v1.4: Segurança multi-tenant, file serving via API e UX humanizada

- Validação cross-tenant no login e rotas protegidas - File serving via /api/files/{bucket}/{path} (eliminação DNS) - Mensagens de erro humanizadas inline (sem pop-ups) - Middleware tenant detection via headers customizados - Upload de logos retorna URLs via API - README atualizado com changelog v1.4 completo
2025-12-13 15:05:51 -03:00
parent 04c954c3d9
commit 2f1cf2bb2a
42 changed files with 2215 additions and 872 deletions
--- a/backend/internal/api/handlers/tenant.go
+++ b/backend/internal/api/handlers/tenant.go
@@ -67,3 +67,39 @@ func (h *TenantHandler) CheckExists(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	json.NewEncoder(w).Encode(map[string]string{"status": "ok"})
 }
+
+// GetPublicConfig returns public branding info for a tenant by subdomain
+func (h *TenantHandler) GetPublicConfig(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	subdomain := r.URL.Query().Get("subdomain")
+	if subdomain == "" {
+		http.Error(w, "subdomain is required", http.StatusBadRequest)
+		return
+	}
+
+	tenant, err := h.tenantService.GetBySubdomain(subdomain)
+	if err != nil {
+		if err == service.ErrTenantNotFound {
+			http.NotFound(w, r)
+			return
+		}
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	// Return only public info
+	response := map[string]string{
+		"name":                tenant.Name,
+		"primary_color":       tenant.PrimaryColor,
+		"secondary_color":     tenant.SecondaryColor,
+		"logo_url":            tenant.LogoURL,
+		"logo_horizontal_url": tenant.LogoHorizontalURL,
+	}
+
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	json.NewEncoder(w).Encode(response)
+}