From 641b9aa5314bbe4a493031e1d7e71bc89ede73ad Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Sun, 23 Nov 2025 14:06:35 +0200
Subject: [PATCH] feat: log unsafe redirect uri in oauth controller

---
 internal/controller/oauth_controller.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
index 99e2289..c58c6c4 100644
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -78,8 +78,14 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 
 	redirectURI := c.Query("redirect_uri")
+	isRedirectSafe := utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain)
 
-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {
+	if !isRedirectSafe {
+		log.Warn().Str("redirect_uri", redirectURI).Msg("Unsafe redirect URI detected, ignoring")
+		redirectURI = ""
+	}
+
+	if redirectURI != "" && isRedirectSafe {
 		log.Debug().Msg("Setting redirect URI cookie")
 		c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 	}