mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-06-23 11:50:13 +00:00
feat: port go validator to ts for the frontend
This commit is contained in:
Stavros
@@ -9,6 +9,7 @@ type IuseRedirectUri = {
|
|||||||
export const useRedirectUri = (
|
export const useRedirectUri = (
|
||||||
redirect_uri: string | undefined,
|
redirect_uri: string | undefined,
|
||||||
cookieDomain: string,
|
cookieDomain: string,
|
||||||
|
appUrl: string,
|
||||||
subdomainsEnabled: boolean,
|
subdomainsEnabled: boolean,
|
||||||
): IuseRedirectUri => {
|
): IuseRedirectUri => {
|
||||||
let isValid = false;
|
let isValid = false;
|
||||||
@@ -16,6 +17,19 @@ export const useRedirectUri = (
|
|||||||
let isAllowedProto = false;
|
let isAllowedProto = false;
|
||||||
let isHttpsDowngrade = false;
|
let isHttpsDowngrade = false;
|
||||||
|
|
||||||
|
let appUrlObj: URL;
|
||||||
|
|
||||||
|
try {
|
||||||
|
appUrlObj = new URL(appUrl);
|
||||||
|
} catch {
|
||||||
|
return {
|
||||||
|
valid: isValid,
|
||||||
|
trusted: isTrusted,
|
||||||
|
allowedProto: isAllowedProto,
|
||||||
|
httpsDowngrade: isHttpsDowngrade,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
if (!redirect_uri) {
|
if (!redirect_uri) {
|
||||||
return {
|
return {
|
||||||
valid: isValid,
|
valid: isValid,
|
||||||
@@ -40,11 +54,7 @@ export const useRedirectUri = (
|
|||||||
|
|
||||||
isValid = true;
|
isValid = true;
|
||||||
|
|
||||||
if (url.hostname == cookieDomain) {
|
if (isTrustedDomain(url, appUrlObj, cookieDomain, subdomainsEnabled)) {
|
||||||
isTrusted = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (subdomainsEnabled && url.hostname.endsWith("." + cookieDomain)) {
|
|
||||||
isTrusted = true;
|
isTrusted = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -64,3 +74,45 @@ export const useRedirectUri = (
|
|||||||
httpsDowngrade: isHttpsDowngrade,
|
httpsDowngrade: isHttpsDowngrade,
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// ported from internal/controller/oauth_controller.go
|
||||||
|
const getEffectivePort = (url: URL): string => {
|
||||||
|
if (url.port) {
|
||||||
|
return url.port;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (url.protocol == "https:") {
|
||||||
|
return "443";
|
||||||
|
}
|
||||||
|
|
||||||
|
return "80";
|
||||||
|
};
|
||||||
|
|
||||||
|
const isTrustedDomain = (
|
||||||
|
url: URL,
|
||||||
|
appUrl: URL,
|
||||||
|
cookieDomain: string,
|
||||||
|
subdomainsEnabled: boolean,
|
||||||
|
): boolean => {
|
||||||
|
if (url.protocol != appUrl.protocol) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (getEffectivePort(url) != getEffectivePort(appUrl)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (url.hostname == appUrl.hostname) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!subdomainsEnabled) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (url.hostname.endsWith("." + cookieDomain.toLowerCase())) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|||||||
@@ -37,6 +37,7 @@ export const ContinuePage = () => {
|
|||||||
const { url, valid, trusted, allowedProto, httpsDowngrade } = useRedirectUri(
|
const { url, valid, trusted, allowedProto, httpsDowngrade } = useRedirectUri(
|
||||||
redirectUri,
|
redirectUri,
|
||||||
app.cookieDomain,
|
app.cookieDomain,
|
||||||
|
app.appUrl,
|
||||||
app.subdomainsEnabled,
|
app.subdomainsEnabled,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user