From a453d4b5afa1c15ed73310e5a40446a4506470f1 Mon Sep 17 00:00:00 2001 From: F04C Date: Thu, 15 Jan 2026 13:51:29 +0800 Subject: [PATCH] fixed error message if there's no email address found in the server --- handlers/google_auth.go | 68 ++--------------------------------------- 1 file changed, 2 insertions(+), 66 deletions(-) diff --git a/handlers/google_auth.go b/handlers/google_auth.go index 662c22b..aa9338a 100644 --- a/handlers/google_auth.go +++ b/handlers/google_auth.go @@ -87,70 +87,6 @@ func generateRandomState() string { return fmt.Sprintf("%x", b) } -// checkUserAuthorization calls the authorization microservice to verify user permissions -func checkUserAuthorization(userID, accessToken string) (bool, error) { - if AuthorizationURL == "" { - helper.LogWarn("AUTHORIZATION_URL not configured, skipping authorization check") - return false, nil // Allow access if authorization service is not configured - } - - // Prepare request to authorization microservice - authCheckURL := fmt.Sprintf("%s", AuthorizationURL) - - reqBody := map[string]string{ - "user_id": userID, - "resource": "dashboard", - "action": "view", - } - - jsonData, err := json.Marshal(reqBody) - if err != nil { - helper.LogError(err, "Failed to marshal authorization request") - return false, err - } - - req, err := http.NewRequest("POST", authCheckURL, strings.NewReader(string(jsonData))) - if err != nil { - helper.LogError(err, "Failed to create authorization request") - return false, err - } - - log.Print("JSON Data Sent to AuthZ Service: ", string(jsonData)) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Authorization", "Bearer "+accessToken) - - client := &http.Client{Timeout: 5 * time.Second} - resp, err := client.Do(req) - if err != nil { - helper.LogError(err, "Failed to call authorization microservice") - return false, err - } - defer resp.Body.Close() - - // Read the response body first for logging - bodyBytes, err := io.ReadAll(resp.Body) - if err != nil { - helper.LogError(err, "Failed to read authorization response body") - return false, err - } - - log.Printf("AUTHZ RAW RESPONSE Status: %d, Body: %s", resp.StatusCode, string(bodyBytes)) - - // Parse response - var authResp models.AuthorizationResponse - if err := json.Unmarshal(bodyBytes, &authResp); err != nil { - helper.LogError(err, "Failed to decode authorization response") - log.Printf("Failed to unmarshal response body: %s", string(bodyBytes)) - return false, err - } - - log.Printf("AUTHZ RESPONSE for user %s: %+v", userID, authResp) - helper.LogInfo(fmt.Sprintf("Authorization check for user %s: allowed=%v, redirect=%s, message=%s", - userID, authResp.Allowed, authResp.RedirectRoute, authResp.Message)) - - return authResp.Allowed, nil -} - func GoogleLogin(w http.ResponseWriter, r *http.Request) { helper.LogInfo(fmt.Sprintf("Generated oauth_state: %s", oauthStateString)) @@ -241,7 +177,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) { if !emailExists { helper.LogError(errors.New("email not found"), "Email not registered: "+email) - helper.RespondWithError(w, http.StatusUnauthorized, "Email not registered. Please contact the administrator.") + helper.RespondWithError(w, http.StatusUnauthorized, "Please contact your administrator to request access.") return } @@ -285,7 +221,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) { cookieConfig.Domain, cookieConfig.Secure, cookieConfig.HttpOnly, cookieConfig.SameSite)) if !emailExists { - helper.RespondWithError(w, http.StatusUnauthorized, "Email not registered. Please contact the administrator.") + helper.RespondWithError(w, http.StatusUnauthorized, "Please contact your administrator to request access.") return }