feat(server/auth): switch user identity to phone with email optional

Phone becomes the required, unique login identifier; email and name turn
optional. Login now accepts either via a single identifier field, refresh
re-checks tenant membership, and the dev seed provides phone numbers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-29 00:01:36 +08:00
parent a6b17bae62
commit ee21f512a9
11 changed files with 225 additions and 40 deletions
+6 -6
View File
@@ -326,15 +326,15 @@ func ensureNamedTenant(ctx context.Context, tx pgx.Tx, name string) (int64, erro
}
func ensureUser(ctx context.Context, tx pgx.Tx, passwordHash string) (int64, error) {
return ensureNamedUser(ctx, tx, "admin@geo.local", "Admin", passwordHash)
return ensureNamedUser(ctx, tx, "admin@geo.local", "13800138000", "Admin", passwordHash)
}
func ensureNamedUser(ctx context.Context, tx pgx.Tx, email, name, passwordHash string) (int64, error) {
func ensureNamedUser(ctx context.Context, tx pgx.Tx, email, phone, name, passwordHash string) (int64, error) {
var userID int64
err := tx.QueryRow(ctx, `
WITH ensured AS (
INSERT INTO users (email, password_hash, name, status)
VALUES ($1, $2, $3, 'active')
INSERT INTO users (email, phone, password_hash, name, status)
VALUES ($1, $2, $3, $4, 'active')
ON CONFLICT DO NOTHING
RETURNING id
)
@@ -342,7 +342,7 @@ func ensureNamedUser(ctx context.Context, tx pgx.Tx, email, name, passwordHash s
UNION ALL
SELECT id FROM users WHERE email = $1
LIMIT 1
`, email, passwordHash, name).Scan(&userID)
`, email, phone, passwordHash, name).Scan(&userID)
return userID, wrapSeedErr("insert user", err)
}
@@ -412,7 +412,7 @@ func ensureSecondaryTenantUser(
return 0, 0, err
}
userID, err := ensureNamedUser(ctx, tx, "test@geo.local", "test", string(hash))
userID, err := ensureNamedUser(ctx, tx, "test@geo.local", "13800138001", "test", string(hash))
if err != nil {
return 0, 0, err
}