back round 0 view raw

Improve OAuth #1

merged
opened by thisismissem.social targeting main from thisismissem.social/sidetrail: feat/improve-oauth
options
unified split
Changed files
+5 -3
app
login
page.tsx
oauth
callback
route.ts
+3 -1
app/login/page.tsx 
···

       
7

       
 

       
}: {


     

       
8

       
 

       
  searchParams: Promise<{ error?: string; returnUrl?: string }>;


     

       
9

       
 

       
}) {


     

       
10

       
-

       
  const { error, returnUrl = "/" } = await searchParams;


     

       

       

       
     

       

       

       
     

       
11

       
 

       



     

       
12

       
 

       
  return (


     

       
13

       
 

       
    <div className="LoginPage">


     
···

       
7

       
 

       
}: {


     

       
8

       
 

       
  searchParams: Promise<{ error?: string; returnUrl?: string }>;


     

       
9

       
 

       
}) {


     

       
10

       
+

       
  const params = await searchParams;


     

       
11

       
+

       
  const error = params.error


     

       
12

       
+

       
  const returnUrl = params.returnUrl && params.returnUrl.startsWith('/') ? params.returnUrl : '/';


     

       
13

       
 

       



     

       
14

       
 

       
  return (


     

       
15

       
 

       
    <div className="LoginPage">
+2 -2
app/oauth/callback/route.ts 
···

       
35

       
 

       
    if (state) {


     

       
36

       
 

       
      try {


     

       
37

       
 

       
        const parsed = JSON.parse(state);


     

       
38

       
-

       
        if (parsed.returnUrl && typeof parsed.returnUrl === "string") {


     

       
39

       
 

       
          returnUrl = parsed.returnUrl;


     

       
40

       
 

       
        }


     

       
41

       
 

       
      } catch {


     
···

       
59

       
 

       
    session.did = oauthSession.did;


     

       
60

       
 

       
    await session.save();


     

       
61

       
 

       



     

       
62

       
-

       
    // Redirect to returnUrl


     

       
63

       
 

       
    const redirectUrl = new URL(returnUrl, baseUrl);


     

       
64

       
 

       
    return NextResponse.redirect(redirectUrl);


     

       
65

       
 

       
  } catch (err) {


     
···

       
35

       
 

       
    if (state) {


     

       
36

       
 

       
      try {


     

       
37

       
 

       
        const parsed = JSON.parse(state);


     

       
38

       
+

       
        if (parsed.returnUrl && typeof parsed.returnUrl === "string" && parsed.returnUrl.startsWith('/')) {


     

       
39

       
 

       
          returnUrl = parsed.returnUrl;


     

       
40

       
 

       
        }


     

       
41

       
 

       
      } catch {


     
···

       
59

       
 

       
    session.did = oauthSession.did;


     

       
60

       
 

       
    await session.save();


     

       
61

       
 

       



     

       
62

       
+

       
    // Redirect to returnUrl: We have ensured the return URL is relative above:


     

       
63

       
 

       
    const redirectUrl = new URL(returnUrl, baseUrl);


     

       
64

       
 

       
    return NextResponse.redirect(redirectUrl);


     

       
65

       
 

       
  } catch (err) {