From 2f7e6f3dc1f923c85f86dcb55b7c60370fdd2464 Mon Sep 17 00:00:00 2001
From: Lakhan Samani <lakhan.m.samani@gmail.com>
Date: Wed, 8 Dec 2021 01:24:07 +0530
Subject: [PATCH] fix: redirect link for verification handler

Resolves #70
---
 server/constants/constants.go     | 1 +
 server/handlers/verifyEmail.go    | 2 +-
 server/main.go                    | 2 ++
 server/resolvers/verifyEmail.go   | 3 +++
 server/utils/cookie.go            | 7 ++-----
 server/utils/urls.go              | 2 +-
 server/utils/verificationToken.go | 7 ++++---
 7 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/server/constants/constants.go b/server/constants/constants.go
index e7c9d13..b61db88 100644
--- a/server/constants/constants.go
+++ b/server/constants/constants.go
@@ -14,6 +14,7 @@ var (
 	JWT_SECRET                   = ""
 	ALLOWED_ORIGINS              = []string{}
 	AUTHORIZER_URL               = ""
+	APP_URL                      = ""
 	PORT                         = "8080"
 	REDIS_URL                    = ""
 	IS_PROD                      = false
diff --git a/server/handlers/verifyEmail.go b/server/handlers/verifyEmail.go
index 00ccff3..fbb080d 100644
--- a/server/handlers/verifyEmail.go
+++ b/server/handlers/verifyEmail.go
@@ -69,6 +69,6 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			db.Mgr.SaveSession(sessionData)
 		}()
 		utils.SetCookie(c, accessToken)
-		c.Redirect(http.StatusTemporaryRedirect, claim.Host)
+		c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL)
 	}
 }
diff --git a/server/main.go b/server/main.go
index d189314..065b089 100644
--- a/server/main.go
+++ b/server/main.go
@@ -32,6 +32,8 @@ func GinContextToContextMiddleware() gin.HandlerFunc {
 func CORSMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		origin := c.Request.Header.Get("Origin")
+		constants.APP_URL = origin
+
 		c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
 		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
 		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
diff --git a/server/resolvers/verifyEmail.go b/server/resolvers/verifyEmail.go
index a1f90e3..8eb51c7 100644
--- a/server/resolvers/verifyEmail.go
+++ b/server/resolvers/verifyEmail.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/enum"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -76,6 +77,8 @@ func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.Aut
 		},
 	}
 
+	gc.Request.Header.Set("origin", constants.APP_URL)
+
 	utils.SetCookie(gc, accessToken)
 
 	return res, nil
diff --git a/server/utils/cookie.go b/server/utils/cookie.go
index 553e1b5..0fff179 100644
--- a/server/utils/cookie.go
+++ b/server/utils/cookie.go
@@ -1,7 +1,6 @@
 package utils
 
 import (
-	"log"
 	"net/http"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -11,13 +10,11 @@ import (
 func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
-	origin := gc.Request.Header.Get("Origin")
+	origin := constants.APP_URL
 
 	host := GetHostName(constants.AUTHORIZER_URL)
 	originHost := GetHostName(origin)
 
-	log.Println("=> cookie host", host, origin)
-
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
 	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", originHost, secure, httpOnly)
@@ -35,7 +32,7 @@ func GetCookie(gc *gin.Context) (string, error) {
 func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true
-	origin := gc.Request.Header.Get("Origin")
+	origin := constants.APP_URL
 
 	if !constants.IS_PROD {
 		secure = false
diff --git a/server/utils/urls.go b/server/utils/urls.go
index 5ce38c5..9b0b725 100644
--- a/server/utils/urls.go
+++ b/server/utils/urls.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 )
 
-// function to get hostname
+// GetHostName function to get hostname
 func GetHostName(auth_url string) string {
 	u, err := url.Parse(auth_url)
 	if err != nil {
diff --git a/server/utils/verificationToken.go b/server/utils/verificationToken.go
index 130aa5a..f852e98 100644
--- a/server/utils/verificationToken.go
+++ b/server/utils/verificationToken.go
@@ -8,8 +8,9 @@ import (
 )
 
 type UserInfo struct {
-	Email string `json:"email"`
-	Host  string `json:"host"`
+	Email       string `json:"email"`
+	Host        string `json:"host"`
+	RedirectURL string `json:"redirect_url"`
 }
 
 type CustomClaim struct {
@@ -28,7 +29,7 @@ func CreateVerificationToken(email string, tokenType string) (string, error) {
 			ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
 		},
 		tokenType,
-		UserInfo{Email: email, Host: constants.AUTHORIZER_URL},
+		UserInfo{Email: email, Host: constants.AUTHORIZER_URL, RedirectURL: constants.APP_URL},
 	}
 
 	return t.SignedString([]byte(constants.JWT_SECRET))