Add Sign in with Apple authentication

- Add AppleSocialAuth model to store Apple ID linkages - Create AppleAuthService for JWT verification with Apple's public keys - Add AppleSignIn handler and route (POST /auth/apple-sign-in/) - Implement account linking (links Apple ID to existing accounts by email) - Add Redis caching for Apple public keys (24-hour TTL) - Support private relay emails (@privaterelay.appleid.com) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 01:17:10 -06:00
parent c7dc56e2d2
commit 409d9716bd
10 changed files with 651 additions and 27 deletions
--- a/internal/models/user.go
+++ b/internal/models/user.go
@@ -230,3 +230,20 @@ func GenerateResetToken() string {
 	rand.Read(b)
 	return hex.EncodeToString(b)
 }
+
+// AppleSocialAuth represents a user's linked Apple ID for Sign in with Apple
+type AppleSocialAuth struct {
+	ID             uint      `gorm:"primaryKey" json:"id"`
+	UserID         uint      `gorm:"uniqueIndex;not null" json:"user_id"`
+	User           User      `gorm:"foreignKey:UserID" json:"-"`
+	AppleID        string    `gorm:"column:apple_id;size:255;uniqueIndex;not null" json:"apple_id"` // Apple's unique subject ID
+	Email          string    `gorm:"column:email;size:254" json:"email"`                            // May be private relay
+	IsPrivateEmail bool      `gorm:"column:is_private_email;default:false" json:"is_private_email"`
+	CreatedAt      time.Time `gorm:"column:created_at;autoCreateTime" json:"created_at"`
+	UpdatedAt      time.Time `gorm:"column:updated_at;autoUpdateTime" json:"updated_at"`
+}
+
+// TableName returns the table name for GORM
+func (AppleSocialAuth) TableName() string {
+	return "user_applesocialauth"
+}