From c86f55d5f686263380c56877c9d5084fc57d75aa Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 23 Jan 2024 12:24:42 +0100
Subject: [PATCH] refactor: Remove oidcproxy (#16596) (#16597)

Co-authored-by: Thomas Belin <thomasbelin4@gmail.com>
---
 server/Server.ts                              |  5 +-
 server/routes/E2EIProxy/common.ts             | 59 -------------
 server/routes/E2EIProxy/index.ts              | 21 -----
 server/routes/E2EIProxy/proxy.ts              | 83 -------------------
 server/routes/E2EIProxy/route.ts              | 41 ---------
 .../E2EIdentity/OIDCService/OIDCService.ts    |  3 +-
 6 files changed, 2 insertions(+), 210 deletions(-)
 delete mode 100644 server/routes/E2EIProxy/common.ts
 delete mode 100644 server/routes/E2EIProxy/index.ts
 delete mode 100644 server/routes/E2EIProxy/proxy.ts
 delete mode 100644 server/routes/E2EIProxy/route.ts

diff --git a/server/Server.ts b/server/Server.ts
index ff5e24f637d..472ab5b71c0 100644
--- a/server/Server.ts
+++ b/server/Server.ts
@@ -33,7 +33,6 @@ import type {ClientConfig, ServerConfig} from './config';
 import {HealthCheckRoute} from './routes/_health/HealthRoute';
 import {AppleAssociationRoute} from './routes/appleassociation/AppleAssociationRoute';
 import {ConfigRoute} from './routes/config/ConfigRoute';
-import {OIDCProxyRoute, OIDCProxyRoutePath} from './routes/E2EIProxy';
 import {InternalErrorRoute, NotFoundRoute} from './routes/error/ErrorRoutes';
 import {GoogleWebmasterRoute} from './routes/googlewebmaster/GoogleWebmasterRoute';
 import {RedirectRoutes} from './routes/RedirectRoutes';
@@ -74,7 +73,6 @@ class Server {
     this.app.use(ConfigRoute(this.config, this.clientConfig));
     this.app.use(GoogleWebmasterRoute(this.config));
     this.app.use(AppleAssociationRoute());
-    this.app.use(OIDCProxyRoute());
     this.app.use(NotFoundRoute());
     this.app.use(InternalErrorRoute());
   }
@@ -190,8 +188,7 @@ class Server {
         req.path.startsWith('/join') ||
         req.path.startsWith('/auth') ||
         req.path.startsWith('/google') ||
-        req.path.startsWith('/apple-app-site-association') ||
-        req.path.startsWith(OIDCProxyRoutePath);
+        req.path.startsWith('/apple-app-site-association');
 
       if (ignoredPath) {
         return next();
diff --git a/server/routes/E2EIProxy/common.ts b/server/routes/E2EIProxy/common.ts
deleted file mode 100644
index cec817b1413..00000000000
--- a/server/routes/E2EIProxy/common.ts
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2023 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-// The path to the OIDC proxy route
-export const OIDCProxyRoutePath = '/oidcProxy';
-
-// The query parameter name for the target URL
-export const targetURLParam = 'targetUrl';
-
-const isValidUrl = (urlString: string) => {
-  try {
-    new URL(urlString);
-    return true;
-  } catch (e) {
-    return false;
-  }
-};
-
-export const getTargetUrlWithQueryParams = (req: any) => {
-  const targetUrl = req.query[targetURLParam];
-
-  // Get all query parameters except the targetURLParam
-  const queryParams = {...req.query};
-  delete queryParams[targetURLParam];
-
-  // Check if the target URL has the shouldBeRedirectedByProxy query parameter
-  const redirectParamName = 'shouldBeRedirectedByProxy';
-  const shouldBeRedirected = req.query[redirectParamName];
-  delete queryParams[redirectParamName];
-
-  // Append the query parameters to the target URL
-  const targetUrlWithQueryParams = new URL(targetUrl);
-
-  Object.keys(queryParams).forEach(key => {
-    targetUrlWithQueryParams.searchParams.append(key, queryParams[key] as string);
-  });
-
-  return {
-    isValidUrl: isValidUrl(targetUrl),
-    targetUrlWithQueryParams,
-    shouldBeRedirected: typeof shouldBeRedirected === 'string' && shouldBeRedirected === 'true',
-  };
-};
diff --git a/server/routes/E2EIProxy/index.ts b/server/routes/E2EIProxy/index.ts
deleted file mode 100644
index f7e61abc4a5..00000000000
--- a/server/routes/E2EIProxy/index.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2023 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-export {OIDCProxyRoutePath} from './common';
-export * from './route';
diff --git a/server/routes/E2EIProxy/proxy.ts b/server/routes/E2EIProxy/proxy.ts
deleted file mode 100644
index 9134f8ea8e8..00000000000
--- a/server/routes/E2EIProxy/proxy.ts
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2023 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-import {createProxyMiddleware} from 'http-proxy-middleware';
-
-import {OIDCProxyRoutePath, targetURLParam, getTargetUrlWithQueryParams} from './common';
-
-// Configure the dynamic proxy middleware
-export const OIDCProxy = createProxyMiddleware({
-  changeOrigin: true,
-  ignorePath: true,
-  logLevel: 'silent',
-  selfHandleResponse: true, // Handle response manually
-  followRedirects: true,
-  router: req => {
-    // Dynamic target based on the request
-
-    const {isValidUrl, targetUrlWithQueryParams} = getTargetUrlWithQueryParams(req);
-
-    if (isValidUrl) {
-      return targetUrlWithQueryParams.href;
-    }
-
-    return undefined; // or handle this case appropriately
-  },
-  onProxyRes: (proxyRes, req, res) => {
-    // Exception: Modify the response if the target URL is the OIDC discovery URL
-    if (req.originalUrl.includes('.well-known/openid-configuration')) {
-      let body = '';
-
-      proxyRes.on('data', chunk => {
-        body += chunk;
-      });
-
-      proxyRes.on('end', () => {
-        try {
-          // Parse the body as JSON
-          const json = JSON.parse(body);
-
-          if (!req.headers.referer) {
-            throw new Error('no referrer URL found');
-          }
-          const refererUrl = new URL(req.headers.referer);
-
-          // Modify URLs in the JSON response
-          Object.keys(json).forEach(key => {
-            if (typeof json[key] === 'string' && json[key].startsWith('https://')) {
-              const originalUrl = new URL(json[key]);
-
-              json[key] = `${refererUrl.origin}${OIDCProxyRoutePath}?${targetURLParam}=${encodeURIComponent(
-                originalUrl.href,
-              )}`;
-            }
-          });
-          // Send the modified response back to the client
-          res.end(JSON.stringify(json));
-        } catch (error) {
-          console.error('Error processing proxy response:', error);
-          res.status(500).send('Internal Server Error');
-        }
-      });
-    } else {
-      // Default: Send the response back to the client
-      proxyRes.pipe(res);
-    }
-  },
-});
diff --git a/server/routes/E2EIProxy/route.ts b/server/routes/E2EIProxy/route.ts
deleted file mode 100644
index 0f50792e24d..00000000000
--- a/server/routes/E2EIProxy/route.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2023 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-import {Router} from 'express';
-
-import {OIDCProxyRoutePath, getTargetUrlWithQueryParams} from './common';
-import {OIDCProxy} from './proxy';
-
-export const OIDCProxyRoute = () => {
-  return Router().use(OIDCProxyRoutePath, (req, res, next) => {
-    // Redirect to the target URL if the shouldBeRedirected query parameter is set
-    try {
-      const {shouldBeRedirected, targetUrlWithQueryParams} = getTargetUrlWithQueryParams(req);
-
-      if (shouldBeRedirected) {
-        return res.redirect(targetUrlWithQueryParams.href);
-      }
-
-      // Apply the proxy middleware
-      OIDCProxy(req, res, next);
-    } catch (e) {
-      res.status(500).send(e.message);
-    }
-  });
-};
diff --git a/src/script/E2EIdentity/OIDCService/OIDCService.ts b/src/script/E2EIdentity/OIDCService/OIDCService.ts
index 48f134e2aac..2303f967d3d 100644
--- a/src/script/E2EIdentity/OIDCService/OIDCService.ts
+++ b/src/script/E2EIdentity/OIDCService/OIDCService.ts
@@ -51,11 +51,10 @@ export class OIDCService {
     // Build the proxy url and redirect uri
     const currentOrigin = location.origin;
     const authorityUrl = idpUrl.origin + idpUrl.pathname;
-    const proxyUrl = `${currentOrigin}/oidcProxy?targetUrl=${authorityUrl}`;
     const redirectUri = `${currentOrigin}/oidc`;
 
     const dexioConfig: UserManagerSettings = {
-      authority: proxyUrl,
+      authority: authorityUrl,
       client_id: idpClientId,
       redirect_uri: redirectUri,
       response_type: 'code',