forked from baron/baron-sso
Merge pull request 'dev/ory-hydra2' (#165) from dev/ory-hydra2 into main
Reviewed-on: ai-team/baron-sso#165
This commit is contained in:
@@ -242,6 +242,7 @@ func main() {
|
|||||||
app := fiber.New(fiber.Config{
|
app := fiber.New(fiber.Config{
|
||||||
AppName: "Baron SSO Backend",
|
AppName: "Baron SSO Backend",
|
||||||
DisableStartupMessage: true, // Clean logs
|
DisableStartupMessage: true, // Clean logs
|
||||||
|
ReadBufferSize: 32768, // 32KB로 증가 (긴 OIDC 챌린지 대응)
|
||||||
// Global Error Handler for Production Masking
|
// Global Error Handler for Production Masking
|
||||||
ErrorHandler: func(c *fiber.Ctx, err error) error {
|
ErrorHandler: func(c *fiber.Ctx, err error) error {
|
||||||
// Default status code
|
// Default status code
|
||||||
@@ -459,6 +460,9 @@ func main() {
|
|||||||
auth.Post("/login/code/verify", authHandler.VerifyLoginCode)
|
auth.Post("/login/code/verify", authHandler.VerifyLoginCode)
|
||||||
auth.Post("/login/code/verify-short", authHandler.VerifyLoginShortCode)
|
auth.Post("/login/code/verify-short", authHandler.VerifyLoginShortCode)
|
||||||
auth.Post("/password/login", authHandler.PasswordLogin)
|
auth.Post("/password/login", authHandler.PasswordLogin)
|
||||||
|
auth.Get("/consent", authHandler.GetConsentRequest)
|
||||||
|
auth.Post("/consent/accept", authHandler.AcceptConsentRequest)
|
||||||
|
|
||||||
auth.Post("/password/reset/initiate", authHandler.InitiatePasswordReset)
|
auth.Post("/password/reset/initiate", authHandler.InitiatePasswordReset)
|
||||||
// [Changed] Use Interstitial Page for GET to prevent Scanner consumption
|
// [Changed] Use Interstitial Page for GET to prevent Scanner consumption
|
||||||
auth.Get("/password/reset/verify", authHandler.VerifyPasswordResetPage)
|
auth.Get("/password/reset/verify", authHandler.VerifyPasswordResetPage)
|
||||||
|
|||||||
@@ -1266,8 +1266,9 @@ func (h *AuthHandler) PasswordLogin(c *fiber.Ctx) error {
|
|||||||
ale.Operation = "Auth.Password().SignIn"
|
ale.Operation = "Auth.Password().SignIn"
|
||||||
|
|
||||||
var req struct {
|
var req struct {
|
||||||
LoginID string `json:"loginId"`
|
LoginID string `json:"loginId"`
|
||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
|
LoginChallenge string `json:"login_challenge,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := c.BodyParser(&req); err != nil {
|
if err := c.BodyParser(&req); err != nil {
|
||||||
@@ -1314,6 +1315,21 @@ func (h *AuthHandler) PasswordLogin(c *fiber.Ctx) error {
|
|||||||
setSessionIDLocal(c, authInfo.SessionToken)
|
setSessionIDLocal(c, authInfo.SessionToken)
|
||||||
ale.Log(slog.LevelInfo, "Login successful", slog.String("provider", h.IdpProvider.Name()), slog.String("subject", authInfo.Subject))
|
ale.Log(slog.LevelInfo, "Login successful", slog.String("provider", h.IdpProvider.Name()), slog.String("subject", authInfo.Subject))
|
||||||
|
|
||||||
|
// --- OIDC 로그인 흐름 처리 ---
|
||||||
|
if req.LoginChallenge != "" {
|
||||||
|
slog.Info("OIDC login flow detected", "challenge", req.LoginChallenge)
|
||||||
|
acceptResp, err := h.Hydra.AcceptLoginRequest(c.Context(), req.LoginChallenge, authInfo.Subject)
|
||||||
|
if err != nil {
|
||||||
|
slog.Error("failed to accept hydra login request", "error", err)
|
||||||
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to accept OIDC login request")
|
||||||
|
}
|
||||||
|
slog.Info("Hydra login request accepted", "redirectTo", acceptResp.RedirectTo)
|
||||||
|
return c.JSON(fiber.Map{
|
||||||
|
"redirectTo": acceptResp.RedirectTo,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
// --- OIDC 로그인 흐름 처리 끝 ---
|
||||||
|
|
||||||
resp := fiber.Map{
|
resp := fiber.Map{
|
||||||
"sessionJwt": authInfo.SessionToken.JWT,
|
"sessionJwt": authInfo.SessionToken.JWT,
|
||||||
"status": "ok",
|
"status": "ok",
|
||||||
@@ -2897,6 +2913,48 @@ func (h *AuthHandler) ListLinkedRps(c *fiber.Ctx) error {
|
|||||||
return c.JSON(linkedRpListResponse{Items: items})
|
return c.JSON(linkedRpListResponse{Items: items})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (h *AuthHandler) GetConsentRequest(c *fiber.Ctx) error {
|
||||||
|
challenge := c.Query("consent_challenge")
|
||||||
|
if challenge == "" {
|
||||||
|
return fiber.NewError(fiber.StatusBadRequest, "consent_challenge is required")
|
||||||
|
}
|
||||||
|
|
||||||
|
consentRequest, err := h.Hydra.GetConsentRequest(c.Context(), challenge)
|
||||||
|
if err != nil {
|
||||||
|
slog.Error("failed to get hydra consent request", "error", err)
|
||||||
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to get consent information")
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(consentRequest)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *AuthHandler) AcceptConsentRequest(c *fiber.Ctx) error {
|
||||||
|
var req struct {
|
||||||
|
ConsentChallenge string `json:"consent_challenge"`
|
||||||
|
}
|
||||||
|
if err := c.BodyParser(&req); err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
|
||||||
|
}
|
||||||
|
if req.ConsentChallenge == "" {
|
||||||
|
return fiber.NewError(fiber.StatusBadRequest, "consent_challenge is required")
|
||||||
|
}
|
||||||
|
|
||||||
|
consentRequest, err := h.Hydra.GetConsentRequest(c.Context(), req.ConsentChallenge)
|
||||||
|
if err != nil {
|
||||||
|
slog.Error("failed to get hydra consent request before accepting", "error", err)
|
||||||
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to get consent information")
|
||||||
|
}
|
||||||
|
|
||||||
|
acceptResp, err := h.Hydra.AcceptConsentRequest(c.Context(), req.ConsentChallenge, consentRequest)
|
||||||
|
if err != nil {
|
||||||
|
slog.Error("failed to accept hydra consent request", "error", err)
|
||||||
|
return fiber.NewError(fiber.StatusInternalServerError, "Failed to accept consent request")
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(acceptResp)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) {
|
func (h *AuthHandler) resolveCurrentProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) {
|
||||||
token := h.getBearerToken(c)
|
token := h.getBearerToken(c)
|
||||||
if token != "" {
|
if token != "" {
|
||||||
|
|||||||
@@ -36,6 +36,15 @@ type HydraClient struct {
|
|||||||
Metadata map[string]interface{} `json:"metadata,omitempty"`
|
Metadata map[string]interface{} `json:"metadata,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type HydraConsentRequest struct {
|
||||||
|
Challenge string `json:"challenge"`
|
||||||
|
RequestedScope []string `json:"requested_scope"`
|
||||||
|
RequestedAudience []string `json:"requested_access_token_audience"`
|
||||||
|
Skip bool `json:"skip"`
|
||||||
|
Subject string `json:"subject"`
|
||||||
|
Client HydraClient `json:"client"`
|
||||||
|
}
|
||||||
|
|
||||||
type HydraConsentSession struct {
|
type HydraConsentSession struct {
|
||||||
Subject string `json:"subject"`
|
Subject string `json:"subject"`
|
||||||
GrantedScope []string `json:"granted_scope"`
|
GrantedScope []string `json:"granted_scope"`
|
||||||
@@ -347,3 +356,134 @@ func (s *HydraAdminService) buildURLWithParams(path string, params map[string]st
|
|||||||
u.RawQuery = q.Encode()
|
u.RawQuery = q.Encode()
|
||||||
return u.String(), nil
|
return u.String(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type AcceptLoginRequestResponse struct {
|
||||||
|
RedirectTo string `json:"redirectTo"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type AcceptConsentRequestResponse struct {
|
||||||
|
RedirectTo string `json:"redirectTo"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *HydraAdminService) GetConsentRequest(ctx context.Context, challenge string) (*HydraConsentRequest, error) {
|
||||||
|
params := map[string]string{
|
||||||
|
"consent_challenge": challenge,
|
||||||
|
}
|
||||||
|
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/consent", params)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: create request for get consent failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := s.httpClient().Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: get consent request failed: %w", err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
body, _ := io.ReadAll(resp.Body)
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
return nil, fmt.Errorf("hydra admin: get consent failed status=%d body=%s", resp.StatusCode, string(body))
|
||||||
|
}
|
||||||
|
|
||||||
|
var consentReq HydraConsentRequest
|
||||||
|
if err := json.Unmarshal(body, &consentReq); err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: decode get consent response failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &consentReq, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *HydraAdminService) AcceptConsentRequest(ctx context.Context, challenge string, grantInfo *HydraConsentRequest) (*AcceptConsentRequestResponse, error) {
|
||||||
|
params := map[string]string{
|
||||||
|
"consent_challenge": challenge,
|
||||||
|
}
|
||||||
|
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/consent/accept", params)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := map[string]interface{}{
|
||||||
|
"grant_scope": grantInfo.RequestedScope,
|
||||||
|
"grant_audience": grantInfo.RequestedAudience,
|
||||||
|
"remember": true,
|
||||||
|
"remember_for": 3600,
|
||||||
|
}
|
||||||
|
body, _ := json.Marshal(payload)
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, "PUT", endpoint, bytes.NewReader(body))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: create request for accept consent failed: %w", err)
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
|
||||||
|
resp, err := s.httpClient().Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: accept consent request failed: %w", err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
respBody, _ := io.ReadAll(resp.Body)
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
return nil, fmt.Errorf("hydra admin: accept consent failed status=%d body=%s", resp.StatusCode, string(respBody))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hydra 응답(redirect_to)을 읽어서 우리 응답(redirectTo)으로 변환
|
||||||
|
var hydraResp struct {
|
||||||
|
RedirectTo string `json:"redirect_to"`
|
||||||
|
}
|
||||||
|
if err := json.Unmarshal(respBody, &hydraResp); err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: decode accept consent response failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &AcceptConsentRequestResponse{RedirectTo: hydraResp.RedirectTo}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
func (s *HydraAdminService) AcceptLoginRequest(ctx context.Context, challenge string, subject string) (*AcceptLoginRequestResponse, error) {
|
||||||
|
params := map[string]string{
|
||||||
|
"login_challenge": challenge,
|
||||||
|
}
|
||||||
|
endpoint, err := s.buildURLWithParams("/oauth2/auth/requests/login/accept", params)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
payload := map[string]interface{}{
|
||||||
|
"subject": subject,
|
||||||
|
"remember": true,
|
||||||
|
"remember_for": 3600,
|
||||||
|
}
|
||||||
|
body, _ := json.Marshal(payload)
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, "PUT", endpoint, bytes.NewReader(body))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: create request for accept login failed: %w", err)
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
|
||||||
|
resp, err := s.httpClient().Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: accept login request failed: %w", err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
respBody, _ := io.ReadAll(resp.Body)
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
return nil, fmt.Errorf("hydra admin: accept login failed status=%d body=%s", resp.StatusCode, string(respBody))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hydra 응답(redirect_to)을 읽어서 우리 응답(redirectTo)으로 변환
|
||||||
|
var hydraResp struct {
|
||||||
|
RedirectTo string `json:"redirect_to"`
|
||||||
|
}
|
||||||
|
if err := json.Unmarshal(respBody, &hydraResp); err != nil {
|
||||||
|
return nil, fmt.Errorf("hydra admin: decode accept login response failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &AcceptLoginRequestResponse{RedirectTo: hydraResp.RedirectTo}, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ services:
|
|||||||
container_name: ory_hydra
|
container_name: ory_hydra
|
||||||
environment:
|
environment:
|
||||||
- DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20
|
- DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20
|
||||||
- URLS_SELF_ISSUER=${HYDRA_PUBLIC_URL:-http://localhost:5000/oidc}
|
- URLS_SELF_ISSUER=${USERFRONT_URL:-http://localhost:5000}/oidc
|
||||||
- URLS_LOGIN=${USERFRONT_URL:-http://localhost:5000}/login
|
- URLS_LOGIN=${USERFRONT_URL:-http://localhost:5000}/login
|
||||||
- URLS_CONSENT=${USERFRONT_URL:-http://localhost:5000}/consent
|
- URLS_CONSENT=${USERFRONT_URL:-http://localhost:5000}/consent
|
||||||
- SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD}
|
- SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD}
|
||||||
@@ -106,8 +106,6 @@ services:
|
|||||||
- ory-net
|
- ory-net
|
||||||
- hydranet
|
- hydranet
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# --- Keto ---
|
# --- Keto ---
|
||||||
keto-migrate:
|
keto-migrate:
|
||||||
image: oryd/keto:${KETO_VERSION:-v25.4.0}
|
image: oryd/keto:${KETO_VERSION:-v25.4.0}
|
||||||
@@ -229,8 +227,8 @@ services:
|
|||||||
- hydranet
|
- hydranet
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
ory_postgres_data:
|
ory_postgres_data:
|
||||||
ory_clickhouse_data:
|
ory_clickhouse_data:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
ory-net:
|
ory-net:
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
import { BadgeCheck, Moon, ShieldHalf, Sun } from "lucide-react";
|
import { BadgeCheck, Moon, ShieldHalf, Sun } from "lucide-react";
|
||||||
import { useEffect, useState } from "react";
|
import { useEffect, useState } from "react";
|
||||||
import { NavLink, Outlet } from "react-router-dom";
|
import { NavLink, Outlet } from "react-router-dom";
|
||||||
|
import { Toaster } from "../ui/toaster";
|
||||||
|
|
||||||
const navItems = [{ label: "Clients", to: "/clients", icon: ShieldHalf }];
|
const navItems = [{ label: "Clients", to: "/clients", icon: ShieldHalf }];
|
||||||
|
|
||||||
@@ -105,6 +106,7 @@ function AppLayout() {
|
|||||||
<Outlet />
|
<Outlet />
|
||||||
</main>
|
</main>
|
||||||
</div>
|
</div>
|
||||||
|
<Toaster />
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
54
devfront/src/components/ui/copy-button.tsx
Normal file
54
devfront/src/components/ui/copy-button.tsx
Normal file
@@ -0,0 +1,54 @@
|
|||||||
|
import * as React from "react";
|
||||||
|
import { Check, Copy } from "lucide-react";
|
||||||
|
import { Button, type ButtonProps } from "./button";
|
||||||
|
import { cn } from "../../lib/utils";
|
||||||
|
|
||||||
|
interface CopyButtonProps extends ButtonProps {
|
||||||
|
value: string;
|
||||||
|
onCopy?: () => void;
|
||||||
|
}
|
||||||
|
|
||||||
|
export function CopyButton({
|
||||||
|
value,
|
||||||
|
onCopy,
|
||||||
|
className,
|
||||||
|
variant = "secondary",
|
||||||
|
size = "icon",
|
||||||
|
...props
|
||||||
|
}: CopyButtonProps) {
|
||||||
|
const [hasCopied, setHasCopied] = React.useState(false);
|
||||||
|
|
||||||
|
React.useEffect(() => {
|
||||||
|
if (hasCopied) {
|
||||||
|
const timer = setTimeout(() => setHasCopied(false), 1500);
|
||||||
|
return () => clearTimeout(timer);
|
||||||
|
}
|
||||||
|
}, [hasCopied]);
|
||||||
|
|
||||||
|
const copyToClipboard = async () => {
|
||||||
|
try {
|
||||||
|
await navigator.clipboard.writeText(value);
|
||||||
|
setHasCopied(true);
|
||||||
|
if (onCopy) onCopy();
|
||||||
|
} catch (err) {
|
||||||
|
console.error("Failed to copy text: ", err);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return (
|
||||||
|
<Button
|
||||||
|
size={size}
|
||||||
|
variant={variant}
|
||||||
|
className={cn("relative z-10", className)}
|
||||||
|
onClick={copyToClipboard}
|
||||||
|
{...props}
|
||||||
|
>
|
||||||
|
<span className="sr-only">Copy</span>
|
||||||
|
{hasCopied ? (
|
||||||
|
<Check className="h-4 w-4 text-emerald-500 transition-all scale-110" />
|
||||||
|
) : (
|
||||||
|
<Copy className="h-4 w-4 transition-all" />
|
||||||
|
)}
|
||||||
|
</Button>
|
||||||
|
);
|
||||||
|
}
|
||||||
31
devfront/src/components/ui/toaster.tsx
Normal file
31
devfront/src/components/ui/toaster.tsx
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
import * as React from "react";
|
||||||
|
import { useToastState } from "./use-toast";
|
||||||
|
import { CheckCircle2, AlertCircle, Info, X } from "lucide-react";
|
||||||
|
import { cn } from "../../lib/utils";
|
||||||
|
|
||||||
|
export function Toaster() {
|
||||||
|
const toasts = useToastState();
|
||||||
|
|
||||||
|
if (toasts.length === 0) return null;
|
||||||
|
|
||||||
|
return (
|
||||||
|
<div className="fixed bottom-4 right-4 z-[100] flex flex-col gap-2 w-full max-w-[320px]">
|
||||||
|
{toasts.map((t) => (
|
||||||
|
<div
|
||||||
|
key={t.id}
|
||||||
|
className={cn(
|
||||||
|
"flex items-center gap-3 rounded-lg border p-4 shadow-lg animate-in slide-in-from-right-full duration-300",
|
||||||
|
t.type === "success" && "bg-emerald-50 border-emerald-200 text-emerald-800 dark:bg-emerald-950 dark:border-emerald-800 dark:text-emerald-200",
|
||||||
|
t.type === "error" && "bg-rose-50 border-rose-200 text-rose-800 dark:bg-rose-950 dark:border-rose-800 dark:text-rose-200",
|
||||||
|
t.type === "info" && "bg-blue-50 border-blue-200 text-blue-800 dark:bg-blue-950 dark:border-blue-800 dark:text-blue-200"
|
||||||
|
)}
|
||||||
|
>
|
||||||
|
{t.type === "success" && <CheckCircle2 className="h-5 w-5 shrink-0" />}
|
||||||
|
{t.type === "error" && <AlertCircle className="h-5 w-5 shrink-0" />}
|
||||||
|
{t.type === "info" && <Info className="h-5 w-5 shrink-0" />}
|
||||||
|
<p className="text-sm font-medium leading-none">{t.message}</p>
|
||||||
|
</div>
|
||||||
|
))}
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
}
|
||||||
42
devfront/src/components/ui/use-toast.ts
Normal file
42
devfront/src/components/ui/use-toast.ts
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
import * as React from "react";
|
||||||
|
|
||||||
|
type ToastType = "success" | "error" | "info";
|
||||||
|
|
||||||
|
interface Toast {
|
||||||
|
id: string;
|
||||||
|
message: string;
|
||||||
|
type: ToastType;
|
||||||
|
}
|
||||||
|
|
||||||
|
let subscribers: ((toasts: Toast[]) => void)[] = [];
|
||||||
|
let toasts: Toast[] = [];
|
||||||
|
|
||||||
|
const notify = () => {
|
||||||
|
for (const sub of subscribers) {
|
||||||
|
sub(toasts);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
export const toast = (message: string, type: ToastType = "success") => {
|
||||||
|
const id = Math.random().toString(36).substring(2, 9);
|
||||||
|
toasts = [...toasts, { id, message, type }];
|
||||||
|
notify();
|
||||||
|
|
||||||
|
setTimeout(() => {
|
||||||
|
toasts = toasts.filter((t) => t.id !== id);
|
||||||
|
notify();
|
||||||
|
}, 3000);
|
||||||
|
};
|
||||||
|
|
||||||
|
export const useToastState = () => {
|
||||||
|
const [state, setState] = React.useState<Toast[]>(toasts);
|
||||||
|
|
||||||
|
React.useEffect(() => {
|
||||||
|
subscribers.push(setState);
|
||||||
|
return () => {
|
||||||
|
subscribers = subscribers.filter((sub) => sub !== setState);
|
||||||
|
};
|
||||||
|
}, []);
|
||||||
|
|
||||||
|
return state;
|
||||||
|
};
|
||||||
@@ -17,6 +17,8 @@ import { Textarea } from "../../components/ui/textarea";
|
|||||||
import { Label } from "../../components/ui/label";
|
import { Label } from "../../components/ui/label";
|
||||||
import { fetchClient, updateClient } from "../../lib/devApi";
|
import { fetchClient, updateClient } from "../../lib/devApi";
|
||||||
import { cn } from "../../lib/utils";
|
import { cn } from "../../lib/utils";
|
||||||
|
import { CopyButton } from "../../components/ui/copy-button";
|
||||||
|
import { toast } from "../../components/ui/use-toast";
|
||||||
|
|
||||||
function ClientDetailsPage() {
|
function ClientDetailsPage() {
|
||||||
const params = useParams();
|
const params = useParams();
|
||||||
@@ -48,10 +50,10 @@ function ClientDetailsPage() {
|
|||||||
},
|
},
|
||||||
onSuccess: () => {
|
onSuccess: () => {
|
||||||
queryClient.invalidateQueries({ queryKey: ["client", clientId] });
|
queryClient.invalidateQueries({ queryKey: ["client", clientId] });
|
||||||
alert("Redirect URIs가 저장되었습니다.");
|
toast("Redirect URIs가 저장되었습니다.");
|
||||||
},
|
},
|
||||||
onError: (err) => {
|
onError: (err) => {
|
||||||
alert(`저장 실패: ${(err as Error).message}`);
|
toast(`저장 실패: ${(err as Error).message}`, "error");
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -145,9 +147,10 @@ function ClientDetailsPage() {
|
|||||||
</p>
|
</p>
|
||||||
<div className="flex items-center justify-between gap-2">
|
<div className="flex items-center justify-between gap-2">
|
||||||
<p className="font-mono text-lg truncate">{data.client.id}</p>
|
<p className="font-mono text-lg truncate">{data.client.id}</p>
|
||||||
<Button variant="secondary" size="icon" className="shrink-0" onClick={() => navigator.clipboard.writeText(data.client.id)}>
|
<CopyButton
|
||||||
<Copy className="h-4 w-4" />
|
value={data.client.id}
|
||||||
</Button>
|
onCopy={() => toast("Client ID가 복사되었습니다.")}
|
||||||
|
/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@@ -173,14 +176,11 @@ function ClientDetailsPage() {
|
|||||||
>
|
>
|
||||||
{showSecret ? <EyeOff className="h-4 w-4" /> : <Eye className="h-4 w-4" />}
|
{showSecret ? <EyeOff className="h-4 w-4" /> : <Eye className="h-4 w-4" />}
|
||||||
</Button>
|
</Button>
|
||||||
<Button
|
<CopyButton
|
||||||
variant="secondary"
|
value={clientSecret}
|
||||||
size="icon"
|
|
||||||
onClick={() => navigator.clipboard.writeText(clientSecret)}
|
|
||||||
disabled={!showSecret && clientSecret === "SECRET_NOT_AVAILABLE"}
|
disabled={!showSecret && clientSecret === "SECRET_NOT_AVAILABLE"}
|
||||||
>
|
onCopy={() => toast("Client Secret이 복사되었습니다.")}
|
||||||
<Copy className="h-4 w-4" />
|
/>
|
||||||
</Button>
|
|
||||||
<Button variant="outline" size="icon" className="border-amber-500/50 text-amber-500">
|
<Button variant="outline" size="icon" className="border-amber-500/50 text-amber-500">
|
||||||
<AlertCircle className="h-4 w-4" />
|
<AlertCircle className="h-4 w-4" />
|
||||||
</Button>
|
</Button>
|
||||||
@@ -213,14 +213,11 @@ function ClientDetailsPage() {
|
|||||||
<span className="break-all font-mono text-sm">
|
<span className="break-all font-mono text-sm">
|
||||||
{endpoint.value}
|
{endpoint.value}
|
||||||
</span>
|
</span>
|
||||||
<Button
|
<CopyButton
|
||||||
variant="secondary"
|
value={endpoint.value}
|
||||||
size="icon"
|
|
||||||
className="h-8 w-8 shrink-0"
|
className="h-8 w-8 shrink-0"
|
||||||
onClick={() => navigator.clipboard.writeText(endpoint.value)}
|
onCopy={() => toast(`${endpoint.label}가 복사되었습니다.`)}
|
||||||
>
|
/>
|
||||||
<Copy className="h-4 w-4" />
|
|
||||||
</Button>
|
|
||||||
</TableCell>
|
</TableCell>
|
||||||
</TableRow>
|
</TableRow>
|
||||||
))}
|
))}
|
||||||
|
|||||||
@@ -42,6 +42,8 @@ import {
|
|||||||
updateClientStatus,
|
updateClientStatus,
|
||||||
} from "../../lib/devApi";
|
} from "../../lib/devApi";
|
||||||
import { cn } from "../../lib/utils";
|
import { cn } from "../../lib/utils";
|
||||||
|
import { CopyButton } from "../../components/ui/copy-button";
|
||||||
|
import { toast } from "../../components/ui/use-toast";
|
||||||
|
|
||||||
function ClientsPage() {
|
function ClientsPage() {
|
||||||
const navigate = useNavigate();
|
const navigate = useNavigate();
|
||||||
@@ -231,15 +233,13 @@ function ClientsPage() {
|
|||||||
<code className="rounded-md bg-secondary/60 px-2 py-1 font-mono text-xs text-muted-foreground">
|
<code className="rounded-md bg-secondary/60 px-2 py-1 font-mono text-xs text-muted-foreground">
|
||||||
{client.id}
|
{client.id}
|
||||||
</code>
|
</code>
|
||||||
<Button
|
<CopyButton
|
||||||
|
value={client.id}
|
||||||
variant="ghost"
|
variant="ghost"
|
||||||
size="icon"
|
|
||||||
className="h-8 w-8 text-muted-foreground hover:text-primary"
|
className="h-8 w-8 text-muted-foreground hover:text-primary"
|
||||||
aria-label="Copy client id"
|
aria-label="Copy client id"
|
||||||
onClick={() => navigator.clipboard.writeText(client.id)}
|
onCopy={() => toast("클라이언트 ID가 복사되었습니다.")}
|
||||||
>
|
/>
|
||||||
<Copy className="h-4 w-4" />
|
|
||||||
</Button>
|
|
||||||
</div>
|
</div>
|
||||||
</TableCell>
|
</TableCell>
|
||||||
<TableCell>
|
<TableCell>
|
||||||
|
|||||||
@@ -95,6 +95,7 @@ services:
|
|||||||
- APP_ENV=${APP_ENV}
|
- APP_ENV=${APP_ENV}
|
||||||
networks:
|
networks:
|
||||||
- baron_net
|
- baron_net
|
||||||
|
- ory-net
|
||||||
depends_on:
|
depends_on:
|
||||||
backend:
|
backend:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
|
|||||||
@@ -83,6 +83,21 @@
|
|||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-well-known-oidc",
|
||||||
|
"description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/.well-known/<.*>",
|
||||||
|
"methods": ["GET", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "hydra-oauth2",
|
"id": "hydra-oauth2",
|
||||||
"description": "Hydra OAuth2 Endpoints",
|
"description": "Hydra OAuth2 Endpoints",
|
||||||
@@ -97,6 +112,21 @@
|
|||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-oauth2-oidc",
|
||||||
|
"description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/oauth2/<.*>",
|
||||||
|
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "hydra-userinfo",
|
"id": "hydra-userinfo",
|
||||||
"description": "Hydra Userinfo",
|
"description": "Hydra Userinfo",
|
||||||
@@ -110,5 +140,20 @@
|
|||||||
"authenticators": [{ "handler": "noop" }],
|
"authenticators": [{ "handler": "noop" }],
|
||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-userinfo-oidc",
|
||||||
|
"description": "Hydra Userinfo (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/userinfo",
|
||||||
|
"methods": ["GET", "POST", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -83,6 +83,21 @@
|
|||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-well-known-oidc",
|
||||||
|
"description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/.well-known/<.*>",
|
||||||
|
"methods": ["GET", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "hydra-oauth2",
|
"id": "hydra-oauth2",
|
||||||
"description": "Hydra OAuth2 Endpoints",
|
"description": "Hydra OAuth2 Endpoints",
|
||||||
@@ -97,6 +112,21 @@
|
|||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-oauth2-oidc",
|
||||||
|
"description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/oauth2/<.*>",
|
||||||
|
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "hydra-userinfo",
|
"id": "hydra-userinfo",
|
||||||
"description": "Hydra Userinfo",
|
"description": "Hydra Userinfo",
|
||||||
@@ -110,5 +140,20 @@
|
|||||||
"authenticators": [{ "handler": "noop" }],
|
"authenticators": [{ "handler": "noop" }],
|
||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-userinfo-oidc",
|
||||||
|
"description": "Hydra Userinfo (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/userinfo",
|
||||||
|
"methods": ["GET", "POST", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
[
|
[
|
||||||
{
|
{
|
||||||
"id": "public-health",
|
"id": "public-health",
|
||||||
"description": "공개 헬스체크 (STAGE 도메인)",
|
"description": "공개 헬스체크",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/health",
|
"url": "<.*>://<.*>/health",
|
||||||
"methods": ["GET"]
|
"methods": ["GET"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -15,9 +15,9 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "public-preflight",
|
"id": "public-preflight",
|
||||||
"description": "CORS preflight (STAGE 도메인)",
|
"description": "CORS preflight",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
|
"url": "<.*>://<.*>/api/v1/<.*>",
|
||||||
"methods": ["OPTIONS"]
|
"methods": ["OPTIONS"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -29,9 +29,9 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "public-auth",
|
"id": "public-auth",
|
||||||
"description": "인증/회원가입 등 공개 엔드포인트 (STAGE 도메인)",
|
"description": "인증/회원가입 등 공개 엔드포인트",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/api/v1/auth/<.*>",
|
"url": "<.*>://<.*>/api/v1/auth/<.*>",
|
||||||
"methods": ["GET", "POST", "OPTIONS"]
|
"methods": ["GET", "POST", "OPTIONS"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -45,7 +45,7 @@
|
|||||||
"id": "backend-command",
|
"id": "backend-command",
|
||||||
"description": "Command 요청은 Backend로 전달 (Audit 강제)",
|
"description": "Command 요청은 Backend로 전달 (Audit 강제)",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
|
"url": "<.*>://<.*>/api/v1/<.*>",
|
||||||
"methods": ["POST", "PUT", "PATCH", "DELETE"]
|
"methods": ["POST", "PUT", "PATCH", "DELETE"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -59,7 +59,7 @@
|
|||||||
"id": "backend-query",
|
"id": "backend-query",
|
||||||
"description": "Backend Query (admin/dev 포함)",
|
"description": "Backend Query (admin/dev 포함)",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/api/v1/<.*>",
|
"url": "<.*>://<.*>/api/v1/<.*>",
|
||||||
"methods": ["GET"]
|
"methods": ["GET"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -73,7 +73,7 @@
|
|||||||
"id": "hydra-well-known",
|
"id": "hydra-well-known",
|
||||||
"description": "Hydra OIDC Discovery & JWKS",
|
"description": "Hydra OIDC Discovery & JWKS",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/.well-known/<.*>",
|
"url": "<.*>://<.*>/.well-known/<.*>",
|
||||||
"methods": ["GET", "OPTIONS"]
|
"methods": ["GET", "OPTIONS"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -83,11 +83,26 @@
|
|||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-well-known-oidc",
|
||||||
|
"description": "Hydra OIDC Discovery & JWKS (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/.well-known/<.*>",
|
||||||
|
"methods": ["GET", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "hydra-oauth2",
|
"id": "hydra-oauth2",
|
||||||
"description": "Hydra OAuth2 Endpoints",
|
"description": "Hydra OAuth2 Endpoints",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/oauth2/<.*>",
|
"url": "<.*>://<.*>/oauth2/<.*>",
|
||||||
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
|
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -97,11 +112,26 @@
|
|||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-oauth2-oidc",
|
||||||
|
"description": "Hydra OAuth2 Endpoints (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/oauth2/<.*>",
|
||||||
|
"methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "hydra-userinfo",
|
"id": "hydra-userinfo",
|
||||||
"description": "Hydra Userinfo",
|
"description": "Hydra Userinfo",
|
||||||
"match": {
|
"match": {
|
||||||
"url": "<.*>://sso-test.hmac.kr/userinfo",
|
"url": "<.*>://<.*>/userinfo",
|
||||||
"methods": ["GET", "POST", "OPTIONS"]
|
"methods": ["GET", "POST", "OPTIONS"]
|
||||||
},
|
},
|
||||||
"upstream": {
|
"upstream": {
|
||||||
@@ -110,5 +140,20 @@
|
|||||||
"authenticators": [{ "handler": "noop" }],
|
"authenticators": [{ "handler": "noop" }],
|
||||||
"authorizer": { "handler": "allow" },
|
"authorizer": { "handler": "allow" },
|
||||||
"mutators": [{ "handler": "noop" }]
|
"mutators": [{ "handler": "noop" }]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "hydra-userinfo-oidc",
|
||||||
|
"description": "Hydra Userinfo (with /oidc prefix)",
|
||||||
|
"match": {
|
||||||
|
"url": "<.*>://<.*>/oidc/userinfo",
|
||||||
|
"methods": ["GET", "POST", "OPTIONS"]
|
||||||
|
},
|
||||||
|
"upstream": {
|
||||||
|
"url": "http://hydra:4444",
|
||||||
|
"strip_path_prefix": "/oidc"
|
||||||
|
},
|
||||||
|
"authenticators": [{ "handler": "noop" }],
|
||||||
|
"authorizer": { "handler": "allow" },
|
||||||
|
"mutators": [{ "handler": "noop" }]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
@@ -21,6 +21,8 @@ log_format json_combined escape=json
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
listen 5000;
|
listen 5000;
|
||||||
|
client_header_buffer_size 16k;
|
||||||
|
large_client_header_buffers 4 64k;
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
|
|
||||||
resolver 127.0.0.11 valid=10s ipv6=off;
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ import 'dart:convert';
|
|||||||
import 'package:http/http.dart' as http;
|
import 'package:http/http.dart' as http;
|
||||||
import 'package:flutter_dotenv/flutter_dotenv.dart';
|
import 'package:flutter_dotenv/flutter_dotenv.dart';
|
||||||
import 'http_client.dart';
|
import 'http_client.dart';
|
||||||
|
import 'dart:html' as html;
|
||||||
|
|
||||||
class AuthProxyService {
|
class AuthProxyService {
|
||||||
static String _envOrDefault(String key, String fallback) {
|
static String _envOrDefault(String key, String fallback) {
|
||||||
@@ -196,23 +197,60 @@ class AuthProxyService {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static Future<Map<String, dynamic>> loginWithPassword(String loginId, String password) async {
|
static Future<Map<String, dynamic>> loginWithPassword(String loginId, String password, {String? loginChallenge}) async {
|
||||||
final url = Uri.parse('$_baseUrl/api/v1/auth/password/login');
|
final url = Uri.parse('$_baseUrl/api/v1/auth/password/login');
|
||||||
|
|
||||||
|
final payload = {
|
||||||
|
'loginId': loginId,
|
||||||
|
'password': password,
|
||||||
|
if (loginChallenge != null && loginChallenge.isNotEmpty) 'login_challenge': loginChallenge,
|
||||||
|
};
|
||||||
|
|
||||||
final response = await http.post(
|
final response = await http.post(
|
||||||
url,
|
url,
|
||||||
headers: {'Content-Type': 'application/json'},
|
headers: {'Content-Type': 'application/json'},
|
||||||
body: jsonEncode({
|
body: jsonEncode(payload),
|
||||||
'loginId': loginId,
|
);
|
||||||
'password': password,
|
|
||||||
}),
|
if (response.statusCode == 200) {
|
||||||
|
final data = jsonDecode(response.body);
|
||||||
|
if (data['redirectTo'] != null && data['redirectTo'].isNotEmpty) {
|
||||||
|
html.window.location.href = data['redirectTo'];
|
||||||
|
}
|
||||||
|
return data;
|
||||||
|
} else {
|
||||||
|
final errorBody = jsonDecode(response.body);
|
||||||
|
throw Exception(errorBody['error'] ?? 'Failed to login');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
static Future<Map<String, dynamic>> getConsentInfo(String consentChallenge) async {
|
||||||
|
final url = Uri.parse('$_baseUrl/api/v1/auth/consent').replace(queryParameters: {'consent_challenge': consentChallenge});
|
||||||
|
final response = await http.get(
|
||||||
|
url,
|
||||||
|
headers: {'Content-Type': 'application/json'},
|
||||||
);
|
);
|
||||||
|
|
||||||
if (response.statusCode == 200) {
|
if (response.statusCode == 200) {
|
||||||
return jsonDecode(response.body);
|
return jsonDecode(response.body);
|
||||||
} else {
|
} else {
|
||||||
final errorBody = jsonDecode(response.body);
|
final errorBody = jsonDecode(response.body);
|
||||||
throw Exception(errorBody['error'] ?? 'Failed to login');
|
throw Exception(errorBody['error'] ?? 'Failed to get consent info');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static Future<Map<String, dynamic>> acceptConsent(String consentChallenge) async {
|
||||||
|
final url = Uri.parse('$_baseUrl/api/v1/auth/consent/accept');
|
||||||
|
final response = await http.post(
|
||||||
|
url,
|
||||||
|
headers: {'Content-Type': 'application/json'},
|
||||||
|
body: jsonEncode({'consent_challenge': consentChallenge}),
|
||||||
|
);
|
||||||
|
|
||||||
|
if (response.statusCode == 200) {
|
||||||
|
return jsonDecode(response.body);
|
||||||
|
} else {
|
||||||
|
final errorBody = jsonDecode(response.body);
|
||||||
|
throw Exception(errorBody['error'] ?? 'Failed to accept consent');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
123
userfront/lib/features/auth/presentation/consent_screen.dart
Normal file
123
userfront/lib/features/auth/presentation/consent_screen.dart
Normal file
@@ -0,0 +1,123 @@
|
|||||||
|
import 'dart:html' as html;
|
||||||
|
|
||||||
|
import 'package:flutter/material.dart';
|
||||||
|
import 'package:userfront/core/services/auth_proxy_service.dart';
|
||||||
|
|
||||||
|
class ConsentScreen extends StatefulWidget {
|
||||||
|
final String consentChallenge;
|
||||||
|
|
||||||
|
const ConsentScreen({super.key, required this.consentChallenge});
|
||||||
|
|
||||||
|
@override
|
||||||
|
State<ConsentScreen> createState() => _ConsentScreenState();
|
||||||
|
}
|
||||||
|
|
||||||
|
class _ConsentScreenState extends State<ConsentScreen> {
|
||||||
|
Map<String, dynamic>? _consentInfo;
|
||||||
|
bool _isLoading = true;
|
||||||
|
String? _error;
|
||||||
|
|
||||||
|
@override
|
||||||
|
void initState() {
|
||||||
|
super.initState();
|
||||||
|
_fetchConsentInfo();
|
||||||
|
}
|
||||||
|
|
||||||
|
Future<void> _fetchConsentInfo() async {
|
||||||
|
try {
|
||||||
|
final info = await AuthProxyService.getConsentInfo(widget.consentChallenge);
|
||||||
|
setState(() {
|
||||||
|
_consentInfo = info;
|
||||||
|
_isLoading = false;
|
||||||
|
});
|
||||||
|
} catch (e) {
|
||||||
|
setState(() {
|
||||||
|
_error = 'Failed to load consent information: $e';
|
||||||
|
_isLoading = false;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Future<void> _acceptConsent() async {
|
||||||
|
setState(() {
|
||||||
|
_isLoading = true;
|
||||||
|
_error = null;
|
||||||
|
});
|
||||||
|
try {
|
||||||
|
final result =
|
||||||
|
await AuthProxyService.acceptConsent(widget.consentChallenge);
|
||||||
|
if (result['redirectTo'] != null) {
|
||||||
|
html.window.location.href = result['redirectTo'];
|
||||||
|
} else {
|
||||||
|
setState(() {
|
||||||
|
_error = 'Consent accepted, but no redirect URL received.';
|
||||||
|
_isLoading = false;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
setState(() {
|
||||||
|
_error = 'Failed to accept consent: $e';
|
||||||
|
_isLoading = false;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@override
|
||||||
|
Widget build(BuildContext context) {
|
||||||
|
return Scaffold(
|
||||||
|
appBar: AppBar(title: const Text('Grant Access')),
|
||||||
|
body: Center(
|
||||||
|
child: _isLoading
|
||||||
|
? const CircularProgressIndicator()
|
||||||
|
: _error != null
|
||||||
|
? Text(_error!, style: const TextStyle(color: Colors.red))
|
||||||
|
: _consentInfo != null
|
||||||
|
? Card(
|
||||||
|
elevation: 4,
|
||||||
|
margin: const EdgeInsets.all(16),
|
||||||
|
child: Padding(
|
||||||
|
padding: const EdgeInsets.all(24.0),
|
||||||
|
child: Column(
|
||||||
|
mainAxisSize: MainAxisSize.min,
|
||||||
|
children: [
|
||||||
|
Text(
|
||||||
|
'${_consentInfo!['client']?['client_name'] ?? 'An application'} wants to access your account',
|
||||||
|
style: Theme.of(context).textTheme.headlineSmall,
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
),
|
||||||
|
const SizedBox(height: 24),
|
||||||
|
const Text('This will allow the application to:'),
|
||||||
|
const SizedBox(height: 16),
|
||||||
|
if (_consentInfo!['requested_scope'] != null)
|
||||||
|
...(_consentInfo!['requested_scope'] as List)
|
||||||
|
.map((scope) => ListTile(
|
||||||
|
leading: const Icon(Icons.check_circle_outline),
|
||||||
|
title: Text(scope.toString()),
|
||||||
|
))
|
||||||
|
.toList(),
|
||||||
|
const SizedBox(height: 24),
|
||||||
|
Row(
|
||||||
|
mainAxisAlignment: MainAxisAlignment.spaceEvenly,
|
||||||
|
children: [
|
||||||
|
TextButton(
|
||||||
|
onPressed: () {
|
||||||
|
// TODO: Implement reject consent
|
||||||
|
html.window.alert('Consent rejected. You can close this window.');
|
||||||
|
},
|
||||||
|
child: const Text('Deny'),
|
||||||
|
),
|
||||||
|
ElevatedButton(
|
||||||
|
onPressed: _acceptConsent,
|
||||||
|
child: const Text('Allow'),
|
||||||
|
),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
)
|
||||||
|
: const Text('No consent information available.'),
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -10,10 +10,13 @@ import '../../../core/services/auth_proxy_service.dart';
|
|||||||
import '../../../core/services/auth_token_store.dart';
|
import '../../../core/services/auth_token_store.dart';
|
||||||
import '../../../core/notifiers/auth_notifier.dart';
|
import '../../../core/notifiers/auth_notifier.dart';
|
||||||
import '../../profile/domain/notifiers/profile_notifier.dart';
|
import '../../profile/domain/notifiers/profile_notifier.dart';
|
||||||
|
import 'dart:html' as html;
|
||||||
|
|
||||||
class LoginScreen extends ConsumerStatefulWidget {
|
class LoginScreen extends ConsumerStatefulWidget {
|
||||||
final String? verificationToken;
|
final String? verificationToken;
|
||||||
const LoginScreen({super.key, this.verificationToken});
|
final String? loginChallenge;
|
||||||
|
|
||||||
|
const LoginScreen({super.key, this.verificationToken, this.loginChallenge});
|
||||||
|
|
||||||
@override
|
@override
|
||||||
ConsumerState<LoginScreen> createState() => _LoginScreenState();
|
ConsumerState<LoginScreen> createState() => _LoginScreenState();
|
||||||
@@ -26,6 +29,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
final TextEditingController _passwordLoginIdController = TextEditingController();
|
final TextEditingController _passwordLoginIdController = TextEditingController();
|
||||||
final TextEditingController _passwordController = TextEditingController();
|
final TextEditingController _passwordController = TextEditingController();
|
||||||
String? _redirectUrl;
|
String? _redirectUrl;
|
||||||
|
String? _loginChallenge;
|
||||||
|
|
||||||
// QR Login Variables
|
// QR Login Variables
|
||||||
String? _qrImageBase64;
|
String? _qrImageBase64;
|
||||||
@@ -58,14 +62,13 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
@override
|
@override
|
||||||
void initState() {
|
void initState() {
|
||||||
super.initState();
|
super.initState();
|
||||||
// 탭 컨트롤러: 3개 탭, 기본 선택은 두 번째 탭("로그인 링크")
|
|
||||||
_tabController = TabController(length: 3, vsync: this, initialIndex: 1);
|
_tabController = TabController(length: 3, vsync: this, initialIndex: 1);
|
||||||
_tabController.addListener(_handleTabSelection);
|
_tabController.addListener(_handleTabSelection);
|
||||||
_drySendEnabled = _parseBoolParam(Uri.base.queryParameters['drySend']) && !AuthProxyService.isProdEnv;
|
_drySendEnabled = _parseBoolParam(Uri.base.queryParameters['drySend']) && !AuthProxyService.isProdEnv;
|
||||||
|
|
||||||
// Check for tokens (Path Parameter or Legacy Query Parameter)
|
|
||||||
WidgetsBinding.instance.addPostFrameCallback((_) {
|
WidgetsBinding.instance.addPostFrameCallback((_) {
|
||||||
final uri = Uri.base;
|
final uri = Uri.base;
|
||||||
|
_loginChallenge = widget.loginChallenge ?? uri.queryParameters['login_challenge'];
|
||||||
final loginIdParam = uri.queryParameters['loginId'];
|
final loginIdParam = uri.queryParameters['loginId'];
|
||||||
final codeParam = uri.queryParameters['code'];
|
final codeParam = uri.queryParameters['code'];
|
||||||
final pendingRefParam = uri.queryParameters['pendingRef'];
|
final pendingRefParam = uri.queryParameters['pendingRef'];
|
||||||
@@ -190,7 +193,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// JWT를 디코딩해 표시용 로그인 아이디 추출
|
|
||||||
String _getLoginIdFromJwt(String jwt) {
|
String _getLoginIdFromJwt(String jwt) {
|
||||||
try {
|
try {
|
||||||
final parts = jwt.split('.');
|
final parts = jwt.split('.');
|
||||||
@@ -198,7 +200,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
|
|
||||||
final payload = utf8.decode(base64Url.decode(base64Url.normalize(parts[1])));
|
final payload = utf8.decode(base64Url.decode(base64Url.normalize(parts[1])));
|
||||||
final data = json.decode(payload);
|
final data = json.decode(payload);
|
||||||
// 일반적으로 name/email/sub 필드를 사용
|
|
||||||
return data['name'] ?? data['email'] ?? data['sub'] ?? 'User';
|
return data['name'] ?? data['email'] ?? data['sub'] ?? 'User';
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
debugPrint("[JWT] Decode error: $e");
|
debugPrint("[JWT] Decode error: $e");
|
||||||
@@ -207,7 +208,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
}
|
}
|
||||||
|
|
||||||
void _handleTabSelection() {
|
void _handleTabSelection() {
|
||||||
// QR 탭 (세 번째 탭, index 2)이 선택되었을 때 QR 플로우 시작
|
|
||||||
if (_tabController.index == 2 && _qrPendingRef == null) {
|
if (_tabController.index == 2 && _qrPendingRef == null) {
|
||||||
_startQrFlow();
|
_startQrFlow();
|
||||||
} else if (_tabController.index != 2) {
|
} else if (_tabController.index != 2) {
|
||||||
@@ -626,7 +626,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
super.dispose();
|
super.dispose();
|
||||||
}
|
}
|
||||||
|
|
||||||
// 이메일/비밀번호 로그인 처리
|
|
||||||
Future<void> _handlePasswordLogin() async {
|
Future<void> _handlePasswordLogin() async {
|
||||||
final input = _passwordLoginIdController.text.trim();
|
final input = _passwordLoginIdController.text.trim();
|
||||||
final password = _passwordController.text.trim();
|
final password = _passwordController.text.trim();
|
||||||
@@ -637,14 +636,12 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
|
|
||||||
String loginId = input;
|
String loginId = input;
|
||||||
if (!input.contains('@')) {
|
if (!input.contains('@')) {
|
||||||
// Format phone number if it's not an email
|
|
||||||
loginId = input.replaceAll(RegExp(r'[-\s]'), '');
|
loginId = input.replaceAll(RegExp(r'[-\s]'), '');
|
||||||
if (loginId.startsWith('010')) {
|
if (loginId.startsWith('010')) {
|
||||||
loginId = '+82${loginId.substring(1)}';
|
loginId = '+82${loginId.substring(1)}';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 로딩 인디케이터 표시
|
|
||||||
showDialog(
|
showDialog(
|
||||||
context: context,
|
context: context,
|
||||||
barrierDismissible: false,
|
barrierDismissible: false,
|
||||||
@@ -652,15 +649,23 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
);
|
);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
final res = await AuthProxyService.loginWithPassword(loginId, password);
|
final res = await AuthProxyService.loginWithPassword(loginId, password, loginChallenge: _loginChallenge);
|
||||||
final jwt = res['sessionJwt'];
|
final jwt = res['sessionJwt'];
|
||||||
final provider = res['provider'] as String?;
|
final provider = res['provider'] as String?;
|
||||||
if (jwt != null && mounted) {
|
final redirectTo = res['redirectTo'] as String?;
|
||||||
Navigator.of(context).pop(); // 로딩 닫기
|
|
||||||
|
if (mounted) Navigator.of(context).pop();
|
||||||
|
|
||||||
|
if (redirectTo != null && redirectTo.isNotEmpty) {
|
||||||
|
html.window.location.href = redirectTo;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (jwt != null) {
|
||||||
_onLoginSuccess(jwt, provider: provider);
|
_onLoginSuccess(jwt, provider: provider);
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (mounted) Navigator.of(context).pop(); // 로딩 닫기
|
if (mounted) Navigator.of(context).pop();
|
||||||
if (e.toString().contains("User not registered")) {
|
if (e.toString().contains("User not registered")) {
|
||||||
_showUnregisteredDialog();
|
_showUnregisteredDialog();
|
||||||
} else {
|
} else {
|
||||||
@@ -669,14 +674,12 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 로그인 링크 전송 처리
|
|
||||||
Future<void> _handleLinkLogin() async {
|
Future<void> _handleLinkLogin() async {
|
||||||
final input = _linkIdController.text.trim();
|
final input = _linkIdController.text.trim();
|
||||||
if (input.isEmpty) return;
|
if (input.isEmpty) return;
|
||||||
|
|
||||||
String loginId = input;
|
String loginId = input;
|
||||||
if (!input.contains('@')) {
|
if (!input.contains('@')) {
|
||||||
// Format phone number if it's not an email
|
|
||||||
loginId = input.replaceAll(RegExp(r'[-\s]'), '');
|
loginId = input.replaceAll(RegExp(r'[-\s]'), '');
|
||||||
if (loginId.startsWith('010')) {
|
if (loginId.startsWith('010')) {
|
||||||
loginId = '+82${loginId.substring(1)}';
|
loginId = '+82${loginId.substring(1)}';
|
||||||
@@ -685,7 +688,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
|
|
||||||
debugPrint("[Auth] Initiating Enchanted Link for: $loginId");
|
debugPrint("[Auth] Initiating Enchanted Link for: $loginId");
|
||||||
|
|
||||||
// 링크 전송 전 사용자 존재 여부 체크 (백엔드에서 이미 처리하지만 에러 핸들링을 위해)
|
|
||||||
try {
|
try {
|
||||||
await _startEnchantedFlow(loginId, isEmail: input.contains('@'));
|
await _startEnchantedFlow(loginId, isEmail: input.contains('@'));
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
@@ -707,7 +709,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 1. Init via Backend API
|
|
||||||
final initResponse = await AuthProxyService.initEnchantedLink(
|
final initResponse = await AuthProxyService.initEnchantedLink(
|
||||||
loginId,
|
loginId,
|
||||||
codeOnly: codeOnly,
|
codeOnly: codeOnly,
|
||||||
@@ -727,13 +728,12 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
_lastLinkLoginId = loginId;
|
_lastLinkLoginId = loginId;
|
||||||
_lastLinkIsEmail = isEmail;
|
_lastLinkIsEmail = isEmail;
|
||||||
});
|
});
|
||||||
Navigator.of(context).pop(); // Close Loading
|
Navigator.of(context).pop();
|
||||||
|
|
||||||
_showInfo(isEmail
|
_showInfo(isEmail
|
||||||
? "입력하신 이메일로 로그인 링크를 보냈습니다."
|
? "입력하신 이메일로 로그인 링크를 보냈습니다."
|
||||||
: "입력하신 번호로 로그인 링크를 보냈습니다.");
|
: "입력하신 번호로 로그인 링크를 보냈습니다.");
|
||||||
|
|
||||||
// 2. Poll Backend manually
|
|
||||||
final initialInterval = (interval is int && interval > 0)
|
final initialInterval = (interval is int && interval > 0)
|
||||||
? Duration(seconds: interval)
|
? Duration(seconds: interval)
|
||||||
: const Duration(seconds: 2);
|
: const Duration(seconds: 2);
|
||||||
@@ -761,7 +761,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
|
|
||||||
Future<void> _pollForSession(String pendingRef, {Duration? initialInterval}) async {
|
Future<void> _pollForSession(String pendingRef, {Duration? initialInterval}) async {
|
||||||
int attempts = 0;
|
int attempts = 0;
|
||||||
const maxAttempts = 60; // 2 minutes
|
const maxAttempts = 60;
|
||||||
var pollInterval = initialInterval ?? const Duration(seconds: 2);
|
var pollInterval = initialInterval ?? const Duration(seconds: 2);
|
||||||
debugPrint("[Auth] Starting poll for ref: $pendingRef");
|
debugPrint("[Auth] Starting poll for ref: $pendingRef");
|
||||||
|
|
||||||
@@ -789,7 +789,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
}
|
}
|
||||||
if (result['error'] == 'expired_token') {
|
if (result['error'] == 'expired_token') {
|
||||||
if (mounted) {
|
if (mounted) {
|
||||||
Navigator.of(context).pop(); // Close Polling Dialog
|
Navigator.of(context).pop();
|
||||||
_showError("Login timed out.");
|
_showError("Login timed out.");
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
@@ -820,7 +820,7 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
|
|
||||||
if (mounted) {
|
if (mounted) {
|
||||||
debugPrint("[Auth] Polling timed out for ref: $pendingRef");
|
debugPrint("[Auth] Polling timed out for ref: $pendingRef");
|
||||||
Navigator.of(context).pop(); // Close Polling Dialog
|
Navigator.of(context).pop();
|
||||||
_showError("Login timed out.");
|
_showError("Login timed out.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -879,19 +879,16 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
AuthTokenStore.setToken(token, provider: providerName);
|
AuthTokenStore.setToken(token, provider: providerName);
|
||||||
AuthTokenStore.clearPendingProvider();
|
AuthTokenStore.clearPendingProvider();
|
||||||
|
|
||||||
// 로그인 성공 직후 백엔드에서 전체 프로필 정보를 가져와 세션 업데이트
|
|
||||||
try {
|
try {
|
||||||
await ref.read(profileProvider.notifier).loadProfile();
|
await ref.read(profileProvider.notifier).loadProfile();
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
debugPrint("[Auth] Failed to pre-fetch profile: $e");
|
debugPrint("[Auth] Failed to pre-fetch profile: $e");
|
||||||
}
|
}
|
||||||
|
|
||||||
// 1. Handle Popup Flow
|
|
||||||
if (WebAuthIntegration.isPopup()) {
|
if (WebAuthIntegration.isPopup()) {
|
||||||
debugPrint("[Auth] Popup detected. Notifying opener and attempting to close.");
|
debugPrint("[Auth] Popup detected. Notifying opener and attempting to close.");
|
||||||
WebAuthIntegration.sendLoginSuccess(token);
|
WebAuthIntegration.sendLoginSuccess(token);
|
||||||
} else {
|
} else {
|
||||||
// 2. Handle Redirect Flow
|
|
||||||
if (_redirectUrl != null && _redirectUrl!.isNotEmpty) {
|
if (_redirectUrl != null && _redirectUrl!.isNotEmpty) {
|
||||||
debugPrint("[Auth] Redirecting standalone window to: $_redirectUrl");
|
debugPrint("[Auth] Redirecting standalone window to: $_redirectUrl");
|
||||||
final target = "$_redirectUrl?token=$token";
|
final target = "$_redirectUrl?token=$token";
|
||||||
@@ -900,7 +897,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. Standalone mode / Fallback
|
|
||||||
debugPrint("[Auth] Login success. Navigating to root.");
|
debugPrint("[Auth] Login success. Navigating to root.");
|
||||||
AuthNotifier.instance.notify();
|
AuthNotifier.instance.notify();
|
||||||
if (mounted) {
|
if (mounted) {
|
||||||
@@ -908,7 +904,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// [New] 미등록 회원 안내 팝업
|
|
||||||
void _showUnregisteredDialog() {
|
void _showUnregisteredDialog() {
|
||||||
showDialog(
|
showDialog(
|
||||||
context: context,
|
context: context,
|
||||||
@@ -1010,7 +1005,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
child: TabBarView(
|
child: TabBarView(
|
||||||
controller: _tabController,
|
controller: _tabController,
|
||||||
children: [
|
children: [
|
||||||
// 1. 이메일/비밀번호 로그인 폼
|
|
||||||
Padding(
|
Padding(
|
||||||
padding: const EdgeInsets.only(top: 16.0),
|
padding: const EdgeInsets.only(top: 16.0),
|
||||||
child: Column(
|
child: Column(
|
||||||
@@ -1047,7 +1041,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
||||||
// 2. 로그인 링크 전송 -> 전송 후 코드 입력으로 전환
|
|
||||||
Padding(
|
Padding(
|
||||||
padding: const EdgeInsets.only(top: 16.0),
|
padding: const EdgeInsets.only(top: 16.0),
|
||||||
child: Column(
|
child: Column(
|
||||||
@@ -1188,7 +1181,6 @@ class _LoginScreenState extends ConsumerState<LoginScreen>
|
|||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
||||||
// 3. QR 로그인 뷰
|
|
||||||
Column(
|
Column(
|
||||||
mainAxisAlignment: MainAxisAlignment.center,
|
mainAxisAlignment: MainAxisAlignment.center,
|
||||||
crossAxisAlignment: CrossAxisAlignment.center,
|
crossAxisAlignment: CrossAxisAlignment.center,
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ import 'core/services/auth_token_store.dart';
|
|||||||
import 'core/services/logger_service.dart';
|
import 'core/services/logger_service.dart';
|
||||||
import 'core/notifiers/auth_notifier.dart';
|
import 'core/notifiers/auth_notifier.dart';
|
||||||
import 'package:logging/logging.dart';
|
import 'package:logging/logging.dart';
|
||||||
|
import 'features/auth/presentation/consent_screen.dart';
|
||||||
|
|
||||||
final _log = Logger('Main');
|
final _log = Logger('Main');
|
||||||
|
|
||||||
@@ -91,9 +92,10 @@ final _router = GoRouter(
|
|||||||
GoRoute(
|
GoRoute(
|
||||||
path: '/signin',
|
path: '/signin',
|
||||||
builder: (context, state) {
|
builder: (context, state) {
|
||||||
_routerLogger.info("Navigating to /signin");
|
final loginChallenge = state.uri.queryParameters['login_challenge'];
|
||||||
return LoginScreen(key: state.pageKey);
|
_routerLogger.info("Navigating to /signin with login_challenge: $loginChallenge");
|
||||||
}
|
return LoginScreen(key: state.pageKey, loginChallenge: loginChallenge);
|
||||||
|
},
|
||||||
),
|
),
|
||||||
GoRoute(
|
GoRoute(
|
||||||
path: '/login',
|
path: '/login',
|
||||||
@@ -102,6 +104,18 @@ final _router = GoRouter(
|
|||||||
return LoginScreen(key: state.pageKey);
|
return LoginScreen(key: state.pageKey);
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
|
GoRoute(
|
||||||
|
path: '/consent',
|
||||||
|
builder: (BuildContext context, GoRouterState state) {
|
||||||
|
final consentChallenge = state.uri.queryParameters['consent_challenge'];
|
||||||
|
if (consentChallenge == null) {
|
||||||
|
_routerLogger.warning("Consent screen loaded without a challenge.");
|
||||||
|
return const Scaffold(body: Center(child: Text('Error: Consent challenge is missing.')));
|
||||||
|
}
|
||||||
|
_routerLogger.info("Navigating to /consent with challenge.");
|
||||||
|
return ConsentScreen(consentChallenge: consentChallenge);
|
||||||
|
},
|
||||||
|
),
|
||||||
GoRoute(
|
GoRoute(
|
||||||
path: '/signup',
|
path: '/signup',
|
||||||
builder: (context, state) {
|
builder: (context, state) {
|
||||||
@@ -243,7 +257,8 @@ final _router = GoRouter(
|
|||||||
path == '/recovery' ||
|
path == '/recovery' ||
|
||||||
path == '/reset-password' ||
|
path == '/reset-password' ||
|
||||||
path == '/error' ||
|
path == '/error' ||
|
||||||
path == '/settings';
|
path == '/settings' ||
|
||||||
|
path == '/consent'; // Consent page is public
|
||||||
|
|
||||||
_routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn");
|
_routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn");
|
||||||
|
|
||||||
@@ -254,7 +269,12 @@ final _router = GoRouter(
|
|||||||
|
|
||||||
// If not logged in and trying to access a protected page, redirect to /signin
|
// If not logged in and trying to access a protected page, redirect to /signin
|
||||||
if (!isLoggedIn) {
|
if (!isLoggedIn) {
|
||||||
_routerLogger.info("Not logged in, redirecting to /signin");
|
_routerLogger.info("Not logged in, redirecting to /signin");
|
||||||
|
// Preserve OIDC challenge if present
|
||||||
|
final loginChallenge = state.uri.queryParameters['login_challenge'];
|
||||||
|
if (loginChallenge != null) {
|
||||||
|
return '/signin?login_challenge=$loginChallenge';
|
||||||
|
}
|
||||||
return '/signin';
|
return '/signin';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user