[오승석] email 저장 제거

- CollectionLink에 email 저장 안함 - whitelist key 변경: Email -> Alias
2024-08-06 21:04:48 +09:00
parent d6daa9bdba
commit 37f37899df
4 changed files with 33 additions and 23 deletions
--- a/core/maingate.go
+++ b/core/maingate.go
@ -306,9 +306,12 @@ func (mg *Maingate) prepare(context context.Context) (err error) {
 		return logger.ErrorWithCallStack(err)
 	}

-	if err = mg.mongoClient.MakeUniqueIndices(CollectionLink, map[string]bson.D{
-		"emailplatform": {{Key: "email", Value: 1}, {Key: "platform", Value: 1}},
-	}); err != nil {
+	// if err = mg.mongoClient.MakeUniqueIndices(CollectionLink, map[string]bson.D{
+	// 	"emailplatform": {{Key: "email", Value: 1}, {Key: "platform", Value: 1}},
+	// }); err != nil {
+	// 	return logger.ErrorWithCallStack(err)
+	// }
+	if err = mg.mongoClient.DropIndex(CollectionLink, "emailplatform"); err != nil {
 		return logger.ErrorWithCallStack(err)
 	}

--- a/core/service.go
+++ b/core/service.go
@ -30,18 +30,14 @@ type blockinfo struct {

 type whitelistmember struct {
 	Id        primitive.ObjectID `bson:"_id" json:"_id"`
-	Email     string             `bson:"email" json:"email"`
+	Alias     string             `bson:"alias" json:"alias"`
 	Platform  string             `bson:"platform" json:"platform"`
 	Desc      string             `bson:"desc" json:"desc"`
 	ExpiredAt primitive.DateTime `bson:"_ts,omitempty" json:"_ts,omitempty"`
 }

 func (wh *whitelistmember) Key() string {
-	if strings.HasPrefix(wh.Email, "*@") {
-		// 도메인 전체 허용
-		return wh.Email[2:]
-	}
-	return wh.Email
+	return wh.Alias
 }

 func (wh *whitelistmember) Expired() bool {
@ -349,7 +345,8 @@ func (sh *serviceDescription) link(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	email, err := sh.readProfile(newType, newId, bfinfo)
+	//email, err := sh.readProfile(newType, newId, bfinfo)
+	_, err = sh.readProfile(newType, newId, bfinfo)
 	if err != nil {
 		logger.Error("readProfile(new) failed :", err)
 		w.WriteHeader(http.StatusBadRequest)
@ -388,7 +385,7 @@ func (sh *serviceDescription) link(w http.ResponseWriter, r *http.Request) {
 	}, bson.M{
 		"$setOnInsert": bson.M{
 			"create": createtime,
-			"email":  email,
+			//"email":  email,
 		},
 	}, options.FindOneAndUpdate().SetReturnDocument(options.After).SetUpsert(true).SetProjection(bson.M{"_id": 1}))
 	if err != nil {
@ -638,16 +635,22 @@ func (sh *serviceDescription) emailinfo(w http.ResponseWriter, r *http.Request)
 	}

 	queryvals := r.URL.Query()
-	sk := queryvals.Get("sk")
+	reqauthtype := queryvals.Get("type")
+	uid := queryvals.Get("id")

-	authInfo, err := sh.sessionProvider.Query(sk)
+	bfinfo, err := sh.getUserBrowserInfo(r)
 	if err != nil {
-		logger.Println("sessionProvider.Query return err :", err)
-		w.WriteHeader(http.StatusInternalServerError)
+		logger.Error("getUserBrowserInfo failed :", err)
+		w.WriteHeader(http.StatusBadRequest)
 		return
 	}

-	email := authInfo.Email
+	email, err := sh.readProfile(reqauthtype, uid, bfinfo)
+	if err != nil {
+		logger.Error("readProfile(new) failed :", err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}

 	if strings.HasPrefix(email, "__dummy_") && strings.HasSuffix(email, "temp__") {
 		email = ""
@ -663,7 +666,6 @@ func (sh *serviceDescription) emailinfo(w http.ResponseWriter, r *http.Request)
 	//logger.Println("Email :", email)

 	w.Write([]byte(fmt.Sprintf(`{"email":"%s"}`, email)))
-
 }

 func (sh *serviceDescription) authorize_dev(w http.ResponseWriter, r *http.Request) {
@ -789,7 +791,7 @@ func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request)
 	}, bson.M{
 		"$setOnInsert": bson.M{
 			"create": createtime,
-			"email":  email,
+			//"email":  email,
 		},
 	}, options.FindOneAndUpdate().SetReturnDocument(options.After).SetUpsert(true).SetProjection(bson.M{"_id": 1, "_ts": 1}))
 	if err != nil {
@ -826,11 +828,16 @@ func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request)
 		return
 	}

+	alias := r.Header.Get("AS-X-ALIAS")
+	if len(alias) == 0 {
+		alias = email
+	}
+
 	sk, err = sh.sessionProvider.New(&session.Authorization{
 		Account:  accid,
 		Platform: reqauthtype,
 		Uid:      uid,
-		Email:    email,
+		Alias:    alias,
 	})
 	if err != nil {
 		logger.Error("authorize failed. sessionProvider.New err:", err)
@ -1080,7 +1087,7 @@ func (sh *serviceDescription) serveHTTP(w http.ResponseWriter, r *http.Request)
 					return
 				}

-				wm := &whitelistmember{Email: authInfo.Email, Platform: authInfo.Platform}
+				wm := &whitelistmember{Alias: authInfo.Alias, Platform: authInfo.Platform}
 				if _, ok := sh.wl.get(wm.Key()); ok {
 					// qa 권한이면 입장 가능
 					addrresp = div.urlsSerialized