fix: harden login for MLPS requirements

This commit is contained in:
2026-05-14 11:05:20 +08:00
parent ecf3ee1ef0
commit 879677516f
39 changed files with 1230 additions and 71 deletions
@@ -25,10 +25,19 @@ func NewAuthHandler(a *bootstrap.App) *AuthHandler {
a.JWT,
a.Sessions,
a.LoginGuard,
),
).WithPasswordCipher(a.PasswordCipher),
}
}
func (h *AuthHandler) PasswordPublicKey(c *gin.Context) {
key := h.svc.PasswordPublicKey()
if key == nil {
response.Error(c, response.ErrNotFound(40420, "password_cipher_disabled", "password cipher is disabled"))
return
}
response.Success(c, key)
}
func (h *AuthHandler) Login(c *gin.Context) {
var req app.LoginRequest
if err := c.ShouldBindJSON(&req); err != nil {
@@ -13,6 +13,7 @@ func RegisterRoutes(app *bootstrap.App) {
authAPI := app.Engine.Group("/api/auth")
authHandler := NewAuthHandler(app)
authAPI.GET("/password-key", authHandler.PasswordPublicKey)
authAPI.POST("/login", authHandler.Login)
authAPI.POST("/refresh", authHandler.Refresh)
@@ -59,6 +59,7 @@ func TestPublicRoutes_NoAuth(t *testing.T) {
method string
path string
}{
{http.MethodGet, "/api/auth/password-key"},
{http.MethodPost, "/api/auth/login"},
{http.MethodPost, "/api/auth/refresh"},
{http.MethodGet, "/api/health/live"},