yoten.app / yoten
Yōten: A social tracker for your language learning journey built on the atproto.
fork atom

fix: redirect user to return_url after login #41

merged opened by brookjeynes.dev targeting master from push-wxwkxoqvlknp
STACK 2
#41 fix: redirect user to return_url after login
0
#3
#40 docs: update license to GNU AGPLv3
0
#3
Labels

None yet.

Participants 1
AT URI
at://did:plc:4mj54vc4ha3lh32ksxwunnbh/sh.tangled.repo.pull/3memszvv53g22
+77 -15
Diff #3
unified split
+5
internal/server/handlers/login.go
··· 26 }).Render(r.Context(), w) 27 case http.MethodPost: 28 handle := r.FormValue("handle") 29 30 // When users copy their handle from bsky.app, it tends to have these 31 // characters around it: ··· 63 } 64 } 65 66 redirectURL, err := h.Oauth.ClientApp.StartAuthFlow(r.Context(), handle) 67 if err != nil { 68 l.Error("failed to resolve auth flow", "handle", handle, "err", err)
··· 26 }).Render(r.Context(), w) 27 case http.MethodPost: 28 handle := r.FormValue("handle") 29 + returnURL := r.FormValue("return_url") 30 31 // When users copy their handle from bsky.app, it tends to have these 32 // characters around it: ··· 64 } 65 } 66 67 + if err := h.Oauth.SetAuthReturn(w, r, returnURL); err != nil { 68 + l.Error("failed to set auth return", "err", err) 69 + } 70 + 71 redirectURL, err := h.Oauth.ClientApp.StartAuthFlow(r.Context(), handle) 72 if err != nil { 73 l.Error("failed to resolve auth flow", "handle", handle, "err", err)
+6 -9
internal/server/handlers/router.go
··· 167 168 r.Use(mw.LoadUnreadNotificationCount()) 169 170 - r.Group(func(r chi.Router) { 171 - r.Use(mw.ResolveIdent()) 172 - r.Route("/{user}", func(r chi.Router) { 173 - r.Get("/", h.HandleProfilePage) 174 - r.Get("/feed", h.HandleProfileFeed) 175 - r.Route("/session/{rkey}", func(r chi.Router) { 176 - r.Get("/", h.HandleStudySessionPage) 177 - r.Get("/feed", h.HandleStudySessionPageCommentFeed) 178 - }) 179 }) 180 }) 181
··· 167 168 r.Use(mw.LoadUnreadNotificationCount()) 169 170 + r.With(mw.ResolveIdent()).Route("/{user}", func(r chi.Router) { 171 + r.Get("/", h.HandleProfilePage) 172 + r.Get("/feed", h.HandleProfileFeed) 173 + r.Route("/session/{rkey}", func(r chi.Router) { 174 + r.Get("/", h.HandleStudySessionPage) 175 + r.Get("/feed", h.HandleStudySessionPageCommentFeed) 176 }) 177 }) 178
+1 -1
internal/server/handlers/static.go
··· 84 }` 85 86 func (h *Handler) PWAManifest(w http.ResponseWriter, r *http.Request) { 87 - w.Header().Set("Content-Type", "application/json") 88 w.Write([]byte(manifestJson)) 89 }
··· 84 }` 85 86 func (h *Handler) PWAManifest(w http.ResponseWriter, r *http.Request) { 87 + w.Header().Set("Content-Type", "application/manifest+json") 88 w.Write([]byte(manifestJson)) 89 }
+9 -4
internal/server/middleware/middleware.go
··· 45 return func(next http.Handler) http.Handler { 46 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 47 returnURL := "/" 48 if u, err := url.Parse(r.Header.Get("Referer")); err == nil { 49 - returnURL = u.RequestURI() 50 } 51 52 loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL)) ··· 81 82 func (mw Middleware) ResolveIdent() middlewareFunc { 83 l := mw.logger.With("middleware", "ResolveIdent") 84 - excluded := []string{"favicon.ico"} 85 86 return func(next http.Handler) http.Handler { 87 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 88 didOrHandle := chi.URLParam(r, "user") 89 if slices.Contains(excluded, didOrHandle) { 90 next.ServeHTTP(w, r) 91 return 92 } 93 94 - didOrHandle = strings.TrimPrefix(didOrHandle, "@") 95 - 96 id, err := mw.idResolver.ResolveIdent(r.Context(), didOrHandle) 97 if err != nil { 98 l.Error("failed to resolve did/handle", "err", err)
··· 45 return func(next http.Handler) http.Handler { 46 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 47 returnURL := "/" 48 + if r.URL != nil { 49 + returnURL = r.URL.String() 50 + } 51 if u, err := url.Parse(r.Header.Get("Referer")); err == nil { 52 + if u.RequestURI() != "/" { 53 + returnURL = u.RequestURI() 54 + } 55 } 56 57 loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL)) ··· 86 87 func (mw Middleware) ResolveIdent() middlewareFunc { 88 l := mw.logger.With("middleware", "ResolveIdent") 89 + excluded := []string{"favicon.ico", "favicon.svg"} 90 91 return func(next http.Handler) http.Handler { 92 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 93 didOrHandle := chi.URLParam(r, "user") 94 + didOrHandle = strings.TrimPrefix(didOrHandle, "@") 95 + 96 if slices.Contains(excluded, didOrHandle) { 97 next.ServeHTTP(w, r) 98 return 99 } 100 101 id, err := mw.idResolver.ResolveIdent(r.Context(), didOrHandle) 102 if err != nil { 103 l.Error("failed to resolve did/handle", "err", err)
+45
internal/server/oauth/accounts.go
···
··· 1 + package oauth 2 + 3 + import "net/http" 4 + 5 + func (o *OAuth) SetAuthReturn(w http.ResponseWriter, r *http.Request, returnURL string) error { 6 + session, err := o.SessionStore.Get(r, AuthReturnName) 7 + if err != nil { 8 + return err 9 + } 10 + 11 + session.Values[AuthReturnURL] = returnURL 12 + session.Options.MaxAge = 60 * 30 13 + session.Options.HttpOnly = true 14 + session.Options.Secure = !o.Config.Core.Dev 15 + session.Options.SameSite = http.SameSiteLaxMode 16 + 17 + return session.Save(r, w) 18 + } 19 + 20 + type AuthReturnInfo struct { 21 + ReturnURL string 22 + } 23 + 24 + func (o *OAuth) GetAuthReturn(r *http.Request) *AuthReturnInfo { 25 + session, err := o.SessionStore.Get(r, AuthReturnName) 26 + if err != nil || session.IsNew { 27 + return &AuthReturnInfo{} 28 + } 29 + 30 + returnURL, _ := session.Values[AuthReturnURL].(string) 31 + 32 + return &AuthReturnInfo{ 33 + ReturnURL: returnURL, 34 + } 35 + } 36 + 37 + func (o *OAuth) ClearAuthReturn(w http.ResponseWriter, r *http.Request) error { 38 + session, err := o.SessionStore.Get(r, AuthReturnName) 39 + if err != nil { 40 + return err 41 + } 42 + 43 + session.Options.MaxAge = -1 44 + return session.Save(r, w) 45 + }
+2
internal/server/oauth/consts.go
··· 4 ClientName = "Yoten" 5 ClientURI = "https://yoten.app" 6 SessionName = "yoten-oauth-session-v2" 7 SessionHandle = "handle" 8 SessionDid = "did" 9 SessionId = "id"
··· 4 ClientName = "Yoten" 5 ClientURI = "https://yoten.app" 6 SessionName = "yoten-oauth-session-v2" 7 + AuthReturnName = "yoten-auth-return" 8 + AuthReturnURL = "return_url" 9 SessionHandle = "handle" 10 SessionDid = "did" 11 SessionId = "id"
+9 -1
internal/server/oauth/handler.go
··· 58 ctx := r.Context() 59 l := o.Logger.With("handler", "callback").With("query", r.URL.Query()) 60 61 sessData, err := o.ClientApp.ProcessCallback(ctx, r.URL.Query()) 62 if err != nil { 63 var callbackErr *oauth.AuthRequestCallbackError ··· 164 } 165 } 166 167 - http.Redirect(w, r, "/", http.StatusFound) 168 }
··· 58 ctx := r.Context() 59 l := o.Logger.With("handler", "callback").With("query", r.URL.Query()) 60 61 + authReturn := o.GetAuthReturn(r) 62 + _ = o.ClearAuthReturn(w, r) 63 + 64 sessData, err := o.ClientApp.ProcessCallback(ctx, r.URL.Query()) 65 if err != nil { 66 var callbackErr *oauth.AuthRequestCallbackError ··· 167 } 168 } 169 170 + redirectURL := "/" 171 + if authReturn.ReturnURL != "" { 172 + redirectURL = authReturn.ReturnURL 173 + } 174 + 175 + http.Redirect(w, r, redirectURL, http.StatusFound) 176 }

History

4 rounds 0 comments
sign up or login to add to the discussion
brookjeynes.dev submitted #3
interdiff
1 commit
expand
4f4f7d04
fix: redirect user to return_url after login
expand 0 comments
pull request successfully merged
brookjeynes.dev submitted #2
diff interdiff
1 commit
expand
aa88d17e
fix: redirect user to return_url after login
expand 0 comments
brookjeynes.dev submitted #1
diff interdiff
1 commit
expand
147e15ec
fix: redirect user to return_url after login
expand 0 comments
brookjeynes.dev submitted #0
diff
1 commit
expand
25441fb2
fix: redirect user to return_url after login
expand 0 comments