appview/oauth: return to original page after login-block #499

merged

opened by

oppi.li 4 months ago targeting master from push-pkqzkqmxotyz

when attempting to do an authorized request while logged-out, the auth middleware boots the user to the login page. this page now keeps track of the 'Referer' in the oauth request. once the oauth callback is complete, the user is sent back to the page they came from.

Signed-off-by: oppiliappan me@oppi.li

options

unified split

Changed files

+26 -6

appview

cache

session

store.go

middleware

middleware.go

oauth

handler

handler.go

oauth.go

pages

pages.go

templates

user

appview/cache/session/store.go

···

       31
       31
        
       	PkceVerifier        string

     

       32
       32
        
       	DpopAuthserverNonce string

     

       33
       33
        
       	DpopPrivateJwk      string

     

       34
       34
       +
       	ReturnUrl           string

     

       34
       35
        
       }

     

       35
       36
        
       

     

       36
       37
        
       type SessionStore struct {

+10 -2

appview/middleware/middleware.go

···

       5
       5
        
       	"fmt"

     

       6
       6
        
       	"log"

     

       7
       7
        
       	"net/http"

     

       8
       8
       +
       	"net/url"

     

       8
       9
        
       	"slices"

     

       9
       10
        
       	"strconv"

     

       10
       11
        
       	"strings"

     
···

       46
       47
        
       func AuthMiddleware(a *oauth.OAuth) middlewareFunc {

     

       47
       48
        
       	return func(next http.Handler) http.Handler {

     

       48
       49
        
       		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       50
       50
       +
       			returnURL := "/"

     

       51
       51
       +
       			if u, err := url.Parse(r.Header.Get("Referer")); err == nil {

     

       52
       52
       +
       				returnURL = u.RequestURI()

     

       53
       53
       +
       			}

     

       54
       54
       +
       

     

       55
       55
       +
       			loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL))

     

       56
       56
       +
       

     

       49
       57
        
       			redirectFunc := func(w http.ResponseWriter, r *http.Request) {

     

       50
       50
       -
       				http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)

     

       58
       58
       +
       				http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)

     

       51
       59
        
       			}

     

       52
       60
        
       			if r.Header.Get("HX-Request") == "true" {

     

       53
       61
        
       				redirectFunc = func(w http.ResponseWriter, _ *http.Request) {

     

       54
       54
       -
       					w.Header().Set("HX-Redirect", "/login")

     

       62
       62
       +
       					w.Header().Set("HX-Redirect", loginURL)

     

       55
       63
        
       					w.WriteHeader(http.StatusOK)

     

       56
       64
        
       				}

     

       57
       65
        
       			}

+11 -2

appview/oauth/handler/handler.go

···

       109
       109
        
       func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) {

     

       110
       110
        
       	switch r.Method {

     

       111
       111
        
       	case http.MethodGet:

     

       112
       112
       -
       		o.pages.Login(w, pages.LoginParams{})

     

       112
       112
       +
       		returnURL := r.URL.Query().Get("return_url")

     

       113
       113
       +
       		o.pages.Login(w, pages.LoginParams{

     

       114
       114
       +
       			ReturnUrl: returnURL,

     

       115
       115
       +
       		})

     

       113
       116
        
       	case http.MethodPost:

     

       114
       117
        
       		handle := r.FormValue("handle")

     

       115
       118
        
       

     
···

       194
       197
        
       			DpopAuthserverNonce: parResp.DpopAuthserverNonce,

     

       195
       198
        
       			DpopPrivateJwk:      string(dpopKeyJson),

     

       196
       199
        
       			State:               parResp.State,

     

       200
       200
       +
       			ReturnUrl:           r.FormValue("return_url"),

     

       197
       201
        
       		})

     

       198
       202
        
       		if err != nil {

     

       199
       203
        
       			log.Println("failed to save oauth request:", err)

     
···

       311
       315
        
       		}

     

       312
       316
        
       	}

     

       313
       317
        
       

     

       314
       314
       -
       	http.Redirect(w, r, "/", http.StatusFound)

     

       318
       318
       +
       	returnUrl := oauthRequest.ReturnUrl

     

       319
       319
       +
       	if returnUrl == "" {

     

       320
       320
       +
       		returnUrl = "/"

     

       321
       321
       +
       	}

     

       322
       322
       +
       

     

       323
       323
       +
       	http.Redirect(w, r, returnUrl, http.StatusFound)

     

       315
       324
        
       }

     

       316
       325
        
       

     

       317
       326
        
       func (o *OAuthHandler) logout(w http.ResponseWriter, r *http.Request) {

+2 -2

appview/oauth/oauth.go

···

       103
       103
        
       	if err != nil {

     

       104
       104
        
       		return nil, false, fmt.Errorf("error parsing expiry time: %w", err)

     

       105
       105
        
       	}

     

       106
       106
       -
       	if expiry.Sub(time.Now()) <= 5*time.Minute {

     

       106
       106
       +
       	if time.Until(expiry) <= 5*time.Minute {

     

       107
       107
        
       		privateJwk, err := helpers.ParseJWKFromBytes([]byte(session.DpopPrivateJwk))

     

       108
       108
        
       		if err != nil {

     

       109
       109
        
       			return nil, false, err

     
···

       315
       315
        
       	redirectURIs := makeRedirectURIs(clientURI)

     

       316
       316
        
       

     

       317
       317
        
       	if o.config.Core.Dev {

     

       318
       318
       -
       		clientURI = fmt.Sprintf("http://127.0.0.1:3000")

     

       318
       318
       +
       		clientURI = "http://127.0.0.1:3000"

     

       319
       319
        
       		redirectURIs = makeRedirectURIs(clientURI)

     

       320
       320
        
       

     

       321
       321
        
       		query := url.Values{}

appview/pages/pages.go

···

       261
       261
        
       }

     

       262
       262
        
       

     

       263
       263
        
       type LoginParams struct {

     

       264
       264
       +
       	ReturnUrl string

     

       264
       265
        
       }

     

       265
       266
        
       

     

       266
       267
        
       func (p *Pages) Login(w io.Writer, params LoginParams) error {

appview/pages/templates/user/login.html

···

       41
       41
        
                                   your Tangled (<code>.tngl.sh</code>) or <a href="https://bsky.app">Bluesky</a> (<code>.bsky.social</code>) account.

     

       42
       42
        
                               </span>

     

       43
       43
        
                           </div>

     

       44
       44
       +
                           <input type="hidden" name="return_url" value="{{ .ReturnUrl }}">

     

       44
       45
        
       

     

       45
       46
        
                           <button

     

       46
       47
        
                               class="btn w-full my-2 mt-6 text-base "