feat(api): structured provider credentials + trial-auth validation on account create
POST /accounts now accepts secret as a provider-specific JSON object instead of an opaque string, and validates credentials via provider.Provider.Validate before persisting — invalid credentials get a generic 400 without ever reaching Store.CreateAccount or echoing the secret back. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
This commit is contained in:
@@ -1,16 +1,21 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"github.com/google/uuid"
|
||||
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/store"
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
|
||||
)
|
||||
|
||||
// accountRequest.Secret is a provider-specific JSON object (e.g. Selectel's
|
||||
// service-user credentials) rather than an opaque string — it is passed
|
||||
// through as raw bytes to Validate/Encrypt, never parsed here.
|
||||
type accountRequest struct {
|
||||
Provider string `json:"provider"`
|
||||
Secret string `json:"secret"`
|
||||
Comment string `json:"comment"`
|
||||
Provider string `json:"provider"`
|
||||
Secret json.RawMessage `json:"secret"`
|
||||
Comment string `json:"comment"`
|
||||
}
|
||||
|
||||
// accountResponse deliberately excludes the secret (plaintext or encrypted).
|
||||
|
||||
Reference in New Issue
Block a user