feat: Introduce data manager service with PocketBase authentication and professor dashboard.

2026-01-16 11:32:26 +01:00 · 2025-11-22 22:46:06 +01:00
parent 5f383f5638
commit f40558646c
7 changed files with 85 additions and 2 deletions
--- a/services/data-manager/main.go
+++ b/services/data-manager/main.go
@@ -57,6 +57,7 @@ func setupApp() *pocketbase.PocketBase {
 	})
 	service.AddRoutes(services)
 	service.AddSchedules(services)
+	service.AddHooks(app)

 	return app
 }
--- a/services/data-manager/service/hooks.go
+++ b/services/data-manager/service/hooks.go
@@ -0,0 +1,34 @@
+package service
+
+import (
+	"strings"
+
+	"github.com/pocketbase/pocketbase"
+	"github.com/pocketbase/pocketbase/apis"
+	"github.com/pocketbase/pocketbase/core"
+)
+
+func AddHooks(app *pocketbase.PocketBase) {
+	app.OnRecordAuthWithOAuth2Request("users").BindFunc(func(e *core.RecordAuthWithOAuth2RequestEvent) error {
+		email := e.OAuth2User.Email
+
+		// If email is not in the main field, try to extract it from RawUser
+		if email == "" {
+			if rawEmail, ok := e.OAuth2User.RawUser["email"].(string); ok {
+				email = rawEmail
+				// Explicitly set the email on the OAuth2User so PocketBase uses it
+				e.OAuth2User.Email = rawEmail
+			}
+		}
+
+		if email == "" {
+			return apis.NewBadRequestError("No email received from OAuth2 provider. Please ensure your account has an email address and the 'email' scope is granted.", nil)
+		}
+		// Restrict login to @htwk-leipzig.de employees only (not students)
+		if !strings.HasSuffix(email, "@htwk-leipzig.de") {
+			return apis.NewBadRequestError("Login restricted to @htwk-leipzig.de emails. Students (@stud.htwk-leipzig.de) are not allowed.", nil)
+		}
+
+		return e.Next()
+	})
+}