fix: add location middleware to get exact host

server/handlers/app.go

@@ -5,7 +5,9 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
+	"strings"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/gin-gonic/gin"
 )
@@ -17,20 +19,20 @@ type State struct {
 
 func AppHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		host := "http://" + c.Request.Host
 		state := c.Query("state")
+
 		var stateObj State
 
 		if state == "" {
-			cookie, err := utils.GetAuthToken(c)
-			log.Println(`cookie`, cookie)
-			if err != nil {
-				c.JSON(400, gin.H{"error": "invalid state"})
-				return
-			}
+			// cookie, err := utils.GetAuthToken(c)
+			// log.Println(`cookie`, cookie)
+			// if err != nil {
+			// 	c.JSON(400, gin.H{"error": "invalid state"})
+			// 	return
+			// }
 
-			stateObj.AuthorizerURL = host
-			stateObj.RedirectURL = host + "/app"
+			stateObj.AuthorizerURL = constants.AUTHORIZER_URL
+			stateObj.RedirectURL = constants.AUTHORIZER_URL + "/app"
 
 		} else {
 			decodedState, err := base64.StdEncoding.DecodeString(state)
@@ -44,6 +46,8 @@ func AppHandler() gin.HandlerFunc {
 				c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})
 				return
 			}
+			stateObj.AuthorizerURL = strings.TrimSuffix(stateObj.AuthorizerURL, "/")
+			stateObj.RedirectURL = strings.TrimSuffix(stateObj.RedirectURL, "/")
 
 			// validate redirect url with allowed origins
 			if !utils.IsValidRedirectURL(stateObj.RedirectURL) {
@@ -57,7 +61,7 @@ func AppHandler() gin.HandlerFunc {
 			}
 
 			// validate host and domain of authorizer url
-			if utils.GetDomainName(stateObj.AuthorizerURL) != utils.GetDomainName(host) {
+			if strings.TrimSuffix(stateObj.AuthorizerURL, "/") != constants.AUTHORIZER_URL {
 				c.JSON(400, gin.H{"error": "invalid host url"})
 				return
 			}
@@ -65,7 +69,7 @@ func AppHandler() gin.HandlerFunc {
 
 		log.Println(gin.H{
 			"data": map[string]string{
-				"authorizerURL": "http://" + stateObj.AuthorizerURL,
+				"authorizerURL": stateObj.AuthorizerURL,
 				"redirectURL":   stateObj.RedirectURL,
 			},
 		})

server/handlers/graphql.go

@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"github.com/99designs/gqlgen/graphql/handler"
-	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/graph"
 	"github.com/authorizerdev/authorizer/server/graph/generated"
 	"github.com/gin-gonic/gin"
@@ -15,9 +14,6 @@ func GraphqlHandler() gin.HandlerFunc {
 	h := handler.NewDefaultServer(generated.NewExecutableSchema(generated.Config{Resolvers: &graph.Resolver{}}))
 
 	return func(c *gin.Context) {
-		if constants.AUTHORIZER_URL == "" {
-			constants.AUTHORIZER_URL = "https://" + c.Request.Host
-		}
 		h.ServeHTTP(c.Writer, c.Request)
 	}
 }

server/handlers/oauthLogin.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"net/http"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/enum"
 	"github.com/authorizerdev/authorizer/server/oauth"
 	"github.com/authorizerdev/authorizer/server/session"
@@ -31,10 +32,13 @@ func OAuthLoginHandler() gin.HandlerFunc {
 		switch provider {
 		case enum.Google.String():
 			session.SetToken(oauthStateString, enum.Google.String())
+			// during the init of OAuthProvider authorizer url might be empty
+			oauth.OAuthProvider.GoogleConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/google"
 			url := oauth.OAuthProvider.GoogleConfig.AuthCodeURL(oauthStateString)
 			c.Redirect(http.StatusTemporaryRedirect, url)
 		case enum.Github.String():
 			session.SetToken(oauthStateString, enum.Github.String())
+			oauth.OAuthProvider.GithubConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/github"
 			url := oauth.OAuthProvider.GithubConfig.AuthCodeURL(oauthStateString)
 			c.Redirect(http.StatusTemporaryRedirect, url)
 		default: