devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: add location middleware to get exact host

Browse Source
This commit is contained in:
Lakhan Samani
2021-08-04 15:55:13 +05:30
parent f88363e6dc
commit 104adfea1d
21 changed files with 102 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
server/handlers/app.go
View File

@@ -5,7 +5,9 @@ import (
"encoding/json"
"log"
"net/http"
"strings"
"github.com/authorizerdev/authorizer/server/constants"
"github.com/authorizerdev/authorizer/server/utils"
"github.com/gin-gonic/gin"
)
@@ -17,20 +19,20 @@ type State struct {
func AppHandler() gin.HandlerFunc {
return func(c *gin.Context) {
host := "http://" + c.Request.Host
state := c.Query("state")
var stateObj State
if state == "" {
cookie, err := utils.GetAuthToken(c)
log.Println(`cookie`, cookie)
if err != nil {
c.JSON(400, gin.H{"error": "invalid state"})
return
}
// cookie, err := utils.GetAuthToken(c)
// log.Println(`cookie`, cookie)
// if err != nil {
// c.JSON(400, gin.H{"error": "invalid state"})
// return
// }
stateObj.AuthorizerURL = host
stateObj.RedirectURL = host + "/app"
stateObj.AuthorizerURL = constants.AUTHORIZER_URL
stateObj.RedirectURL = constants.AUTHORIZER_URL + "/app"
} else {
decodedState, err := base64.StdEncoding.DecodeString(state)
@@ -44,6 +46,8 @@ func AppHandler() gin.HandlerFunc {
c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})
return
}
stateObj.AuthorizerURL = strings.TrimSuffix(stateObj.AuthorizerURL, "/")
stateObj.RedirectURL = strings.TrimSuffix(stateObj.RedirectURL, "/")
// validate redirect url with allowed origins
if !utils.IsValidRedirectURL(stateObj.RedirectURL) {
@@ -57,7 +61,7 @@ func AppHandler() gin.HandlerFunc {
}
// validate host and domain of authorizer url
if utils.GetDomainName(stateObj.AuthorizerURL) != utils.GetDomainName(host) {
if strings.TrimSuffix(stateObj.AuthorizerURL, "/") != constants.AUTHORIZER_URL {
c.JSON(400, gin.H{"error": "invalid host url"})
return
}
@@ -65,7 +69,7 @@ func AppHandler() gin.HandlerFunc {
log.Println(gin.H{
"data": map[string]string{
"authorizerURL": "http://" + stateObj.AuthorizerURL,
"authorizerURL": stateObj.AuthorizerURL,
"redirectURL": stateObj.RedirectURL,
},
})