added whitelisting of redirect

handlers/redirect.go

@@ -0,0 +1,21 @@
+package handlers
+
+import (
+	"os"
+	"strings"
+)
+
+func IsAllowedRedirectURI(uri string) bool {
+	allowedRedirectURIsEnv := os.Getenv("ALLOWED_REDIRECT_URIS")
+	if allowedRedirectURIsEnv == "" {
+		return false
+	}
+
+	allowedRedirectURIs := strings.Split(allowedRedirectURIsEnv, ",")
+	for _, allowed := range allowedRedirectURIs {
+		if uri == strings.TrimSpace(allowed) { // Exact match only
+			return true
+		}
+	}
+	return false
+}