mirror of
https://github.com/larksuite/cli.git
synced 2026-07-07 00:55:53 +08:00
* feat(auth): add response logging and centralize path constants * refactor(auth): improve response logging and error handling * fix(auth): ensure log cleanup runs only once per process Add flag to track if cleanup has run and prevent duplicate executions Add test to verify cleanup only runs once * refactor(auth): simplify log writer and cleanup logic * docs(auth): add comments to auth paths and logging functions * style(auth): fix indentation in path constants * docs(auth): add missing function comments across auth package * docs(tests): add descriptive comments to auth test functions * test(auth): rename test case and cleanup unused params * fix(auth): handle file close error in auth response logging * fix(auth): ensure log cleanup runs only once * refactor(auth): replace custom log writer with standard logger * feat(auth): add structured logging for keychain errors * fix(auth): remove goroutine from auth log cleanup to prevent race condition * fix(auth): remove goroutine from auth log cleanup to prevent race condition * refactor(auth): move auth logging logic to keychain package
60 lines
1.7 KiB
Go
60 lines
1.7 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/larksuite/cli/internal/output"
|
|
)
|
|
|
|
const (
|
|
LarkErrBlockByPolicy = 21001 // access denied by access control policy
|
|
LarkErrBlockByPolicyTryAuth = 21000 // access denied by access control policy; challenge is required to be completed by user in order to gain access
|
|
)
|
|
|
|
// RefreshTokenRetryable contains error codes that allow one immediate retry.
|
|
// All other refresh errors clear the token immediately.
|
|
var RefreshTokenRetryable = map[int]bool{
|
|
output.LarkErrRefreshServerError: true,
|
|
}
|
|
|
|
// TokenRetryCodes contains error codes that allow retry after token refresh.
|
|
var TokenRetryCodes = map[int]bool{
|
|
output.LarkErrTokenInvalid: true,
|
|
output.LarkErrTokenExpired: true,
|
|
}
|
|
|
|
// NeedAuthorizationError is thrown when no valid UAT exists.
|
|
type NeedAuthorizationError struct {
|
|
UserOpenId string
|
|
}
|
|
|
|
// Error returns the error message for NeedAuthorizationError.
|
|
func (e *NeedAuthorizationError) Error() string {
|
|
return fmt.Sprintf("need_user_authorization (user: %s)", e.UserOpenId)
|
|
}
|
|
|
|
// SecurityPolicyError is returned when a request is blocked by access control policies.
|
|
type SecurityPolicyError struct {
|
|
Code int
|
|
Message string
|
|
ChallengeURL string
|
|
CLIHint string
|
|
Err error
|
|
}
|
|
|
|
// Error returns the error message for SecurityPolicyError.
|
|
func (e *SecurityPolicyError) Error() string {
|
|
if e.Err != nil {
|
|
return fmt.Sprintf("security policy error [%d]: %s: %v", e.Code, e.Message, e.Err)
|
|
}
|
|
return fmt.Sprintf("security policy error [%d]: %s", e.Code, e.Message)
|
|
}
|
|
|
|
// Unwrap returns the underlying error.
|
|
func (e *SecurityPolicyError) Unwrap() error {
|
|
return e.Err
|
|
}
|