From 359684e0a762b1c4a99c644cd082033d6f920814 Mon Sep 17 00:00:00 2001
From: Tom Lee <tom@quiltt.io>
Date: Tue, 14 Nov 2023 21:06:05 -0800
Subject: [PATCH] Fix handle plaid oauth link bug

---
 .../src/components/QuilttConnector.tsx        | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/ECMAScript/react-native/src/components/QuilttConnector.tsx b/ECMAScript/react-native/src/components/QuilttConnector.tsx
index 5ad2d4d0..6b57feee 100644
--- a/ECMAScript/react-native/src/components/QuilttConnector.tsx
+++ b/ECMAScript/react-native/src/components/QuilttConnector.tsx
@@ -52,16 +52,20 @@ export const QuilttConnector = ({
     webViewRef.current?.injectJavaScript(script)
   }, [connectionId, connectorId, session?.token])
 
+  // Convert it to a list from Quiltt Server to prevent MX changes
+  const allowedListUrl = ['moneydesktop.com', 'quiltt', 'cdn.plaid.com']
+  const shouldRender = (url: URL) => allowedListUrl.some((domain) => url.host.includes(domain))
+
   const eventHandler = (request: ShouldStartLoadRequest) => {
     const url = new URL(request.url)
-    if (url.host.includes('quiltt')) return true
+    if (shouldRender(url)) return true
     if (url.protocol === 'quilttconnector:') {
       handleQuilttEvent(url)
       return false
     }
     // Plaid set oauth url by doing window.location.href = url
     // This is the only way I know to handle this.
-    handleOAuthUrl(url.href)
+    handleOAuthUrl(url)
     return false
   }
 
@@ -101,7 +105,7 @@ export const QuilttConnector = ({
         onExitSuccess?.(metadata)
         break
       case 'OauthRequested':
-        handleOAuthUrl(url.searchParams.get('oauthUrl') as string)
+        handleOAuthUrl(new URL(url.searchParams.get('oauthUrl') as string))
         break
       default:
         console.log('unhandled event', url)
@@ -109,7 +113,16 @@ export const QuilttConnector = ({
     }
   }
 
-  const handleOAuthUrl = (oauthUrl: string) => Linking.openURL(oauthUrl)
+  const handleOAuthUrl = async (oauthUrl: URL) => {
+    console.log(oauthUrl.href)
+    if (oauthUrl.protocol !== 'https:') {
+      console.log(`handleOAuthUrl - Skipping non https url - ${oauthUrl.href}`)
+      return
+    }
+    if (await Linking.canOpenURL(oauthUrl.href)) {
+      Linking.openURL(oauthUrl.href)
+    }
+  }
 
   return (
     <AndroidSafeAreaView>