fix(server): disable Apple oauth on client version < 0.22.0 (#12984)

close AF-2705 #### PR Dependency Tree * **PR #12984** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal)  ## Summary by CodeRabbit * **New Features** * The Apple OAuth provider is now available only for clients version 0.22.0 or higher. * Client version detection has been improved by extracting version information from request headers. * **Bug Fixes** * Ensured that the Apple OAuth provider is hidden for clients below version 0.22.0. * **Tests** * Added comprehensive end-to-end and utility tests for OAuth provider selection and client version extraction.
2026-02-15 05:37:32 +00:00 · 2025-07-02 16:07:34 +08:00
parent bcd6a70b59
commit facf6ee28b
7 changed files with 255 additions and 5 deletions
--- a/packages/backend/server/src/plugins/oauth/resolver.ts
+++ b/packages/backend/server/src/plugins/oauth/resolver.ts
@@ -1,17 +1,38 @@
-import { registerEnumType, ResolveField, Resolver } from '@nestjs/graphql';
+import {
+  Context,
+  registerEnumType,
+  ResolveField,
+  Resolver,
+} from '@nestjs/graphql';
+import type { Request } from 'express';
+import semver from 'semver';

+import { getClientVersionFromRequest } from '../../base';
 import { ServerConfigType } from '../../core/config/types';
 import { OAuthProviderName } from './config';
 import { OAuthProviderFactory } from './factory';

 registerEnumType(OAuthProviderName, { name: 'OAuthProviderType' });

+const APPLE_OAUTH_PROVIDER_MIN_VERSION = new semver.Range('>=0.22.0', {
+  includePrerelease: true,
+});
+
@Resolver(() => ServerConfigType)
 export class OAuthResolver {
  constructor(private readonly factory: OAuthProviderFactory) {}

  @ResolveField(() => [OAuthProviderName])
-  oauthProviders() {
-    return this.factory.providers;
+  oauthProviders(@Context() ctx: { req: Request }) {
+    // Apple oauth provider is not supported in client version < 0.22.0
+    const providers = this.factory.providers;
+    if (providers.includes(OAuthProviderName.Apple)) {
+      const version = getClientVersionFromRequest(ctx.req);
+      if (!version || !APPLE_OAUTH_PROVIDER_MIN_VERSION.test(version)) {
+        return providers.filter(p => p !== OAuthProviderName.Apple);
+      }
+    }
+
+    return providers;
  }
 }