refactor(auth): Remove user allowlist filtering

- Delete `isAllowedUser` function for user authorization
- Remove environment variable `OAUTH_ALLOWED_USERS` from docker-compose
- Eliminate user whitelist check in OAuth callback handler

Author: woodchen-ink

docker-compose.yml

@@ -9,5 +9,4 @@ services:
     environment:
       - TZ=Asia/Shanghai
       - OAUTH_CLIENT_ID=your_client_id
-      - OAUTH_ALLOWED_USERS=user1,user2,user3
     restart: always

internal/handler/auth.go

@@ -166,17 +166,6 @@ func (h *ProxyHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, authURL, http.StatusTemporaryRedirect)
 }
 
-// isAllowedUser 检查用户是否在允许列表中
-func isAllowedUser(username string) bool {
-	allowedUsers := strings.Split(os.Getenv("OAUTH_ALLOWED_USERS"), ",")
-	for _, allowed := range allowedUsers {
-		if strings.TrimSpace(allowed) == username {
-			return true
-		}
-	}
-	return false
-}
-
 // OAuthCallbackHandler 处理 OAuth 回调
 func (h *ProxyHandler) OAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	code := r.URL.Query().Get("code")
@@ -225,12 +214,6 @@ func (h *ProxyHandler) OAuthCallbackHandler(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	// 检查用户是否在允许列表中
-	if !isAllowedUser(userInfo.Username) {
-		http.Error(w, "Unauthorized user", http.StatusUnauthorized)
-		return
-	}
-
 	// 生成内部访问令牌
 	internalToken := h.auth.generateToken()
 	h.auth.addToken(internalToken, userInfo.Username, tokenExpiry)