admin/Authentication
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed redirect_uri logic

Browse Source
This commit is contained in:
F04C
2026-01-07 15:21:01 +08:00
parent bfdfbba53e
commit 1c443649d3
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers/google_auth.go
+13 -3
View File
@@ -28,6 +28,7 @@ import (
var googleOauthConfig oauth2.Config
var oauthStateString = generateRandomState()
var AuthorizationURL string
var FetchedRedirectURI *string
// init initializes the Google OAuth2 configuration by loading environment variables
// from a .env file. If the .env file cannot be loaded, it logs a fatal error.
@@ -165,8 +166,13 @@ func GoogleLogin(w http.ResponseWriter, r *http.Request) {
SameSite: http.SameSiteLaxMode,
Expires: time.Now().Add(5 * time.Minute),
})
// RedirectBaseURL := r.URL.Query().Get("redirect_uri")
// log.Print("RedirectBaseURL1111111 from query param: ", RedirectBaseURL)
redirectURI := r.URL.Query().Get("redirect_uri")
if redirectURI != "" {
FetchedRedirectURI = &redirectURI
log.Print("FetchedRedirectURI set to: ", *FetchedRedirectURI)
} else {
FetchedRedirectURI = nil
}
url := googleOauthConfig.AuthCodeURL(oauthStateString, oauth2.AccessTypeOffline, oauth2.ApprovalForce)
http.Redirect(w, r, url, http.StatusFound)
@@ -319,17 +325,21 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
helper.LogInfo("Copy this access token: " + accessToken)
RedirectURI := r.URL.Query().Get("redirect_uri")
RedirectURI := *FetchedRedirectURI
if RedirectURI != "" {
log.Print("RedirectURI from query param: ", RedirectURI)
if !IsAllowedRedirectURI(RedirectURI) {
http.Error(w, "Invalid redirect_uri", http.StatusBadRequest)
log.Print("Invalid redirect_uri: ", RedirectURI)
return
}
log.Print("Valid redirect_uri: ", RedirectURI)
RedirectURL := fmt.Sprintf("%s/callback?token=%s&user_id=%s", RedirectURI, accessToken, userID)
http.Redirect(w, r, RedirectURL, http.StatusSeeOther)
return
}
log.Print("No redirect_uri provided, returning JSON response")
// No redirect_uri provided, return JSON response
helper.RespondWithJSON(w, http.StatusOK, map[string]string{
"message": "Authentication successful",