fix: OAuth registration missing email domain whitelist check for trial gifting
**Problem**: OAuth registration path (Google, Apple, Telegram) was missing the email domain whitelist validation, causing trial subscriptions to be granted to all users regardless of the whitelist configuration. **Root Cause**: The previous commit (3417da2a) that implemented trial domain whitelist only updated device/phone/email direct registration paths, but missed the OAuth registration path in oAuthLoginGetTokenLogic.go. **Solution**: - Added email domain whitelist check to OAuth register() method - Added isEmailDomainWhitelisted() helper function matching the pattern used in other auth logic files - Only activate trial if EnableTrial=true AND (whitelist disabled OR email domain matches whitelist) - Added email logging to trial subscription activation log Affected flows: - OAuth Google login with new user - OAuth Apple login with new user - OAuth Telegram login with new user Co-Authored-By: claude-flow <ruv@ruv.net>
This commit is contained in:
parent
92f278d38b
commit
d586bbeabb
@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/perfect-panel/server/internal/config"
|
||||
@ -393,10 +394,15 @@ func (l *OAuthLoginGetTokenLogic) register(email, avatar, method, openid, reques
|
||||
}
|
||||
}
|
||||
|
||||
if l.svcCtx.Config.Register.EnableTrial {
|
||||
rc := l.svcCtx.Config.Register
|
||||
// Only activate trial if whitelist is not enabled, or email domain matches whitelist
|
||||
shouldActivateTrial := rc.EnableTrial && (!rc.EnableTrialEmailWhitelist || (email != "" && l.isEmailDomainWhitelisted(email, rc.TrialEmailDomainWhitelist)))
|
||||
|
||||
if shouldActivateTrial {
|
||||
l.Debugw("activating trial subscription",
|
||||
logger.Field("request_id", requestID),
|
||||
logger.Field("user_id", userInfo.Id),
|
||||
logger.Field("email", email),
|
||||
)
|
||||
var trialErr error
|
||||
trialSubscribe, trialErr = l.activeTrial(userInfo.Id, requestID)
|
||||
@ -882,3 +888,22 @@ func (l *OAuthLoginGetTokenLogic) activeTrial(uid int64, requestID string) (*use
|
||||
)
|
||||
return userSub, nil
|
||||
}
|
||||
|
||||
// isEmailDomainWhitelisted checks if the email's domain is in the comma-separated whitelist.
|
||||
// Returns false if the email format is invalid.
|
||||
func (l *OAuthLoginGetTokenLogic) isEmailDomainWhitelisted(email, whitelistCSV string) bool {
|
||||
if whitelistCSV == "" {
|
||||
return false
|
||||
}
|
||||
parts := strings.SplitN(email, "@", 2)
|
||||
if len(parts) != 2 {
|
||||
return false
|
||||
}
|
||||
domain := strings.ToLower(strings.TrimSpace(parts[1]))
|
||||
for _, d := range strings.Split(whitelistCSV, ",") {
|
||||
if strings.ToLower(strings.TrimSpace(d)) == domain {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user