fix: harden login for MLPS requirements

This commit is contained in:
2026-05-14 11:05:20 +08:00
parent ecf3ee1ef0
commit 879677516f
39 changed files with 1230 additions and 71 deletions
+18 -1
View File
@@ -6,12 +6,14 @@ import (
"go.uber.org/zap"
"github.com/geo-platform/tenant-api/internal/ops/app"
sharedconfig "github.com/geo-platform/tenant-api/internal/shared/config"
"github.com/geo-platform/tenant-api/internal/shared/middleware"
"github.com/geo-platform/tenant-api/internal/shared/response"
)
type Deps struct {
Engine *gin.Engine
Server sharedconfig.ServerConfig
Logger *zap.Logger
DB *pgxpool.Pool
MonitoringDB *pgxpool.Pool
@@ -26,13 +28,27 @@ type Deps struct {
Compliance *app.ComplianceService
}
func (d Deps) ServerAllowedOrigins() []string {
return d.Server.AllowedOrigins
}
func (d Deps) ServerSecurityHeadersEnabled() bool {
return d.Server.SecurityHeaders.Enabled
}
func RegisterRoutes(d Deps) {
d.Engine.Use(
middleware.Recovery(d.Logger),
middleware.RequestID(),
middleware.Logger(d.Logger),
middleware.CORS(),
)
if d.ServerSecurityHeadersEnabled() {
d.Engine.Use(middleware.SecurityHeaders())
}
d.Engine.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowedOrigins: d.ServerAllowedOrigins(),
AllowAll: len(d.ServerAllowedOrigins()) == 0,
}))
d.Engine.GET("/api/health/live", func(c *gin.Context) {
response.Success(c, gin.H{"status": "alive"})
@@ -53,6 +69,7 @@ func RegisterRoutes(d Deps) {
api := d.Engine.Group("/api/ops")
{
api.GET("/auth/password-key", passwordPublicKeyHandler(d.Auth))
api.POST("/auth/login", loginHandler(d.Auth))
}