feat: invalid domain warning (#332)

* wip * refactor: update domain warning layout * i18n: add domain warning translations * refactor: rework hooks usage * feat: clear timeouts * fix: use useeffect to cleanup timeout * refactor: rework redirects and history storage * refactor: rename domain to root domain
2025-10-29 05:05:42 +00:00 · 2025-09-01 18:22:42 +03:00
parent 17048d94b6
commit b9e35716ac
24 changed files with 339 additions and 157 deletions
--- a/internal/controller/context_controller.go
+++ b/internal/controller/context_controller.go
@@ -1,6 +1,8 @@
 package controller

 import (
+	"fmt"
+	"net/url"
 	"tinyauth/internal/utils"

 	"github.com/gin-gonic/gin"
@@ -15,7 +17,7 @@ type UserContextResponse struct {
 	Name        string `json:"name"`
 	Email       string `json:"email"`
 	Provider    string `json:"provider"`
-	Oauth       bool   `json:"oauth"`
+	OAuth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
 }

@@ -23,10 +25,10 @@ type AppContextResponse struct {
 	Status                int      `json:"status"`
 	Message               string   `json:"message"`
 	ConfiguredProviders   []string `json:"configuredProviders"`
-	DisableContinue       bool     `json:"disableContinue"`
 	Title                 string   `json:"title"`
 	GenericName           string   `json:"genericName"`
-	Domain                string   `json:"domain"`
+	AppURL                string   `json:"appUrl"`
+	RootDomain            string   `json:"rootDomain"`
 	ForgotPasswordMessage string   `json:"forgotPasswordMessage"`
 	BackgroundImage       string   `json:"backgroundImage"`
 	OAuthAutoRedirect     string   `json:"oauthAutoRedirect"`
@@ -34,10 +36,10 @@ type AppContextResponse struct {

 type ContextControllerConfig struct {
 	ConfiguredProviders   []string
-	DisableContinue       bool
 	Title                 string
 	GenericName           string
-	Domain                string
+	AppURL                string
+	RootDomain            string
 	ForgotPasswordMessage string
 	BackgroundImage       string
 	OAuthAutoRedirect     string
@@ -72,7 +74,7 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		Name:        context.Name,
 		Email:       context.Email,
 		Provider:    context.Provider,
-		Oauth:       context.OAuth,
+		OAuth:       context.OAuth,
 		TotpPending: context.TotpPending,
 	}

@@ -89,14 +91,16 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 }

 func (controller *ContextController) appContextHandler(c *gin.Context) {
+	appUrl, _ := url.Parse(controller.Config.AppURL) // no need to check error, validated on startup
+
 	c.JSON(200, AppContextResponse{
 		Status:                200,
 		Message:               "Success",
 		ConfiguredProviders:   controller.Config.ConfiguredProviders,
-		DisableContinue:       controller.Config.DisableContinue,
 		Title:                 controller.Config.Title,
 		GenericName:           controller.Config.GenericName,
-		Domain:                controller.Config.Domain,
+		AppURL:                fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
+		RootDomain:            controller.Config.RootDomain,
 		ForgotPasswordMessage: controller.Config.ForgotPasswordMessage,
 		BackgroundImage:       controller.Config.BackgroundImage,
 		OAuthAutoRedirect:     controller.Config.OAuthAutoRedirect,
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -23,7 +23,7 @@ type OAuthControllerConfig struct {
 	RedirectCookieName string
 	SecureCookie       bool
 	AppURL             string
-	Domain             string
+	RootDomain         string
 }

 type OAuthController struct {
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {

 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
-	c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)

 	redirectURI := c.Query("redirect_uri")

-	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
+	if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
 		log.Debug().Msg("Setting redirect URI cookie")
-		c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+		c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 	}

 	c.JSON(200, gin.H{
@@ -112,7 +112,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}

-	c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+	c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)

 	code := c.Query("code")
 	service, exists := controller.Broker.GetService(req.Provider)
@@ -189,7 +189,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {

 	redirectURI, err := c.Cookie(controller.Config.RedirectCookieName)

-	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.Domain) {
+	if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
 		log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
 		c.Redirect(http.StatusTemporaryRedirect, controller.Config.AppURL)
 		return
@@ -205,6 +205,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}

-	c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.Domain), controller.Config.SecureCookie, true)
+	c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
 	c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.Config.AppURL, queries.Encode()))
 }
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -22,7 +22,7 @@ type TotpRequest struct {
 }

 type UserControllerConfig struct {
-	Domain string
+	RootDomain string
 }

 type UserController struct {
@@ -115,7 +115,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 			err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 				Username:    user.Username,
 				Name:        utils.Capitalize(req.Username),
-				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
+				Email:       fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
 				Provider:    "username",
 				TotpPending: true,
 			})
@@ -141,7 +141,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
 	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: req.Username,
 		Name:     utils.Capitalize(req.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.Domain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
 		Provider: "username",
 	})

@@ -246,7 +246,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
 	err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
 		Username: user.Username,
 		Name:     utils.Capitalize(user.Username),
-		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.Domain),
+		Email:    fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.RootDomain),
 		Provider: "username",
 	})