1.32.7 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/credentials v1.19.7 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/ses v1.34.18 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 // indirect
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 // indirect
|
||||||
|
github.com/aws/smithy-go v1.24.0 // indirect
|
||||||
github.com/bwmarrin/snowflake v0.3.0 // indirect
|
github.com/bwmarrin/snowflake v0.3.0 // indirect
|
||||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
|
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
|
||||||
|
|||||||
@@ -4,6 +4,36 @@ github.com/ClickHouse/clickhouse-go/v2 v2.42.0 h1:MdujEfIrpXesQUH0k0AnuVtJQXk6RZ
|
|||||||
github.com/ClickHouse/clickhouse-go/v2 v2.42.0/go.mod h1:riWnuo4YMVdajYll0q6FzRBomdyCrXyFY3VXeXczA8s=
|
github.com/ClickHouse/clickhouse-go/v2 v2.42.0/go.mod h1:riWnuo4YMVdajYll0q6FzRBomdyCrXyFY3VXeXczA8s=
|
||||||
github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
|
github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
|
||||||
github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
|
github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
|
||||||
|
github.com/aws/aws-sdk-go-v2 v1.41.1 h1:ABlyEARCDLN034NhxlRUSZr4l71mh+T5KAeGh6cerhU=
|
||||||
|
github.com/aws/aws-sdk-go-v2 v1.41.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
|
||||||
|
github.com/aws/aws-sdk-go-v2/config v1.32.7 h1:vxUyWGUwmkQ2g19n7JY/9YL8MfAIl7bTesIUykECXmY=
|
||||||
|
github.com/aws/aws-sdk-go-v2/config v1.32.7/go.mod h1:2/Qm5vKUU/r7Y+zUk/Ptt2MDAEKAfUtKc1+3U1Mo3oY=
|
||||||
|
github.com/aws/aws-sdk-go-v2/credentials v1.19.7 h1:tHK47VqqtJxOymRrNtUXN5SP/zUTvZKeLx4tH6PGQc8=
|
||||||
|
github.com/aws/aws-sdk-go-v2/credentials v1.19.7/go.mod h1:qOZk8sPDrxhf+4Wf4oT2urYJrYt3RejHSzgAquYeppw=
|
||||||
|
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 h1:I0GyV8wiYrP8XpA70g1HBcQO1JlQxCMTW9npl5UbDHY=
|
||||||
|
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17/go.mod h1:tyw7BOl5bBe/oqvoIeECFJjMdzXoa/dfVz3QQ5lgHGA=
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 h1:xOLELNKGp2vsiteLsvLPwxC+mYmO6OZ8PYgiuPJzF8U=
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17/go.mod h1:5M5CI3D12dNOtH3/mk6minaRwI2/37ifCURZISxA/IQ=
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 h1:WWLqlh79iO48yLkj1v3ISRNiv+3KdQoZ6JWyfcsyQik=
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17/go.mod h1:EhG22vHRrvF8oXSTYStZhJc1aUgKtnJe+aOiFEV90cM=
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
|
||||||
|
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 h1:RuNSMoozM8oXlgLG/n6WLaFGoea7/CddrCfIiSA+xdY=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17/go.mod h1:F2xxQ9TZz5gDWsclCtPQscGpP0VUOc8RqgFM3vDENmU=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/ses v1.34.18 h1:2Lnd3ZNTyWpFJJM55y0mP0aESovm+vFuFEwLijucUL8=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/ses v1.34.18/go.mod h1:BLwHw6wdkA6NfnW/cFaVcvpwdIXHLAkpe6nsLF9BVww=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 h1:VrhDvQib/i0lxvr3zqlUwLwJP4fpmpyD9wYG1vfSu+Y=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5/go.mod h1:k029+U8SY30/3/ras4G/Fnv/b88N4mAfliNn08Dem4M=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 h1:v6EiMvhEYBoHABfbGB4alOYmCIrcgyPPiBE1wZAEbqk=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9/go.mod h1:yifAsgBxgJWn3ggx70A3urX2AN49Y5sJTD1UQFlfqBw=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 h1:gd84Omyu9JLriJVCbGApcLzVR3XtmC4ZDPcAI6Ftvds=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13/go.mod h1:sTGThjphYE4Ohw8vJiRStAcu3rbjtXRsdNB0TvZ5wwo=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 h1:5fFjR/ToSOzB2OQ/XqWpZBmNvmP/pJ1jOWYlFDJTjRQ=
|
||||||
|
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6/go.mod h1:qgFDZQSD/Kys7nJnVqYlWKnh0SSdMjAi0uSwON4wgYQ=
|
||||||
|
github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk=
|
||||||
|
github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
|
||||||
github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0=
|
github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0=
|
||||||
github.com/bwmarrin/snowflake v0.3.0/go.mod h1:NdZxfVWX+oR6y2K0o6qAYv6gIOP9rjG0/E9WsDpxqwE=
|
github.com/bwmarrin/snowflake v0.3.0/go.mod h1:NdZxfVWX+oR6y2K0o6qAYv6gIOP9rjG0/E9WsDpxqwE=
|
||||||
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
|
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
|
||||||
|
|||||||
@@ -25,3 +25,9 @@ type EnchantedLinkPollResponse struct {
|
|||||||
type MagicLinkVerifyRequest struct {
|
type MagicLinkVerifyRequest struct {
|
||||||
Token string `json:"token"`
|
Token string `json:"token"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type QRInitResponse struct {
|
||||||
|
QRCode string `json:"qrCode"` // Base64 or URL
|
||||||
|
PendingRef string `json:"pendingRef"`
|
||||||
|
ExpiresIn int `json:"expiresIn"`
|
||||||
|
}
|
||||||
6
backend/internal/domain/email_models.go
Normal file
6
backend/internal/domain/email_models.go
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
package domain
|
||||||
|
|
||||||
|
// EmailService defines the interface for sending emails.
|
||||||
|
type EmailService interface {
|
||||||
|
SendEmail(to, subject, body string) error
|
||||||
|
}
|
||||||
@@ -35,6 +35,7 @@ const (
|
|||||||
type AuthHandler struct {
|
type AuthHandler struct {
|
||||||
ProjectID string
|
ProjectID string
|
||||||
SmsService domain.SmsService
|
SmsService domain.SmsService
|
||||||
|
EmailService domain.EmailService
|
||||||
RedisService *service.RedisService
|
RedisService *service.RedisService
|
||||||
DescopeClient *client.DescopeClient
|
DescopeClient *client.DescopeClient
|
||||||
}
|
}
|
||||||
@@ -71,6 +72,7 @@ func NewAuthHandler() *AuthHandler {
|
|||||||
return &AuthHandler{
|
return &AuthHandler{
|
||||||
ProjectID: projectID,
|
ProjectID: projectID,
|
||||||
SmsService: service.NewSmsService(),
|
SmsService: service.NewSmsService(),
|
||||||
|
EmailService: service.NewEmailService(),
|
||||||
RedisService: redisService,
|
RedisService: redisService,
|
||||||
DescopeClient: descopeClient,
|
DescopeClient: descopeClient,
|
||||||
}
|
}
|
||||||
@@ -143,24 +145,52 @@ func (h *AuthHandler) InitEnchantedLink(c *fiber.Ctx) error {
|
|||||||
h.RedisService.Set(prefixSession+pendingRef, fmt.Sprintf(`{"status":"%s"}`, statusPending), defaultExpiration)
|
h.RedisService.Set(prefixSession+pendingRef, fmt.Sprintf(`{"status":"%s"}`, statusPending), defaultExpiration)
|
||||||
h.RedisService.Set(prefixToken+token, fmt.Sprintf(`{"pendingRef":"%s","loginId":"%s"}`, pendingRef, loginID), defaultExpiration)
|
h.RedisService.Set(prefixToken+token, fmt.Sprintf(`{"pendingRef":"%s","loginId":"%s"}`, pendingRef, loginID), defaultExpiration)
|
||||||
|
|
||||||
// Send SMS
|
// Generate Link
|
||||||
frontendURL := os.Getenv("FRONTEND_URL")
|
frontendURL := os.Getenv("FRONTEND_URL")
|
||||||
if frontendURL == "" {
|
if frontendURL == "" {
|
||||||
frontendURL = "http://ssologin.hmac.kr"
|
frontendURL = "http://ssologin.hmac.kr"
|
||||||
}
|
}
|
||||||
link := fmt.Sprintf("%s/verify/%s", frontendURL, token)
|
link := fmt.Sprintf("%s/verify/%s", frontendURL, token)
|
||||||
content := fmt.Sprintf("[Baron SSO] 로그인 링크: %s", link)
|
|
||||||
|
|
||||||
log.Printf("[Enchanted] Sending SMS to %s via Naver Cloud", loginID)
|
// Route based on LoginID type
|
||||||
|
if strings.Contains(loginID, "@") {
|
||||||
|
// Send Email
|
||||||
|
if h.EmailService == nil {
|
||||||
|
log.Printf("[Enchanted] Email Service not configured")
|
||||||
|
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Email service not configured"})
|
||||||
|
}
|
||||||
|
|
||||||
if err := h.SmsService.SendSms(loginID, content); err != nil {
|
subject := "[Baron SSO] 로그인 링크"
|
||||||
log.Printf("[Enchanted] SMS Failed: %v", err)
|
body := fmt.Sprintf(`
|
||||||
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send SMS"})
|
<div style="font-family: sans-serif; padding: 20px; border: 1px solid #eee; border-radius: 10px; max-width: 500px;">
|
||||||
|
<h2 style="color: #1A1F2C;">Baron SSO 로그인</h2>
|
||||||
|
<p>안녕하세요,</p>
|
||||||
|
<p>아래 버튼을 클릭하여 로그인을 완료해 주세요. 이 링크는 5분 동안 유효합니다.</p>
|
||||||
|
<div style="margin: 30px 0;">
|
||||||
|
<a href="%s" style="background-color: #1A1F2C; color: white; padding: 12px 24px; text-decoration: none; border-radius: 5px; font-weight: bold;">로그인 완료하기</a>
|
||||||
|
</div>
|
||||||
|
<p style="font-size: 12px; color: #888;">만약 본인이 요청하지 않았다면 이 메일을 무시하셔도 됩니다.</p>
|
||||||
|
</div>
|
||||||
|
`, link)
|
||||||
|
|
||||||
|
log.Printf("[Enchanted] Sending Email to %s via AWS SES", loginID)
|
||||||
|
if err := h.EmailService.SendEmail(loginID, subject, body); err != nil {
|
||||||
|
log.Printf("[Enchanted] Email Failed: %v", err)
|
||||||
|
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send Email"})
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Send SMS
|
||||||
|
content := fmt.Sprintf("[Baron SSO] 로그인 링크: %s", link)
|
||||||
|
log.Printf("[Enchanted] Sending SMS to %s via Naver Cloud", loginID)
|
||||||
|
|
||||||
|
if err := h.SmsService.SendSms(loginID, content); err != nil {
|
||||||
|
log.Printf("[Enchanted] SMS Failed: %v", err)
|
||||||
|
return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to send SMS"})
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("[Enchanted] SMS sent successfully to %s", loginID)
|
|
||||||
return c.JSON(fiber.Map{
|
return c.JSON(fiber.Map{
|
||||||
"linkId": "SMS Sent",
|
"linkId": "Sent",
|
||||||
"pendingRef": pendingRef,
|
"pendingRef": pendingRef,
|
||||||
"maskedEmail": loginID,
|
"maskedEmail": loginID,
|
||||||
})
|
})
|
||||||
@@ -230,8 +260,8 @@ func (h *AuthHandler) VerifyMagicLink(c *fiber.Ctx) error {
|
|||||||
if strings.HasPrefix(searchPhone, "010") {
|
if strings.HasPrefix(searchPhone, "010") {
|
||||||
searchPhone = "+82" + searchPhone[1:]
|
searchPhone = "+82" + searchPhone[1:]
|
||||||
} else if strings.HasPrefix(searchPhone, "82") {
|
} else if strings.HasPrefix(searchPhone, "82") {
|
||||||
searchPhone = "+" + searchPhone
|
searchPhone = "+" + searchPhone
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("[Verify] Searching for user with phone: %s", searchPhone)
|
log.Printf("[Verify] Searching for user with phone: %s", searchPhone)
|
||||||
@@ -310,6 +340,87 @@ func (h *AuthHandler) VerifyMagicLink(c *fiber.Ctx) error {
|
|||||||
"message": "Login successful",
|
"message": "Login successful",
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// InitQRLogin - Step 1: Web 패널에서 QR 로그인 세션을 생성합니다.
|
||||||
|
func (h *AuthHandler) InitQRLogin(c *fiber.Ctx) error {
|
||||||
|
pendingRef := GenerateSecureToken(16)
|
||||||
|
|
||||||
|
// QR 코드 페이로드를 실제 접속 가능한 URL로 변경합니다.
|
||||||
|
frontendURL := os.Getenv("FRONTEND_URL")
|
||||||
|
if frontendURL == "" {
|
||||||
|
frontendURL = "https://ssologin.hmac.kr"
|
||||||
|
}
|
||||||
|
qrPayload := fmt.Sprintf("%s/approve?ref=%s", frontendURL, pendingRef)
|
||||||
|
|
||||||
|
log.Printf("[QR] Init: PendingRef=%s, URL=%s", pendingRef, qrPayload)
|
||||||
|
|
||||||
|
// Redis에 초기 상태 저장 (5분 만료)
|
||||||
|
h.RedisService.Set(prefixSession+pendingRef, fmt.Sprintf(`{"status":"%s"}`, statusPending), 5*time.Minute)
|
||||||
|
|
||||||
|
return c.JSON(fiber.Map{
|
||||||
|
"qrCode": qrPayload, // 프론트엔드에서 이 텍스트로 QR을 생성하거나, 이미지를 반환
|
||||||
|
"pendingRef": pendingRef,
|
||||||
|
"expiresIn": 300,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// PollQRLogin - Step 2: 웹에서 승인 여부를 폴링합니다.
|
||||||
|
func (h *AuthHandler) PollQRLogin(c *fiber.Ctx) error {
|
||||||
|
var req struct {
|
||||||
|
PendingRef string `json:"pendingRef"`
|
||||||
|
}
|
||||||
|
if err := c.BodyParser(&req); err != nil {
|
||||||
|
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid body"})
|
||||||
|
}
|
||||||
|
|
||||||
|
val, err := h.RedisService.Get(prefixSession + req.PendingRef)
|
||||||
|
if err != nil || val == "" {
|
||||||
|
return c.JSON(fiber.Map{"status": "expired"})
|
||||||
|
}
|
||||||
|
|
||||||
|
var data map[string]string
|
||||||
|
json.Unmarshal([]byte(val), &data)
|
||||||
|
|
||||||
|
if data["status"] == statusSuccess {
|
||||||
|
return c.JSON(fiber.Map{
|
||||||
|
"status": "ok",
|
||||||
|
"sessionJwt": data["jwt"],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(fiber.Map{"status": statusPending})
|
||||||
|
}
|
||||||
|
|
||||||
|
// ScanQRLogin - Step 3: 모바일 앱에서 QR 스캔 후 승인할 때 호출합니다.
|
||||||
|
// (이미 로그인된 세션이 필요함)
|
||||||
|
func (h *AuthHandler) ScanQRLogin(c *fiber.Ctx) error {
|
||||||
|
var req struct {
|
||||||
|
PendingRef string `json:"pendingRef"`
|
||||||
|
Token string `json:"token"` // 모바일 사용자의 세션 토큰 (검증용)
|
||||||
|
}
|
||||||
|
if err := c.BodyParser(&req); err != nil {
|
||||||
|
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid body"})
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("[QR] Scan & Approve: PendingRef=%s", req.PendingRef)
|
||||||
|
|
||||||
|
// 1. Redis에서 세션 확인
|
||||||
|
val, err := h.RedisService.Get(prefixSession + req.PendingRef)
|
||||||
|
if err != nil || val == "" {
|
||||||
|
return c.Status(fiber.StatusNotFound).JSON(fiber.Map{"error": "Session expired or not found"})
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2. 모바일 유저의 토큰으로 새 세션 토큰(웹용)을 발행하거나 그대로 전달
|
||||||
|
|
||||||
|
sessionData, _ := json.Marshal(map[string]string{
|
||||||
|
"status": statusSuccess,
|
||||||
|
"jwt": req.Token,
|
||||||
|
})
|
||||||
|
h.RedisService.Set(prefixSession+req.PendingRef, string(sessionData), 5*time.Minute)
|
||||||
|
|
||||||
|
return c.JSON(fiber.Map{"message": "QR Login Approved"})
|
||||||
|
}
|
||||||
|
|
||||||
// ProxyToDescope (Placeholder)
|
// ProxyToDescope (Placeholder)
|
||||||
func (h *AuthHandler) ProxyToDescope(c *fiber.Ctx, path string, payload interface{}) error {
|
func (h *AuthHandler) ProxyToDescope(c *fiber.Ctx, path string, payload interface{}) error {
|
||||||
return c.Status(501).SendString("Descope Proxy Disabled")
|
return c.Status(501).SendString("Descope Proxy Disabled")
|
||||||
|
|||||||
79
backend/internal/service/ses_service.go
Normal file
79
backend/internal/service/ses_service.go
Normal file
@@ -0,0 +1,79 @@
|
|||||||
|
package service
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
|
||||||
|
"baron-sso-backend/internal/domain"
|
||||||
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
|
"github.com/aws/aws-sdk-go-v2/config"
|
||||||
|
"github.com/aws/aws-sdk-go-v2/credentials"
|
||||||
|
"github.com/aws/aws-sdk-go-v2/service/ses"
|
||||||
|
"github.com/aws/aws-sdk-go-v2/service/ses/types"
|
||||||
|
)
|
||||||
|
|
||||||
|
type SesServiceImpl struct {
|
||||||
|
client *ses.Client
|
||||||
|
sender string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewEmailService() domain.EmailService {
|
||||||
|
region := os.Getenv("AWS_REGION")
|
||||||
|
accessKey := os.Getenv("AWS_ACCESS_KEY_ID")
|
||||||
|
secretKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
|
||||||
|
sender := os.Getenv("AWS_SES_SENDER")
|
||||||
|
|
||||||
|
if region == "" || accessKey == "" || secretKey == "" {
|
||||||
|
log.Println("[EmailService] AWS configuration missing, email service will not work")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
cfg, err := config.LoadDefaultConfig(context.TODO(),
|
||||||
|
config.WithRegion(region),
|
||||||
|
config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("[EmailService] Failed to load AWS config: %v", err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return &SesServiceImpl{
|
||||||
|
client: ses.NewFromConfig(cfg),
|
||||||
|
sender: sender,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SesServiceImpl) SendEmail(to, subject, body string) error {
|
||||||
|
if s == nil || s.client == nil {
|
||||||
|
return fmt.Errorf("email service not initialized")
|
||||||
|
}
|
||||||
|
|
||||||
|
input := &ses.SendEmailInput{
|
||||||
|
Destination: &types.Destination{
|
||||||
|
ToAddresses: []string{to},
|
||||||
|
},
|
||||||
|
Message: &types.Message{
|
||||||
|
Body: &types.Body{
|
||||||
|
Html: &types.Content{
|
||||||
|
Charset: aws.String("UTF-8"),
|
||||||
|
Data: aws.String(body),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Subject: &types.Content{
|
||||||
|
Charset: aws.String("UTF-8"),
|
||||||
|
Data: aws.String(subject),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Source: aws.String(s.sender),
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := s.client.SendEmail(context.TODO(), input)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("[EmailService] Failed to send email to %s: %v", to, err)
|
||||||
|
} else {
|
||||||
|
log.Printf("[EmailService] Email sent successfully to %s", to)
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
@@ -1,4 +1,5 @@
|
|||||||
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
|
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
|
||||||
|
<uses-permission android:name="android.permission.CAMERA"/>
|
||||||
<application
|
<application
|
||||||
android:label="frontend"
|
android:label="frontend"
|
||||||
android:name="${applicationName}"
|
android:name="${applicationName}"
|
||||||
|
|||||||
@@ -43,6 +43,8 @@
|
|||||||
</array>
|
</array>
|
||||||
<key>CADisableMinimumFrameDurationOnPhone</key>
|
<key>CADisableMinimumFrameDurationOnPhone</key>
|
||||||
<true/>
|
<true/>
|
||||||
|
<key>NSCameraUsageDescription</key>
|
||||||
|
<string>This app requires camera access to scan QR codes for login.</string>
|
||||||
<key>UIApplicationSupportsIndirectInputEvents</key>
|
<key>UIApplicationSupportsIndirectInputEvents</key>
|
||||||
<true/>
|
<true/>
|
||||||
</dict>
|
</dict>
|
||||||
|
|||||||
9
frontend/lib/core/notifiers/auth_notifier.dart
Normal file
9
frontend/lib/core/notifiers/auth_notifier.dart
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
import 'package:flutter/foundation.dart';
|
||||||
|
|
||||||
|
class AuthNotifier extends ChangeNotifier {
|
||||||
|
static final AuthNotifier instance = AuthNotifier();
|
||||||
|
|
||||||
|
void notify() {
|
||||||
|
notifyListeners();
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -48,7 +48,7 @@ class AuthProxyService {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static Future<void> verifyMagicLink(String token) async {
|
static Future<Map<String, dynamic>> verifyMagicLink(String token) async {
|
||||||
final url = Uri.parse('$_baseUrl/api/v1/auth/magic-link/verify');
|
final url = Uri.parse('$_baseUrl/api/v1/auth/magic-link/verify');
|
||||||
|
|
||||||
final response = await http.post(
|
final response = await http.post(
|
||||||
@@ -59,7 +59,9 @@ class AuthProxyService {
|
|||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
|
|
||||||
if (response.statusCode != 200) {
|
if (response.statusCode == 200) {
|
||||||
|
return jsonDecode(response.body);
|
||||||
|
} else {
|
||||||
throw Exception('Verification failed: ${response.body}');
|
throw Exception('Verification failed: ${response.body}');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -99,6 +101,51 @@ class AuthProxyService {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static Future<Map<String, dynamic>> initQrLogin() async {
|
||||||
|
final url = Uri.parse('$_baseUrl/api/v1/auth/qr/init');
|
||||||
|
final response = await http.post(
|
||||||
|
url,
|
||||||
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
);
|
||||||
|
|
||||||
|
if (response.statusCode == 200) {
|
||||||
|
return jsonDecode(response.body);
|
||||||
|
} else {
|
||||||
|
throw Exception('Failed to init QR login: ${response.body}');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static Future<Map<String, dynamic>> pollQrStatus(String pendingRef) async {
|
||||||
|
final url = Uri.parse('$_baseUrl/api/v1/auth/qr/poll');
|
||||||
|
final response = await http.post(
|
||||||
|
url,
|
||||||
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
body: jsonEncode({'pendingRef': pendingRef}),
|
||||||
|
);
|
||||||
|
|
||||||
|
if (response.statusCode == 200) {
|
||||||
|
return jsonDecode(response.body);
|
||||||
|
} else {
|
||||||
|
throw Exception('QR Polling failed: ${response.body}');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static Future<void> approveQrLogin(String pendingRef, String token) async {
|
||||||
|
final url = Uri.parse('$_baseUrl/api/v1/auth/qr/approve'); // Mapping to ScanQRLogin on backend
|
||||||
|
final response = await http.post(
|
||||||
|
url,
|
||||||
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
body: jsonEncode({
|
||||||
|
'pendingRef': pendingRef,
|
||||||
|
'token': token,
|
||||||
|
}),
|
||||||
|
);
|
||||||
|
|
||||||
|
if (response.statusCode != 200) {
|
||||||
|
throw Exception('QR Approval failed: ${response.body}');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static Future<bool> checkAdminAuth(String adminPassword) async {
|
static Future<bool> checkAdminAuth(String adminPassword) async {
|
||||||
final url = Uri.parse('$_baseUrl/api/v1/admin/check');
|
final url = Uri.parse('$_baseUrl/api/v1/admin/check');
|
||||||
try {
|
try {
|
||||||
|
|||||||
122
frontend/lib/features/auth/presentation/approve_qr_screen.dart
Normal file
122
frontend/lib/features/auth/presentation/approve_qr_screen.dart
Normal file
@@ -0,0 +1,122 @@
|
|||||||
|
import 'package:flutter/material.dart';
|
||||||
|
import 'package:descope/descope.dart';
|
||||||
|
import 'package:go_router/go_router.dart';
|
||||||
|
import '../../../../core/services/auth_proxy_service.dart';
|
||||||
|
|
||||||
|
class ApproveQrScreen extends StatefulWidget {
|
||||||
|
final String? pendingRef;
|
||||||
|
const ApproveQrScreen({super.key, this.pendingRef});
|
||||||
|
|
||||||
|
@override
|
||||||
|
State<ApproveQrScreen> createState() => _ApproveQrScreenState();
|
||||||
|
}
|
||||||
|
|
||||||
|
class _ApproveQrScreenState extends State<ApproveQrScreen> {
|
||||||
|
bool _isLoading = false;
|
||||||
|
String? _message;
|
||||||
|
bool _success = false;
|
||||||
|
|
||||||
|
Future<void> _handleApprove() async {
|
||||||
|
if (widget.pendingRef == null) return;
|
||||||
|
|
||||||
|
final session = Descope.sessionManager.session;
|
||||||
|
if (session == null || session.refreshToken.isExpired) {
|
||||||
|
setState(() => _message = "Please log in on your phone first.");
|
||||||
|
context.go('/'); // Redirect to login
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
setState(() {
|
||||||
|
_isLoading = true;
|
||||||
|
_message = null;
|
||||||
|
});
|
||||||
|
// jwt 유효성 확인
|
||||||
|
try {
|
||||||
|
await AuthProxyService.approveQrLogin(
|
||||||
|
widget.pendingRef!,
|
||||||
|
session.sessionToken.jwt,
|
||||||
|
);
|
||||||
|
setState(() {
|
||||||
|
_success = true;
|
||||||
|
_message = "Login Approved! Your browser should now be logged in.";
|
||||||
|
});
|
||||||
|
|
||||||
|
// Automatically go to dashboard after a short delay
|
||||||
|
Future.delayed(const Duration(seconds: 1), () {
|
||||||
|
if (mounted) context.go('/dashboard');
|
||||||
|
});
|
||||||
|
} catch (e) {
|
||||||
|
setState(() => _message = "Error: $e");
|
||||||
|
} finally {
|
||||||
|
setState(() => _isLoading = false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@override
|
||||||
|
Widget build(BuildContext context) {
|
||||||
|
final isLoggedIn = Descope.sessionManager.session?.refreshToken.isExpired == false;
|
||||||
|
|
||||||
|
return Scaffold(
|
||||||
|
appBar: AppBar(title: const Text("QR Login Approval")),
|
||||||
|
body: Center(
|
||||||
|
child: Padding(
|
||||||
|
padding: const EdgeInsets.all(24.0),
|
||||||
|
child: Column(
|
||||||
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
|
children: [
|
||||||
|
const Icon(Icons.phonelink_lock, size: 80, color: Colors.blue),
|
||||||
|
const SizedBox(height: 24),
|
||||||
|
const Text(
|
||||||
|
"Web Login Request",
|
||||||
|
style: TextStyle(fontSize: 22, fontWeight: FontWeight.bold),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 16),
|
||||||
|
Text(
|
||||||
|
"A computer is trying to log in using this QR code.",
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
style: TextStyle(color: Colors.grey.shade600),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 40),
|
||||||
|
|
||||||
|
if (_message != null)
|
||||||
|
Padding(
|
||||||
|
padding: const EdgeInsets.only(bottom: 20),
|
||||||
|
child: Text(
|
||||||
|
_message!,
|
||||||
|
style: TextStyle(color: _success ? Colors.green : Colors.red, fontWeight: FontWeight.bold),
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
|
||||||
|
if (!_success)
|
||||||
|
FilledButton.icon(
|
||||||
|
onPressed: _isLoading || !isLoggedIn ? null : _handleApprove,
|
||||||
|
icon: const Icon(Icons.check_circle),
|
||||||
|
label: const Text("Approve Login"),
|
||||||
|
style: FilledButton.styleFrom(
|
||||||
|
minimumSize: const Size.fromHeight(60),
|
||||||
|
backgroundColor: Colors.blue,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
|
||||||
|
if (!isLoggedIn && !_success)
|
||||||
|
Padding(
|
||||||
|
padding: const EdgeInsets.only(top: 16),
|
||||||
|
child: TextButton(
|
||||||
|
onPressed: () => context.go('/'),
|
||||||
|
child: const Text("Login on this device first"),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
|
||||||
|
if (_success)
|
||||||
|
FilledButton(
|
||||||
|
onPressed: () => context.go('/dashboard'),
|
||||||
|
child: const Text("Go to My Dashboard"),
|
||||||
|
),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,3 +1,5 @@
|
|||||||
|
import 'dart:async';
|
||||||
|
import 'dart:convert';
|
||||||
import 'package:flutter/material.dart';
|
import 'package:flutter/material.dart';
|
||||||
import 'package:flutter_riverpod/flutter_riverpod.dart';
|
import 'package:flutter_riverpod/flutter_riverpod.dart';
|
||||||
import 'package:flutter_dotenv/flutter_dotenv.dart';
|
import 'package:flutter_dotenv/flutter_dotenv.dart';
|
||||||
@@ -5,9 +7,11 @@ import 'package:google_fonts/google_fonts.dart';
|
|||||||
import 'package:descope/descope.dart';
|
import 'package:descope/descope.dart';
|
||||||
import 'package:go_router/go_router.dart';
|
import 'package:go_router/go_router.dart';
|
||||||
import 'package:url_launcher/url_launcher_string.dart';
|
import 'package:url_launcher/url_launcher_string.dart';
|
||||||
|
import 'package:qr_flutter/qr_flutter.dart';
|
||||||
import '../../../core/services/audit_service.dart';
|
import '../../../core/services/audit_service.dart';
|
||||||
import '../../../core/services/web_auth_integration.dart';
|
import '../../../core/services/web_auth_integration.dart';
|
||||||
import '../../../core/services/auth_proxy_service.dart';
|
import '../../../core/services/auth_proxy_service.dart';
|
||||||
|
import '../../../core/notifiers/auth_notifier.dart';
|
||||||
|
|
||||||
class LoginScreen extends ConsumerStatefulWidget {
|
class LoginScreen extends ConsumerStatefulWidget {
|
||||||
final String? verificationToken;
|
final String? verificationToken;
|
||||||
@@ -20,17 +24,24 @@ class LoginScreen extends ConsumerStatefulWidget {
|
|||||||
class _LoginScreenState extends ConsumerState<LoginScreen>
|
class _LoginScreenState extends ConsumerState<LoginScreen>
|
||||||
with SingleTickerProviderStateMixin {
|
with SingleTickerProviderStateMixin {
|
||||||
late TabController _tabController;
|
late TabController _tabController;
|
||||||
final TextEditingController _emailController = TextEditingController();
|
final TextEditingController _idController = TextEditingController();
|
||||||
final TextEditingController _passwordController = TextEditingController();
|
final TextEditingController _smsCodeController = TextEditingController(); // Keep if needed for verification inputs later? Actually not used in link flow.
|
||||||
final TextEditingController _phoneController = TextEditingController();
|
|
||||||
final TextEditingController _smsCodeController = TextEditingController();
|
|
||||||
bool _smsSent = false;
|
bool _smsSent = false;
|
||||||
String? _redirectUrl;
|
String? _redirectUrl;
|
||||||
|
|
||||||
|
// QR Login Variables
|
||||||
|
String? _qrImageBase64;
|
||||||
|
String? _qrPendingRef;
|
||||||
|
bool _isQrLoading = false;
|
||||||
|
Timer? _qrPollingTimer;
|
||||||
|
int _qrRemainingSeconds = 0;
|
||||||
|
Timer? _qrCountdownTimer;
|
||||||
|
|
||||||
@override
|
@override
|
||||||
void initState() {
|
void initState() {
|
||||||
super.initState();
|
super.initState();
|
||||||
_tabController = TabController(length: 2, vsync: this, initialIndex: 1);
|
_tabController = TabController(length: 2, vsync: this);
|
||||||
|
_tabController.addListener(_handleTabSelection);
|
||||||
|
|
||||||
// Check for tokens (Path Parameter or Legacy Query Parameter)
|
// Check for tokens (Path Parameter or Legacy Query Parameter)
|
||||||
WidgetsBinding.instance.addPostFrameCallback((_) {
|
WidgetsBinding.instance.addPostFrameCallback((_) {
|
||||||
@@ -50,15 +61,151 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Helper to decode JWT and get loginId
|
||||||
|
String _getLoginIdFromJwt(String jwt) {
|
||||||
|
try {
|
||||||
|
final parts = jwt.split('.');
|
||||||
|
if (parts.length != 3) return 'User';
|
||||||
|
|
||||||
|
final payload = utf8.decode(base64Url.decode(base64Url.normalize(parts[1])));
|
||||||
|
final data = json.decode(payload);
|
||||||
|
// Descope tokens usually have 'name', 'email', or 'sub'
|
||||||
|
return data['name'] ?? data['email'] ?? data['sub'] ?? 'User';
|
||||||
|
} catch (e) {
|
||||||
|
debugPrint("[JWT] Decode error: $e");
|
||||||
|
return 'User';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void _handleTabSelection() {
|
||||||
|
if (_tabController.index == 1 && _qrPendingRef == null) {
|
||||||
|
_startQrFlow();
|
||||||
|
} else if (_tabController.index != 1) {
|
||||||
|
_stopQrPolling();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Future<void> _startQrFlow() async {
|
||||||
|
if (_isQrLoading) return;
|
||||||
|
setState(() {
|
||||||
|
_isQrLoading = true;
|
||||||
|
_qrImageBase64 = null;
|
||||||
|
_qrRemainingSeconds = 0;
|
||||||
|
});
|
||||||
|
|
||||||
|
try {
|
||||||
|
final res = await AuthProxyService.initQrLogin();
|
||||||
|
if (mounted) {
|
||||||
|
setState(() {
|
||||||
|
_qrImageBase64 = res['qrCode'];
|
||||||
|
_qrPendingRef = res['pendingRef'];
|
||||||
|
_qrRemainingSeconds = res['expiresIn'] ?? 300;
|
||||||
|
_isQrLoading = false;
|
||||||
|
});
|
||||||
|
_startQrPolling();
|
||||||
|
_startCountdown();
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
_showError("Failed to init QR: $e");
|
||||||
|
if (mounted) setState(() => _isQrLoading = false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void _startCountdown() {
|
||||||
|
_qrCountdownTimer?.cancel();
|
||||||
|
_qrCountdownTimer = Timer.periodic(const Duration(seconds: 1), (timer) {
|
||||||
|
if (!mounted || _qrRemainingSeconds <= 0) {
|
||||||
|
timer.cancel();
|
||||||
|
if (_qrRemainingSeconds <= 0) _stopQrPolling();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
setState(() {
|
||||||
|
_qrRemainingSeconds--;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
void _startQrPolling() {
|
||||||
|
_qrPollingTimer?.cancel();
|
||||||
|
_qrPollingTimer = Timer.periodic(const Duration(milliseconds: 1500), (timer) async {
|
||||||
|
if (_qrPendingRef == null || !mounted || _qrRemainingSeconds <= 0) {
|
||||||
|
timer.cancel();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
final res = await AuthProxyService.pollQrStatus(_qrPendingRef!);
|
||||||
|
if (res['status'] == 'ok' && res['sessionJwt'] != null) {
|
||||||
|
timer.cancel();
|
||||||
|
_qrCountdownTimer?.cancel();
|
||||||
|
|
||||||
|
final jwt = res['sessionJwt'];
|
||||||
|
final displayName = _getLoginIdFromJwt(jwt);
|
||||||
|
// Create User & Session for Descope SDK
|
||||||
|
final dummyUser = DescopeUser(
|
||||||
|
'unknown', // userId
|
||||||
|
[], // loginIds
|
||||||
|
0, // createdAt
|
||||||
|
displayName, // name
|
||||||
|
null, // picture (Uri?)
|
||||||
|
'', // email
|
||||||
|
false, // isVerifiedEmail
|
||||||
|
'', // phone
|
||||||
|
false, // isVerifiedPhone
|
||||||
|
{}, // customAttributes
|
||||||
|
'', // givenName
|
||||||
|
'', // middleName
|
||||||
|
'', // familyName
|
||||||
|
false, // hasPassword
|
||||||
|
'enabled', // status
|
||||||
|
[], // roleNames
|
||||||
|
[], // ssoAppIds
|
||||||
|
[], // oauthProviders (List<String>)
|
||||||
|
);
|
||||||
|
final session = DescopeSession.fromJwt(jwt, jwt, dummyUser);
|
||||||
|
Descope.sessionManager.manageSession(session);
|
||||||
|
|
||||||
|
_onLoginSuccess(jwt);
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
debugPrint("[QR] Polling error: $e");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
void _stopQrPolling() {
|
||||||
|
_qrPollingTimer?.cancel();
|
||||||
|
_qrPollingTimer = null;
|
||||||
|
_qrCountdownTimer?.cancel();
|
||||||
|
_qrCountdownTimer = null;
|
||||||
|
_qrPendingRef = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
String _formatTime(int seconds) {
|
||||||
|
final m = seconds ~/ 60;
|
||||||
|
final s = seconds % 60;
|
||||||
|
return "${m.toString().padLeft(2, '0')}:${s.toString().padLeft(2, '0')}";
|
||||||
|
}
|
||||||
|
|
||||||
Future<void> _verifyToken(String token) async {
|
Future<void> _verifyToken(String token) async {
|
||||||
debugPrint("[Auth] Starting verification for token: $token");
|
debugPrint("[Auth] Starting verification for token: $token");
|
||||||
try {
|
try {
|
||||||
// Use Backend to verify the token (Backend-Driven Flow)
|
// Use Backend to verify the token (Backend-Driven Flow)
|
||||||
await AuthProxyService.verifyMagicLink(token);
|
final res = await AuthProxyService.verifyMagicLink(token);
|
||||||
|
final jwt = res['token'];
|
||||||
debugPrint("[Auth] Verification successful for token: $token");
|
debugPrint("[Auth] Verification successful for token: $token");
|
||||||
|
|
||||||
if (mounted) {
|
if (jwt != null && mounted) {
|
||||||
_showSuccessDialog();
|
final displayName = _getLoginIdFromJwt(jwt);
|
||||||
|
// Create User & Session for Descope SDK to log in this tab
|
||||||
|
final dummyUser = DescopeUser(
|
||||||
|
'unknown', [], 0, displayName, null, '', false, '', false, {}, '', '', '', false, 'enabled', [], [], [],
|
||||||
|
);
|
||||||
|
final session = DescopeSession.fromJwt(jwt, jwt, dummyUser);
|
||||||
|
Descope.sessionManager.manageSession(session);
|
||||||
|
|
||||||
|
// Notify and Go to Dashboard
|
||||||
|
_onLoginSuccess(jwt);
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
debugPrint("[Auth] Verification FAILED for token: $token. Error: $e");
|
debugPrint("[Auth] Verification FAILED for token: $token. Error: $e");
|
||||||
@@ -81,50 +228,31 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
|
|
||||||
@override
|
@override
|
||||||
void dispose() {
|
void dispose() {
|
||||||
|
_stopQrPolling();
|
||||||
_tabController.dispose();
|
_tabController.dispose();
|
||||||
_emailController.dispose();
|
_idController.dispose();
|
||||||
_passwordController.dispose();
|
|
||||||
_phoneController.dispose();
|
|
||||||
_smsCodeController.dispose();
|
_smsCodeController.dispose();
|
||||||
super.dispose();
|
super.dispose();
|
||||||
}
|
}
|
||||||
|
|
||||||
Future<void> _handleEmailLogin() async {
|
Future<void> _handleLogin() async {
|
||||||
final email = _emailController.text.trim();
|
final input = _idController.text.trim();
|
||||||
if (email.isEmpty) return;
|
if (input.isEmpty) return;
|
||||||
|
|
||||||
final password = _passwordController.text;
|
String loginId = input;
|
||||||
if (password.isNotEmpty) {
|
if (!input.contains('@')) {
|
||||||
debugPrint("[Auth] Attempting Email/Password login for: $email");
|
// Format phone number if it's not an email
|
||||||
try {
|
loginId = input.replaceAll(RegExp(r'[-\s]'), '');
|
||||||
final authResponse = await Descope.password.signIn(
|
if (loginId.startsWith('010')) {
|
||||||
loginId: email,
|
loginId = '+82${loginId.substring(1)}';
|
||||||
password: password,
|
|
||||||
);
|
|
||||||
final session = DescopeSession.fromAuthenticationResponse(authResponse);
|
|
||||||
Descope.sessionManager.manageSession(session);
|
|
||||||
debugPrint("[Auth] Email login successful");
|
|
||||||
if (mounted) _onLoginSuccess(session.sessionToken.jwt);
|
|
||||||
} catch (e) {
|
|
||||||
debugPrint("[Auth] Email login failed: $e");
|
|
||||||
_showError("Email/Password Login Failed: $e");
|
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
debugPrint("[Auth] Initiating Email Enchanted Link for: $email");
|
|
||||||
_initiateDescopeLinkFlow(email, isSms: false);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
debugPrint("[Auth] Initiating Enchanted Link for: $loginId");
|
||||||
|
_startEnchantedFlow(loginId, isEmail: input.contains('@'));
|
||||||
}
|
}
|
||||||
|
|
||||||
Future<void> _handleSmsLogin() async {
|
Future<void> _startEnchantedFlow(String loginId, {required bool isEmail}) async {
|
||||||
final rawPhone = _phoneController.text.trim();
|
|
||||||
if (rawPhone.isEmpty) return;
|
|
||||||
|
|
||||||
String phone = rawPhone.replaceAll(RegExp(r'[-\s]'), '');
|
|
||||||
if (phone.startsWith('010')) {
|
|
||||||
phone = '+82${phone.substring(1)}'; // Convert 010 to +8210
|
|
||||||
}
|
|
||||||
debugPrint("[Auth] Initiating SMS Enchanted Link for: $phone");
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (mounted) {
|
if (mounted) {
|
||||||
showDialog(
|
showDialog(
|
||||||
@@ -134,10 +262,10 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 1. Init via Backend API
|
// 1. Init via Backend API (Now handles both SMS and SES Email)
|
||||||
final initResponse = await AuthProxyService.initEnchantedLink(phone);
|
final initResponse = await AuthProxyService.initEnchantedLink(loginId);
|
||||||
final pendingRef = initResponse['pendingRef'];
|
final pendingRef = initResponse['pendingRef'];
|
||||||
debugPrint("[Auth] SMS Sent. PendingRef: $pendingRef");
|
debugPrint("[Auth] Link Sent. PendingRef: $pendingRef");
|
||||||
|
|
||||||
if (mounted) {
|
if (mounted) {
|
||||||
Navigator.of(context).pop(); // Close Loading
|
Navigator.of(context).pop(); // Close Loading
|
||||||
@@ -146,11 +274,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
context: context,
|
context: context,
|
||||||
barrierDismissible: false,
|
barrierDismissible: false,
|
||||||
builder: (context) => AlertDialog(
|
builder: (context) => AlertDialog(
|
||||||
title: const Text("SMS Sent"),
|
title: Text(isEmail ? "이메일 전송됨" : "SMS 전송됨"),
|
||||||
content: Column(
|
content: Column(
|
||||||
mainAxisSize: MainAxisSize.min,
|
mainAxisSize: MainAxisSize.min,
|
||||||
children: [
|
children: [
|
||||||
const Text("Please check the link sent to your phone."),
|
Text(isEmail
|
||||||
|
? "입력하신 이메일로 로그인 링크를 보냈습니다."
|
||||||
|
: "입력하신 번호로 로그인 링크를 보냈습니다."),
|
||||||
const SizedBox(height: 16),
|
const SizedBox(height: 16),
|
||||||
const LinearProgressIndicator(),
|
const LinearProgressIndicator(),
|
||||||
const SizedBox(height: 16),
|
const SizedBox(height: 16),
|
||||||
@@ -159,7 +289,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
debugPrint("[Auth] Polling canceled by user");
|
debugPrint("[Auth] Polling canceled by user");
|
||||||
Navigator.of(context).pop();
|
Navigator.of(context).pop();
|
||||||
},
|
},
|
||||||
child: const Text("Cancel")
|
child: const Text("취소")
|
||||||
)
|
)
|
||||||
],
|
],
|
||||||
),
|
),
|
||||||
@@ -170,9 +300,9 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
_pollForSession(pendingRef);
|
_pollForSession(pendingRef);
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
debugPrint("[Auth] SMS initialization failed: $e");
|
debugPrint("[Auth] Initialization failed: $e");
|
||||||
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop();
|
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop();
|
||||||
_showError("Failed to send SMS: $e");
|
_showError("전송 실패: $e");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -192,6 +322,33 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
final jwt = result['sessionJwt'];
|
final jwt = result['sessionJwt'];
|
||||||
if (jwt != null) {
|
if (jwt != null) {
|
||||||
debugPrint("[Auth] Polling SUCCESS. Token received.");
|
debugPrint("[Auth] Polling SUCCESS. Token received.");
|
||||||
|
|
||||||
|
final displayName = _getLoginIdFromJwt(jwt);
|
||||||
|
// Descope SDK 세션 강제 주입
|
||||||
|
// Note: DescopeUser in 0.9.11 requires 18 positional arguments.
|
||||||
|
final dummyUser = DescopeUser(
|
||||||
|
'unknown', // userId
|
||||||
|
[], // loginIds
|
||||||
|
0, // createdAt
|
||||||
|
displayName, // name
|
||||||
|
null, // picture (Uri?)
|
||||||
|
'', // email
|
||||||
|
false, // isVerifiedEmail
|
||||||
|
'', // phone
|
||||||
|
false, // isVerifiedPhone
|
||||||
|
{}, // customAttributes
|
||||||
|
'', // givenName
|
||||||
|
'', // middleName
|
||||||
|
'', // familyName
|
||||||
|
false, // hasPassword
|
||||||
|
'enabled', // status
|
||||||
|
[], // roleNames
|
||||||
|
[], // ssoAppIds
|
||||||
|
[], // oauthProviders (List<String>)
|
||||||
|
);
|
||||||
|
final session = DescopeSession.fromJwt(jwt, jwt, dummyUser);
|
||||||
|
Descope.sessionManager.manageSession(session);
|
||||||
|
|
||||||
if (mounted) {
|
if (mounted) {
|
||||||
Navigator.of(context).pop(); // Close Polling Dialog
|
Navigator.of(context).pop(); // Close Polling Dialog
|
||||||
_onLoginSuccess(jwt);
|
_onLoginSuccess(jwt);
|
||||||
@@ -211,65 +368,15 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Future<void> _initiateDescopeLinkFlow(String loginId, {required bool isSms}) async {
|
void _showError(String message) {
|
||||||
|
if (!mounted) return;
|
||||||
|
ScaffoldMessenger.of(context).showSnackBar(
|
||||||
|
SnackBar(content: Text(message), backgroundColor: Colors.red),
|
||||||
|
);
|
||||||
try {
|
try {
|
||||||
if (mounted) {
|
AuthProxyService.logError(message);
|
||||||
showDialog(
|
|
||||||
context: context,
|
|
||||||
barrierDismissible: false,
|
|
||||||
builder: (context) => const Center(child: CircularProgressIndicator()),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
// 1. Init via Descope SDK
|
|
||||||
final frontendUrl = dotenv.env['FRONTEND_URL'] ?? 'http://ssologin.hmac.kr';
|
|
||||||
final signUpOrInResponse = await Descope.enchantedLink.signUpOrIn(
|
|
||||||
loginId: loginId,
|
|
||||||
redirectUrl: "$frontendUrl/auth/callback",
|
|
||||||
);
|
|
||||||
|
|
||||||
if (mounted) {
|
|
||||||
Navigator.of(context).pop(); // Close Loading
|
|
||||||
|
|
||||||
showDialog(
|
|
||||||
context: context,
|
|
||||||
barrierDismissible: false,
|
|
||||||
builder: (context) => AlertDialog(
|
|
||||||
title: Text(isSms ? "SMS Sent" : "Email Sent"),
|
|
||||||
content: Column(
|
|
||||||
mainAxisSize: MainAxisSize.min,
|
|
||||||
children: [
|
|
||||||
Text("We sent a login link to ${isSms ? loginId.split('@')[0] : loginId}"),
|
|
||||||
const SizedBox(height: 16),
|
|
||||||
|
|
||||||
// For SMS, we might not get a Link ID in the message if the template doesn't include it.
|
|
||||||
// But Enchanted Link always has one.
|
|
||||||
Text(
|
|
||||||
"Security Number: ${signUpOrInResponse.linkId}",
|
|
||||||
style: const TextStyle(fontSize: 24, fontWeight: FontWeight.bold, color: Colors.blue),
|
|
||||||
),
|
|
||||||
const SizedBox(height: 8),
|
|
||||||
const Text("Click the matching number."),
|
|
||||||
const SizedBox(height: 16),
|
|
||||||
const LinearProgressIndicator(),
|
|
||||||
],
|
|
||||||
),
|
|
||||||
),
|
|
||||||
);
|
|
||||||
|
|
||||||
// 2. Poll via Descope SDK
|
|
||||||
final authResponse = await Descope.enchantedLink.pollForSession(pendingRef: signUpOrInResponse.pendingRef);
|
|
||||||
final session = DescopeSession.fromAuthenticationResponse(authResponse);
|
|
||||||
Descope.sessionManager.manageSession(session);
|
|
||||||
|
|
||||||
if (mounted) {
|
|
||||||
Navigator.of(context).pop(); // Close Dialog
|
|
||||||
_onLoginSuccess(session.sessionToken.jwt);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (mounted && Navigator.canPop(context)) Navigator.of(context).pop();
|
// ignore
|
||||||
_showError("Login Failed: $e");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -284,130 +391,161 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
details: "User logged in via Baron SSO",
|
details: "User logged in via Baron SSO",
|
||||||
);
|
);
|
||||||
|
|
||||||
if (WebAuthIntegration.isPopup()) {
|
// 1. Handle Redirect Flow (Redirect to another app)
|
||||||
WebAuthIntegration.sendLoginSuccess(token);
|
if (_redirectUrl != null && _redirectUrl!.isNotEmpty) {
|
||||||
_showError("Login Successful! You can close this window.");
|
|
||||||
} else if (_redirectUrl != null) {
|
|
||||||
final target = "$_redirectUrl?token=$token";
|
final target = "$_redirectUrl?token=$token";
|
||||||
launchUrlString(target, webOnlyWindowName: '_self');
|
launchUrlString(target, webOnlyWindowName: '_self');
|
||||||
} else {
|
return;
|
||||||
_showError("Login Successful (Token Received)");
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
void _showError(String message) {
|
// 2. Handle Popup Flow (Send message to opener)
|
||||||
if (!mounted) return;
|
if (WebAuthIntegration.isPopup()) {
|
||||||
ScaffoldMessenger.of(context).showSnackBar(
|
WebAuthIntegration.sendLoginSuccess(token);
|
||||||
SnackBar(content: Text(message), backgroundColor: Colors.red),
|
// If this window was truly a popup for another app, it should close now.
|
||||||
);
|
// If it's still here, we allow it to fall through to the dashboard.
|
||||||
try {
|
}
|
||||||
AuthProxyService.logError(message);
|
|
||||||
} catch (e) {
|
// 3. Standalone mode: Go to dashboard
|
||||||
// ignore
|
// We call notify() to update the router's state, and go() to ensure navigation.
|
||||||
|
AuthNotifier.instance.notify();
|
||||||
|
if (mounted) {
|
||||||
|
context.go('/dashboard');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@override
|
@override
|
||||||
Widget build(BuildContext context) {
|
Widget build(BuildContext context) {
|
||||||
return Scaffold(
|
return Scaffold(
|
||||||
body: Center(
|
body: LayoutBuilder(
|
||||||
child: Container(
|
builder: (context, constraints) {
|
||||||
constraints: const BoxConstraints(maxWidth: 400),
|
return SingleChildScrollView(
|
||||||
padding: const EdgeInsets.all(24),
|
child: ConstrainedBox(
|
||||||
child: Column(
|
constraints: BoxConstraints(minHeight: constraints.maxHeight),
|
||||||
mainAxisAlignment: MainAxisAlignment.center,
|
child: Center(
|
||||||
crossAxisAlignment: CrossAxisAlignment.stretch,
|
child: Container(
|
||||||
children: [
|
constraints: const BoxConstraints(maxWidth: 400),
|
||||||
Text(
|
padding: const EdgeInsets.all(24),
|
||||||
"Baron SSO",
|
child: Column(
|
||||||
style: GoogleFonts.outfit(
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
fontSize: 32,
|
crossAxisAlignment: CrossAxisAlignment.stretch,
|
||||||
fontWeight: FontWeight.bold,
|
children: [
|
||||||
),
|
Text(
|
||||||
textAlign: TextAlign.center,
|
"Baron SSO",
|
||||||
),
|
style: GoogleFonts.outfit(
|
||||||
const SizedBox(height: 40),
|
fontSize: 32,
|
||||||
|
fontWeight: FontWeight.bold,
|
||||||
TabBar(
|
|
||||||
controller: _tabController,
|
|
||||||
tabs: const [
|
|
||||||
Tab(text: "Email"),
|
|
||||||
Tab(text: "Phone (SMS)"),
|
|
||||||
],
|
|
||||||
),
|
|
||||||
const SizedBox(height: 24),
|
|
||||||
|
|
||||||
SizedBox(
|
|
||||||
height: 300,
|
|
||||||
child: TabBarView(
|
|
||||||
controller: _tabController,
|
|
||||||
children: [
|
|
||||||
// Email Form
|
|
||||||
Column(
|
|
||||||
children: [
|
|
||||||
TextField(
|
|
||||||
controller: _emailController,
|
|
||||||
decoration: const InputDecoration(
|
|
||||||
labelText: "Email",
|
|
||||||
border: OutlineInputBorder(),
|
|
||||||
prefixIcon: Icon(Icons.email_outlined),
|
|
||||||
),
|
|
||||||
),
|
),
|
||||||
const SizedBox(height: 16),
|
textAlign: TextAlign.center,
|
||||||
TextField(
|
),
|
||||||
controller: _passwordController,
|
const SizedBox(height: 40),
|
||||||
obscureText: true,
|
|
||||||
decoration: const InputDecoration(
|
|
||||||
labelText: "Password (Optional)",
|
|
||||||
border: OutlineInputBorder(),
|
|
||||||
prefixIcon: Icon(Icons.lock_outline),
|
|
||||||
),
|
|
||||||
),
|
|
||||||
const SizedBox(height: 24),
|
|
||||||
FilledButton(
|
|
||||||
onPressed: _handleEmailLogin,
|
|
||||||
style: FilledButton.styleFrom(
|
|
||||||
minimumSize: const Size.fromHeight(50),
|
|
||||||
),
|
|
||||||
child: const Text("Sign In / Send Link"),
|
|
||||||
),
|
|
||||||
],
|
|
||||||
),
|
|
||||||
|
|
||||||
// Phone Form
|
TabBar(
|
||||||
Column(
|
controller: _tabController,
|
||||||
children: [
|
tabs: const [
|
||||||
TextField(
|
Tab(text: "로그인"),
|
||||||
controller: _phoneController,
|
Tab(text: "QR 코드"),
|
||||||
decoration: const InputDecoration(
|
],
|
||||||
labelText: "Phone Number",
|
),
|
||||||
hintText: "010-1234-5678",
|
const SizedBox(height: 24),
|
||||||
border: OutlineInputBorder(),
|
|
||||||
prefixIcon: Icon(Icons.phone_android),
|
SizedBox(
|
||||||
|
height: 350,
|
||||||
|
child: TabBarView(
|
||||||
|
controller: _tabController,
|
||||||
|
children: [
|
||||||
|
// Unified Login Form
|
||||||
|
Padding(
|
||||||
|
padding: const EdgeInsets.only(top: 16.0),
|
||||||
|
child: Column(
|
||||||
|
children: [
|
||||||
|
TextField(
|
||||||
|
controller: _idController,
|
||||||
|
decoration: const InputDecoration(
|
||||||
|
labelText: "이메일 또는 휴대폰 번호",
|
||||||
|
hintText: "",
|
||||||
|
border: OutlineInputBorder(),
|
||||||
|
prefixIcon: Icon(Icons.person_outline),
|
||||||
|
),
|
||||||
|
onSubmitted: (_) => _handleLogin(),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 24),
|
||||||
|
FilledButton(
|
||||||
|
onPressed: _handleLogin,
|
||||||
|
style: FilledButton.styleFrom(
|
||||||
|
minimumSize: const Size.fromHeight(50),
|
||||||
|
),
|
||||||
|
child: const Text("로그인 링크 전송"),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 16),
|
||||||
|
const Text(
|
||||||
|
"입력하신 정보로 로그인 링크를 전송합니다.",
|
||||||
|
style: TextStyle(color: Colors.grey, fontSize: 12),
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
),
|
||||||
|
],
|
||||||
|
),
|
||||||
),
|
),
|
||||||
),
|
|
||||||
const SizedBox(height: 24),
|
// QR Login View
|
||||||
FilledButton(
|
Column(
|
||||||
onPressed: _handleSmsLogin,
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
style: FilledButton.styleFrom(
|
crossAxisAlignment: CrossAxisAlignment.center,
|
||||||
minimumSize: const Size.fromHeight(50),
|
children: [
|
||||||
|
if (_isQrLoading)
|
||||||
|
const CircularProgressIndicator()
|
||||||
|
else if (_qrImageBase64 != null)
|
||||||
|
Column(
|
||||||
|
crossAxisAlignment: CrossAxisAlignment.center,
|
||||||
|
children: [
|
||||||
|
Container(
|
||||||
|
padding: const EdgeInsets.all(16),
|
||||||
|
decoration: BoxDecoration(
|
||||||
|
border: Border.all(color: Colors.grey.shade300),
|
||||||
|
borderRadius: BorderRadius.circular(12),
|
||||||
|
),
|
||||||
|
child: QrImageView(
|
||||||
|
data: _qrImageBase64!,
|
||||||
|
version: QrVersions.auto,
|
||||||
|
size: 200.0,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 12),
|
||||||
|
Text(
|
||||||
|
_qrRemainingSeconds > 0
|
||||||
|
? "남은 시간: ${_formatTime(_qrRemainingSeconds)}"
|
||||||
|
: "QR 코드 만료됨",
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
style: TextStyle(
|
||||||
|
color: _qrRemainingSeconds > 30 ? Colors.blue : Colors.red,
|
||||||
|
fontWeight: FontWeight.bold,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 8),
|
||||||
|
const Text(
|
||||||
|
"모바일 앱으로 스캔하세요",
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
style: TextStyle(color: Colors.grey, fontSize: 12),
|
||||||
|
),
|
||||||
|
TextButton(
|
||||||
|
onPressed: _startQrFlow,
|
||||||
|
child: const Text("QR 코드 새로고침")
|
||||||
|
),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
else
|
||||||
|
const Text("QR 코드를 불러오지 못했습니다.", textAlign: TextAlign.center),
|
||||||
|
],
|
||||||
),
|
),
|
||||||
child: const Text("Send Login Link"),
|
],
|
||||||
),
|
),
|
||||||
const SizedBox(height: 16),
|
),
|
||||||
const Text(
|
],
|
||||||
"We will send a login link to your phone via SMS.",
|
),
|
||||||
style: TextStyle(color: Colors.grey, fontSize: 12),
|
|
||||||
textAlign: TextAlign.center,
|
|
||||||
),
|
|
||||||
],
|
|
||||||
),
|
|
||||||
],
|
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
],
|
),
|
||||||
),
|
);
|
||||||
),
|
},
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,63 @@
|
|||||||
|
import 'package:flutter/material.dart';
|
||||||
|
import 'package:go_router/go_router.dart';
|
||||||
|
import 'package:google_fonts/google_fonts.dart';
|
||||||
|
|
||||||
|
class LoginSuccessScreen extends StatelessWidget {
|
||||||
|
const LoginSuccessScreen({super.key});
|
||||||
|
|
||||||
|
@override
|
||||||
|
Widget build(BuildContext context) {
|
||||||
|
return Scaffold(
|
||||||
|
body: Center(
|
||||||
|
child: Padding(
|
||||||
|
padding: const EdgeInsets.all(24.0),
|
||||||
|
child: Column(
|
||||||
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
|
children: [
|
||||||
|
const Icon(Icons.check_circle_outline, size: 80, color: Colors.green),
|
||||||
|
const SizedBox(height: 24),
|
||||||
|
Text(
|
||||||
|
"로그인 완료",
|
||||||
|
style: GoogleFonts.outfit(
|
||||||
|
fontSize: 32,
|
||||||
|
fontWeight: FontWeight.bold,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 16),
|
||||||
|
const Text(
|
||||||
|
"성공적으로 로그인되었습니다.",
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
style: TextStyle(color: Colors.grey, fontSize: 16),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 48),
|
||||||
|
|
||||||
|
// 이 버튼이 QR 카메라를 켜는 버튼입니다.
|
||||||
|
FilledButton.icon(
|
||||||
|
onPressed: () {
|
||||||
|
context.push('/qr-scan');
|
||||||
|
},
|
||||||
|
icon: const Icon(Icons.camera_alt, size: 28),
|
||||||
|
label: const Text("QR 인증 (카메라 켜기)"),
|
||||||
|
style: FilledButton.styleFrom(
|
||||||
|
minimumSize: const Size.fromHeight(80), // 버튼 높이를 더 크게
|
||||||
|
backgroundColor: Colors.blue.shade700,
|
||||||
|
textStyle: const TextStyle(fontSize: 20, fontWeight: FontWeight.bold),
|
||||||
|
shape: RoundedRectangleBorder(
|
||||||
|
borderRadius: BorderRadius.circular(16),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 24),
|
||||||
|
TextButton(
|
||||||
|
onPressed: () {
|
||||||
|
context.go('/dashboard');
|
||||||
|
},
|
||||||
|
child: const Text("나중에 하기 (대시보드로 이동)", style: TextStyle(color: Colors.grey)),
|
||||||
|
),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
122
frontend/lib/features/auth/presentation/qr_scan_screen.dart
Normal file
122
frontend/lib/features/auth/presentation/qr_scan_screen.dart
Normal file
@@ -0,0 +1,122 @@
|
|||||||
|
import 'package:flutter/material.dart';
|
||||||
|
import 'package:mobile_scanner/mobile_scanner.dart';
|
||||||
|
import 'package:go_router/go_router.dart';
|
||||||
|
import 'package:logging/logging.dart';
|
||||||
|
import 'package:descope/descope.dart';
|
||||||
|
import '../../../core/services/auth_proxy_service.dart';
|
||||||
|
|
||||||
|
class QRScanScreen extends StatefulWidget {
|
||||||
|
const QRScanScreen({super.key});
|
||||||
|
|
||||||
|
@override
|
||||||
|
State<QRScanScreen> createState() => _QRScanScreenState();
|
||||||
|
}
|
||||||
|
|
||||||
|
class _QRScanScreenState extends State<QRScanScreen> {
|
||||||
|
final _log = Logger('QRScanScreen');
|
||||||
|
final MobileScannerController controller = MobileScannerController(
|
||||||
|
detectionSpeed: DetectionSpeed.noDuplicates,
|
||||||
|
);
|
||||||
|
bool _isScanned = false;
|
||||||
|
|
||||||
|
@override
|
||||||
|
void dispose() {
|
||||||
|
controller.dispose();
|
||||||
|
super.dispose();
|
||||||
|
}
|
||||||
|
|
||||||
|
Future<void> _onDetect(BarcodeCapture capture) async {
|
||||||
|
if (_isScanned) return;
|
||||||
|
|
||||||
|
final List<Barcode> barcodes = capture.barcodes;
|
||||||
|
for (final barcode in barcodes) {
|
||||||
|
if (barcode.rawValue != null) {
|
||||||
|
_isScanned = true;
|
||||||
|
String qrData = barcode.rawValue!;
|
||||||
|
String pendingRef = qrData;
|
||||||
|
|
||||||
|
// URL 형식이라면 'ref' 파라미터 추출 시도
|
||||||
|
if (qrData.startsWith('http')) {
|
||||||
|
try {
|
||||||
|
final uri = Uri.parse(qrData);
|
||||||
|
if (uri.queryParameters.containsKey('ref')) {
|
||||||
|
pendingRef = uri.queryParameters['ref']!;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
_log.warning('Failed to parse QR URL: $qrData', e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
_log.info('QR Code detected raw: $qrData, ref: $pendingRef');
|
||||||
|
|
||||||
|
final sessionToken = Descope.sessionManager.session?.sessionToken.jwt;
|
||||||
|
if (sessionToken == null) {
|
||||||
|
if (mounted) {
|
||||||
|
ScaffoldMessenger.of(context).showSnackBar(
|
||||||
|
const SnackBar(content: Text('로그인이 필요합니다.'), backgroundColor: Colors.red),
|
||||||
|
);
|
||||||
|
context.pop();
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
// Call backend API to approve login with clean ref
|
||||||
|
await AuthProxyService.approveQrLogin(pendingRef, sessionToken);
|
||||||
|
|
||||||
|
if (mounted) {
|
||||||
|
ScaffoldMessenger.of(context).showSnackBar(
|
||||||
|
const SnackBar(
|
||||||
|
content: Text('로그인 승인 완료!'),
|
||||||
|
backgroundColor: Colors.green,
|
||||||
|
),
|
||||||
|
);
|
||||||
|
// Wait a bit and go back
|
||||||
|
await Future.delayed(const Duration(milliseconds: 500));
|
||||||
|
if (mounted) context.pop();
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
_log.severe("QR Approval Failed", e);
|
||||||
|
if (mounted) {
|
||||||
|
ScaffoldMessenger.of(context).showSnackBar(
|
||||||
|
SnackBar(content: Text('승인 실패: $e'), backgroundColor: Colors.red),
|
||||||
|
);
|
||||||
|
// Allow rescanning after a delay
|
||||||
|
await Future.delayed(const Duration(seconds: 2));
|
||||||
|
_isScanned = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@override
|
||||||
|
Widget build(BuildContext context) {
|
||||||
|
return Scaffold(
|
||||||
|
appBar: AppBar(
|
||||||
|
title: const Text('Scan QR Code'),
|
||||||
|
leading: IconButton(
|
||||||
|
icon: const Icon(Icons.arrow_back),
|
||||||
|
onPressed: () => context.pop(),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
body: MobileScanner(
|
||||||
|
controller: controller,
|
||||||
|
onDetect: _onDetect,
|
||||||
|
errorBuilder: (context, error, child) {
|
||||||
|
return Center(
|
||||||
|
child: Column(
|
||||||
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
|
children: [
|
||||||
|
const Icon(Icons.error, color: Colors.red, size: 50),
|
||||||
|
const SizedBox(height: 10),
|
||||||
|
Text('Camera Error: ${error.errorCode}'),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
);
|
||||||
|
},
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -2,13 +2,19 @@ import 'package:flutter/material.dart';
|
|||||||
import 'package:descope/descope.dart';
|
import 'package:descope/descope.dart';
|
||||||
import 'package:go_router/go_router.dart';
|
import 'package:go_router/go_router.dart';
|
||||||
import 'package:google_fonts/google_fonts.dart';
|
import 'package:google_fonts/google_fonts.dart';
|
||||||
|
import '../../../../core/notifiers/auth_notifier.dart';
|
||||||
|
|
||||||
class DashboardScreen extends StatelessWidget {
|
class DashboardScreen extends StatelessWidget {
|
||||||
const DashboardScreen({super.key});
|
const DashboardScreen({super.key});
|
||||||
|
|
||||||
Future<void> _logout(BuildContext context) async {
|
Future<void> _logout(BuildContext context) async {
|
||||||
|
// ignore: use_build_context_synchronously
|
||||||
Descope.sessionManager.clearSession();
|
Descope.sessionManager.clearSession();
|
||||||
if (context.mounted) context.go('/');
|
AuthNotifier.instance.notify();
|
||||||
|
}
|
||||||
|
|
||||||
|
void _onScanQR(BuildContext context) {
|
||||||
|
context.push('/scan');
|
||||||
}
|
}
|
||||||
|
|
||||||
@override
|
@override
|
||||||
@@ -17,8 +23,12 @@ class DashboardScreen extends StatelessWidget {
|
|||||||
final userName = user?.name ?? user?.email ?? user?.phone ?? 'User';
|
final userName = user?.name ?? user?.email ?? user?.phone ?? 'User';
|
||||||
|
|
||||||
return Scaffold(
|
return Scaffold(
|
||||||
|
backgroundColor: Colors.grey[50],
|
||||||
appBar: AppBar(
|
appBar: AppBar(
|
||||||
title: Text('Baron Launcher', style: GoogleFonts.outfit(fontWeight: FontWeight.bold)),
|
title: Text('Baron Launcher', style: GoogleFonts.outfit(fontWeight: FontWeight.bold)),
|
||||||
|
elevation: 0,
|
||||||
|
backgroundColor: Colors.white,
|
||||||
|
foregroundColor: Colors.black,
|
||||||
actions: [
|
actions: [
|
||||||
IconButton(
|
IconButton(
|
||||||
icon: const Icon(Icons.logout),
|
icon: const Icon(Icons.logout),
|
||||||
@@ -28,13 +38,66 @@ class DashboardScreen extends StatelessWidget {
|
|||||||
],
|
],
|
||||||
),
|
),
|
||||||
body: Center(
|
body: Center(
|
||||||
child: Column(
|
child: Padding(
|
||||||
mainAxisAlignment: MainAxisAlignment.center,
|
padding: const EdgeInsets.all(24.0),
|
||||||
children: [
|
child: Column(
|
||||||
const Text('Dashboard Loaded Successfully', style: TextStyle(fontSize: 24, fontWeight: FontWeight.bold)),
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
const SizedBox(height: 20),
|
children: [
|
||||||
Text('Welcome, $userName'),
|
const Icon(Icons.check_circle_outline, size: 80, color: Colors.green),
|
||||||
],
|
const SizedBox(height: 24),
|
||||||
|
Text(
|
||||||
|
'로그인 성공!',
|
||||||
|
style: GoogleFonts.notoSans(
|
||||||
|
fontSize: 28,
|
||||||
|
fontWeight: FontWeight.bold,
|
||||||
|
color: const Color(0xFF1A1F2C),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 8),
|
||||||
|
Text(
|
||||||
|
'반갑습니다, $userName님',
|
||||||
|
style: GoogleFonts.notoSans(
|
||||||
|
fontSize: 16,
|
||||||
|
color: Colors.grey[600],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 48),
|
||||||
|
|
||||||
|
// QR Camera Button
|
||||||
|
SizedBox(
|
||||||
|
width: double.infinity,
|
||||||
|
height: 56,
|
||||||
|
child: ElevatedButton(
|
||||||
|
onPressed: () => _onScanQR(context),
|
||||||
|
style: ElevatedButton.styleFrom(
|
||||||
|
backgroundColor: const Color(0xFF1A1F2C),
|
||||||
|
foregroundColor: Colors.white,
|
||||||
|
elevation: 2,
|
||||||
|
shape: RoundedRectangleBorder(
|
||||||
|
borderRadius: BorderRadius.circular(12),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
child: Row(
|
||||||
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
|
children: [
|
||||||
|
const Icon(Icons.qr_code_scanner, size: 28),
|
||||||
|
const SizedBox(width: 12),
|
||||||
|
Text(
|
||||||
|
'QR 스캔하기',
|
||||||
|
style: GoogleFonts.notoSans(fontSize: 18, fontWeight: FontWeight.w600),
|
||||||
|
),
|
||||||
|
const SizedBox(width: 40), // Icon size(28) + Spacing(12) to balance the centering
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
const SizedBox(height: 16),
|
||||||
|
const Text(
|
||||||
|
'PC 화면의 QR 코드를 스캔하여 로그인하세요.',
|
||||||
|
style: TextStyle(color: Colors.grey, fontSize: 13),
|
||||||
|
),
|
||||||
|
],
|
||||||
|
),
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
|||||||
@@ -7,10 +7,13 @@ import 'package:go_router/go_router.dart';
|
|||||||
import 'package:google_fonts/google_fonts.dart';
|
import 'package:google_fonts/google_fonts.dart';
|
||||||
import 'package:flutter_web_plugins/url_strategy.dart';
|
import 'package:flutter_web_plugins/url_strategy.dart';
|
||||||
import 'features/auth/presentation/login_screen.dart';
|
import 'features/auth/presentation/login_screen.dart';
|
||||||
|
import 'features/auth/presentation/approve_qr_screen.dart';
|
||||||
|
import 'features/auth/presentation/qr_scan_screen.dart';
|
||||||
import 'features/dashboard/presentation/dashboard_screen.dart';
|
import 'features/dashboard/presentation/dashboard_screen.dart';
|
||||||
import 'features/admin/presentation/user_management_screen.dart';
|
import 'features/admin/presentation/user_management_screen.dart';
|
||||||
import 'core/services/auth_proxy_service.dart';
|
import 'core/services/auth_proxy_service.dart';
|
||||||
import 'core/services/logger_service.dart';
|
import 'core/services/logger_service.dart';
|
||||||
|
import 'core/notifiers/auth_notifier.dart';
|
||||||
import 'package:logging/logging.dart';
|
import 'package:logging/logging.dart';
|
||||||
|
|
||||||
final _log = Logger('Main');
|
final _log = Logger('Main');
|
||||||
@@ -63,6 +66,7 @@ final _routerLogger = Logger('Router');
|
|||||||
final _router = GoRouter(
|
final _router = GoRouter(
|
||||||
initialLocation: '/',
|
initialLocation: '/',
|
||||||
debugLogDiagnostics: true, // Enable diagnostic logs
|
debugLogDiagnostics: true, // Enable diagnostic logs
|
||||||
|
refreshListenable: AuthNotifier.instance,
|
||||||
routes: [
|
routes: [
|
||||||
GoRoute(
|
GoRoute(
|
||||||
path: '/',
|
path: '/',
|
||||||
@@ -79,6 +83,14 @@ final _router = GoRouter(
|
|||||||
return LoginScreen(verificationToken: token);
|
return LoginScreen(verificationToken: token);
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
|
GoRoute(
|
||||||
|
path: '/approve',
|
||||||
|
builder: (context, state) {
|
||||||
|
final ref = state.uri.queryParameters['ref'];
|
||||||
|
_routerLogger.info("Navigating to /approve with ref: $ref");
|
||||||
|
return ApproveQrScreen(pendingRef: ref);
|
||||||
|
},
|
||||||
|
),
|
||||||
GoRoute(
|
GoRoute(
|
||||||
path: '/dashboard',
|
path: '/dashboard',
|
||||||
builder: (context, state) {
|
builder: (context, state) {
|
||||||
@@ -86,6 +98,13 @@ final _router = GoRouter(
|
|||||||
return const DashboardScreen();
|
return const DashboardScreen();
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
|
GoRoute(
|
||||||
|
path: '/scan',
|
||||||
|
builder: (context, state) {
|
||||||
|
_routerLogger.info("Navigating to /scan");
|
||||||
|
return const QRScanScreen();
|
||||||
|
},
|
||||||
|
),
|
||||||
GoRoute(
|
GoRoute(
|
||||||
path: '/admin/users',
|
path: '/admin/users',
|
||||||
builder: (context, state) {
|
builder: (context, state) {
|
||||||
@@ -98,7 +117,7 @@ final _router = GoRouter(
|
|||||||
final isLoggedIn =
|
final isLoggedIn =
|
||||||
Descope.sessionManager.session?.refreshToken.isExpired == false;
|
Descope.sessionManager.session?.refreshToken.isExpired == false;
|
||||||
final path = state.uri.path;
|
final path = state.uri.path;
|
||||||
final isLoggingIn = path == '/' || path.startsWith('/verify/') || path.startsWith('/admin/');
|
final isLoggingIn = path == '/' || path.startsWith('/verify/') || path.startsWith('/admin/') || path == '/approve';
|
||||||
|
|
||||||
_routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn");
|
_routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn");
|
||||||
|
|
||||||
|
|||||||
@@ -43,6 +43,8 @@ dependencies:
|
|||||||
url_launcher: ^6.3.2
|
url_launcher: ^6.3.2
|
||||||
logging: ^1.2.0
|
logging: ^1.2.0
|
||||||
logger: ^2.0.0
|
logger: ^2.0.0
|
||||||
|
qr_flutter: ^4.1.0
|
||||||
|
mobile_scanner: ^6.0.0
|
||||||
|
|
||||||
dev_dependencies:
|
dev_dependencies:
|
||||||
flutter_test:
|
flutter_test:
|
||||||
|
|||||||
Reference in New Issue
Block a user