fix: OAuth registration missing email domain whitelist check for trial gifting
**Problem**: OAuth registration path (Google, Apple, Telegram) was missing the email domain whitelist validation, causing trial subscriptions to be granted to all users regardless of the whitelist configuration. **Root Cause**: The previous commit (3417da2a) that implemented trial domain whitelist only updated device/phone/email direct registration paths, but missed the OAuth registration path in oAuthLoginGetTokenLogic.go. **Solution**: - Added email domain whitelist check to OAuth register() method - Added isEmailDomainWhitelisted() helper function matching the pattern used in other auth logic files - Only activate trial if EnableTrial=true AND (whitelist disabled OR email domain matches whitelist) - Added email logging to trial subscription activation log Affected flows: - OAuth Google login with new user - OAuth Apple login with new user - OAuth Telegram login with new user Co-Authored-By: claude-flow <ruv@ruv.net>
This commit is contained in:
parent
92f278d38b
commit
d586bbeabb
@ -4,6 +4,7 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/perfect-panel/server/internal/config"
|
"github.com/perfect-panel/server/internal/config"
|
||||||
@ -393,10 +394,15 @@ func (l *OAuthLoginGetTokenLogic) register(email, avatar, method, openid, reques
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if l.svcCtx.Config.Register.EnableTrial {
|
rc := l.svcCtx.Config.Register
|
||||||
|
// Only activate trial if whitelist is not enabled, or email domain matches whitelist
|
||||||
|
shouldActivateTrial := rc.EnableTrial && (!rc.EnableTrialEmailWhitelist || (email != "" && l.isEmailDomainWhitelisted(email, rc.TrialEmailDomainWhitelist)))
|
||||||
|
|
||||||
|
if shouldActivateTrial {
|
||||||
l.Debugw("activating trial subscription",
|
l.Debugw("activating trial subscription",
|
||||||
logger.Field("request_id", requestID),
|
logger.Field("request_id", requestID),
|
||||||
logger.Field("user_id", userInfo.Id),
|
logger.Field("user_id", userInfo.Id),
|
||||||
|
logger.Field("email", email),
|
||||||
)
|
)
|
||||||
var trialErr error
|
var trialErr error
|
||||||
trialSubscribe, trialErr = l.activeTrial(userInfo.Id, requestID)
|
trialSubscribe, trialErr = l.activeTrial(userInfo.Id, requestID)
|
||||||
@ -882,3 +888,22 @@ func (l *OAuthLoginGetTokenLogic) activeTrial(uid int64, requestID string) (*use
|
|||||||
)
|
)
|
||||||
return userSub, nil
|
return userSub, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// isEmailDomainWhitelisted checks if the email's domain is in the comma-separated whitelist.
|
||||||
|
// Returns false if the email format is invalid.
|
||||||
|
func (l *OAuthLoginGetTokenLogic) isEmailDomainWhitelisted(email, whitelistCSV string) bool {
|
||||||
|
if whitelistCSV == "" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
parts := strings.SplitN(email, "@", 2)
|
||||||
|
if len(parts) != 2 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
domain := strings.ToLower(strings.TrimSpace(parts[1]))
|
||||||
|
for _, d := range strings.Split(whitelistCSV, ",") {
|
||||||
|
if strings.ToLower(strings.TrimSpace(d)) == domain {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user