From e4f761c9e35f80e9c5b1d9d4abe3379f814a6ae0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Urban?= Date: Sat, 21 Oct 2023 23:46:05 +0200 Subject: [PATCH] fix(backend): update redirect logic and url determination --- backend/cmd/kubevoyage/main.go | 5 ++- backend/internal/handlers/auth.go | 52 +++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 18 deletions(-) diff --git a/backend/cmd/kubevoyage/main.go b/backend/cmd/kubevoyage/main.go index af27ba0..a0ac005 100644 --- a/backend/cmd/kubevoyage/main.go +++ b/backend/cmd/kubevoyage/main.go @@ -16,7 +16,7 @@ import ( var db *gorm.DB -var frontendPathLocal = "./public" //./public +var frontendPathLocal = "../frontend/public" //./public type loggingResponseWriter struct { http.ResponseWriter @@ -120,6 +120,9 @@ func setupServer(handle *handlers.Handler) http.Handler { mux.Handle("/api/authenticate", logMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { handle.HandleAuthenticate(w, r) }))) + mux.Handle("/api/redirect", logMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + handle.HandleRedirect(w, r) + }))) mux.Handle("/api/request", logMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { handle.HandleRequestSite(w, r, db) }))) diff --git a/backend/internal/handlers/auth.go b/backend/internal/handlers/auth.go index a11ad54..f35d5fc 100644 --- a/backend/internal/handlers/auth.go +++ b/backend/internal/handlers/auth.go @@ -77,14 +77,17 @@ func (h *Handler) HandleLogin(w http.ResponseWriter, r *http.Request) { http.Error(w, "Internal server error", http.StatusInternalServerError) return } - siteURL, err := h.getRedirectFromCookie(r, w) + siteURL, err := h.getRedirectUrl(r, w) if err != nil { http.Error(w, "Redirect URL missing", http.StatusBadRequest) return } - if siteURL == "" { - siteURL = r.Host - } + log.Println(siteURL) + h.setRedirectCookie(siteURL, r, w) + //if siteURL == "" { + // siteURL = r.Host + //} + w.Header().Set("X-Auth-Site", siteURL) domain, err := extractMainDomain(siteURL) // Set the token as a cookie http.SetCookie(w, &http.Cookie{ @@ -98,7 +101,7 @@ func (h *Handler) HandleLogin(w http.ResponseWriter, r *http.Request) { Path: "/", }) w.Header().Set("X-Auth-Token", tokenString) - http.Redirect(w, r, siteURL, http.StatusSeeOther) + //http.Redirect(w, r, siteURL, http.StatusSeeOther) // Here, you'd typically generate a JWT or session token and send it back to the client. // For simplicity, we'll just send a success message. _, err = w.Write([]byte("Login successful")) @@ -147,25 +150,37 @@ func (h *Handler) HandleRegister(w http.ResponseWriter, r *http.Request) { sendJSONError(w, result.Error.Error(), http.StatusInternalServerError) return } - sendJSONSuccess(w, "", http.StatusCreated) } +func (h *Handler) HandleRedirect(w http.ResponseWriter, r *http.Request) { + //FIXME: Not unchecked redirecting with parameter + siteURL, err := h.getRedirectFromCookie(r, w, true) + if err != nil { + + } + if siteURL == "" { + siteURL = r.Host + } + + redirect := r.Header.Get("X-Auth-Site") + log.Println(redirect) + log.Println(siteURL) + http.Redirect(w, r, siteURL, http.StatusSeeOther) + +} func (h *Handler) HandleAuthenticate(w http.ResponseWriter, r *http.Request) { // 1. Extract the user's email from the session or JWT token. - printHeaders(r) - log.Println(r.RequestURI) - siteURL, err := h.getRedirectUrl(r) + siteURL, err := h.getRedirectUrl(r, w) if err != nil { log.Println(err.Error()) //h.logError(w, err.Error(), nil, http.StatusBadRequest) //return } - log.Println(siteURL) userEmail, err := h.getUserEmailFromToken(r) if err != nil { // If the user cannot be read from the cookie, redirect to /login with the site URL as a parameter h.setRedirectCookie(siteURL, r, w) - http.Redirect(w, r, "/", http.StatusSeeOther) + http.Redirect(w, r, "/login?redirect="+siteURL, http.StatusSeeOther) return } @@ -236,7 +251,6 @@ func (h *Handler) getUserEmailFromToken(r *http.Request) (string, error) { func (h *Handler) setRedirectCookie(redirectUrl string, r *http.Request, w http.ResponseWriter) error { w.Header().Set("X-Auth-Site", redirectUrl) - log.Println("Host is: " + r.Host) domain, err := extractMainDomain(redirectUrl) if err != nil { log.Println(err.Error()) @@ -254,7 +268,7 @@ func (h *Handler) setRedirectCookie(redirectUrl string, r *http.Request, w http. }) return nil } -func (h *Handler) getRedirectFromCookie(r *http.Request, w http.ResponseWriter) (string, error) { +func (h *Handler) getRedirectFromCookie(r *http.Request, w http.ResponseWriter, clear bool) (string, error) { cookie, err := r.Cookie("X-Auth-Site") if err != nil { if errors.Is(err, http.ErrNoCookie) { @@ -266,7 +280,7 @@ func (h *Handler) getRedirectFromCookie(r *http.Request, w http.ResponseWriter) // Clear the cookie once it's read //http.SetCookie(w, &http.Cookie{ - // Name: "auth-site", + // Name: "X-Auth-Site", // Value: "", // Expires: time.Unix(0, 0), // Path: "/", @@ -274,17 +288,21 @@ func (h *Handler) getRedirectFromCookie(r *http.Request, w http.ResponseWriter) return cookie.Value, nil } -func (h *Handler) getRedirectUrl(r *http.Request) (string, error) { +func (h *Handler) getRedirectUrl(r *http.Request, w http.ResponseWriter) (string, error) { // Extract the redirect parameter from the request to get the site URL. printHeaders(r) siteURL := r.Header.Get("X-Forwarded-Uri") if siteURL == "" { - siteURL = r.Header.Get("Referer") + siteURL = r.Header.Get("X-Auth-Site") if siteURL == "" { siteURL = r.URL.Query().Get("redirect") if siteURL == "" { - return "", fmt.Errorf("Redirect URL missing from both header and URL parameter") + surl, err := h.getRedirectFromCookie(r, w, false) + if err != nil { + fmt.Errorf("Redirect URL missing from both header and URL parameter") + } + siteURL = surl } } }