refactor(auth): Remove user allowlist filtering

- Delete `isAllowedUser` function for user authorization - Remove environment variable `OAUTH_ALLOWED_USERS` from docker-compose - Eliminate user whitelist check in OAuth callback handler
2025-07-18 08:31:55 +08:00 · 2025-02-20 02:50:43 +08:00 · 2025-02-20 02:50:43 +08:00 · f614692f33
commit f614692f33
parent 929d13157d
2 changed files with 0 additions and 18 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,5 +9,4 @@ services:
    environment:
      - TZ=Asia/Shanghai
      - OAUTH_CLIENT_ID=your_client_id
-      - OAUTH_ALLOWED_USERS=user1,user2,user3
    restart: always
--- a/internal/handler/auth.go
+++ b/internal/handler/auth.go
@ -166,17 +166,6 @@ func (h *ProxyHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, authURL, http.StatusTemporaryRedirect)
 }

-// isAllowedUser 检查用户是否在允许列表中
-func isAllowedUser(username string) bool {
-	allowedUsers := strings.Split(os.Getenv("OAUTH_ALLOWED_USERS"), ",")
-	for _, allowed := range allowedUsers {
-		if strings.TrimSpace(allowed) == username {
-			return true
-		}
-	}
-	return false
-}
-
 // OAuthCallbackHandler 处理 OAuth 回调
 func (h *ProxyHandler) OAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	code := r.URL.Query().Get("code")
@ -225,12 +214,6 @@ func (h *ProxyHandler) OAuthCallbackHandler(w http.ResponseWriter, r *http.Reque
 		return
 	}

-	// 检查用户是否在允许列表中
-	if !isAllowedUser(userInfo.Username) {
-		http.Error(w, "Unauthorized user", http.StatusUnauthorized)
-		return
-	}
-
 	// 生成内部访问令牌
 	internalToken := h.auth.generateToken()
 	h.auth.addToken(internalToken, userInfo.Username, tokenExpiry)