mirror of
https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git
synced 2026-01-16 19:42:26 +01:00
35 lines
1.1 KiB
Go
35 lines
1.1 KiB
Go
package service
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/pocketbase/pocketbase"
|
|
"github.com/pocketbase/pocketbase/apis"
|
|
"github.com/pocketbase/pocketbase/core"
|
|
)
|
|
|
|
func AddHooks(app *pocketbase.PocketBase) {
|
|
app.OnRecordAuthWithOAuth2Request("users").BindFunc(func(e *core.RecordAuthWithOAuth2RequestEvent) error {
|
|
email := e.OAuth2User.Email
|
|
|
|
// If email is not in the main field, try to extract it from RawUser
|
|
if email == "" {
|
|
if rawEmail, ok := e.OAuth2User.RawUser["email"].(string); ok {
|
|
email = rawEmail
|
|
// Explicitly set the email on the OAuth2User so PocketBase uses it
|
|
e.OAuth2User.Email = rawEmail
|
|
}
|
|
}
|
|
|
|
if email == "" {
|
|
return apis.NewBadRequestError("No email received from OAuth2 provider. Please ensure your account has an email address and the 'email' scope is granted.", nil)
|
|
}
|
|
// Restrict login to @htwk-leipzig.de employees only (not students)
|
|
if !strings.HasSuffix(email, "@htwk-leipzig.de") {
|
|
return apis.NewBadRequestError("Login restricted to @htwk-leipzig.de emails. Students (@stud.htwk-leipzig.de) are not allowed.", nil)
|
|
}
|
|
|
|
return e.Next()
|
|
})
|
|
}
|