feat: add regex to restrict Email addresses in OAuth provider (#3465)

* feat: support use regex expression to limit email receiver address * feat: limit in correct pos * feat: promote code format * feat: promote code format * fix: fix linter issue
2025-07-02 11:20:18 +08:00 · 2025-01-02 00:00:57 +08:00
parent b57b64fc36
commit 888a6f2feb
3 changed files with 42 additions and 0 deletions
--- a/object/provider.go
+++ b/object/provider.go
@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"regexp"
 	"strings"

 	"github.com/beego/beego/context"
@ -70,6 +71,7 @@ type Provider struct {
 	IdP                    string `xorm:"mediumtext" json:"idP"`
 	IssuerUrl              string `xorm:"varchar(100)" json:"issuerUrl"`
 	EnableSignAuthnRequest bool   `json:"enableSignAuthnRequest"`
+	EmailRegex             string `xorm:"varchar(200)" json:"emailRegex"`

 	ProviderUrl string `xorm:"varchar(200)" json:"providerUrl"`
 }
@ -200,6 +202,13 @@ func UpdateProvider(id string, provider *Provider) (bool, error) {
 		return false, nil
 	}

+	if provider.EmailRegex != "" {
+		_, err := regexp.Compile(provider.EmailRegex)
+		if err != nil {
+			return false, err
+		}
+	}
+
 	if name != provider.Name {
 		err := providerChangeTrigger(name, provider.Name)
 		if err != nil {
@ -234,6 +243,13 @@ func AddProvider(provider *Provider) (bool, error) {
 		provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
 	}

+	if provider.EmailRegex != "" {
+		_, err := regexp.Compile(provider.EmailRegex)
+		if err != nil {
+			return false, err
+		}
+	}
+
 	affected, err := ormer.Engine.Insert(provider)
 	if err != nil {
 		return false, err