feat(api): structured provider credentials + trial-auth validation on account create

POST /accounts now accepts secret as a provider-specific JSON object
instead of an opaque string, and validates credentials via
provider.Provider.Validate before persisting — invalid credentials get
a generic 400 without ever reaching Store.CreateAccount or echoing the
secret back.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
This commit is contained in:
2026-07-04 20:12:41 +07:00
parent 32107571d1
commit 568452846a
3 changed files with 66 additions and 13 deletions
+8 -3
View File
@@ -1,16 +1,21 @@
package api
import (
"encoding/json"
"github.com/google/uuid"
"github.com/vasyakrg/dns-autoresolver/internal/store"
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
)
// accountRequest.Secret is a provider-specific JSON object (e.g. Selectel's
// service-user credentials) rather than an opaque string — it is passed
// through as raw bytes to Validate/Encrypt, never parsed here.
type accountRequest struct {
Provider string `json:"provider"`
Secret string `json:"secret"`
Comment string `json:"comment"`
Provider string `json:"provider"`
Secret json.RawMessage `json:"secret"`
Comment string `json:"comment"`
}
// accountResponse deliberately excludes the secret (plaintext or encrypted).