fix(OAuth): fix redirect to previous page instead of /

ytsaurus · Dec 17, 2024 · d511f5f · d511f5f
1 parent 565b205
commit d511f5f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 8 deletions.
diff --git a/packages/ui/src/server/components/oauth.ts b/packages/ui/src/server/components/oauth.ts
@@ -2,6 +2,15 @@ import axios from 'axios';
 import type {Request, Response} from 'express';
 import {YT_OAUTH_ACCESS_TOKEN_NAME, YT_OAUTH_REFRESH_TOKEN_NAME} from '../../shared/constants';
 
+function getRedirectURL(req: Request) {
+    const {origin, pathname, search} = new URL(req.get('referrer') ?? `https://${req.get('host')}`);
+
+    return {
+        redirectURL: origin,
+        retPath: pathname + search,
+    };
+}
+
 export function isOAuthAllowed(req: Request) {
     const config = req.ctx.config.ytOAuthSettings;
     return Boolean(
@@ -73,13 +82,14 @@ export function saveOAuthTokensInCookies(res: Response, tokens: OAuthAuthorizati
 }
 
 export function getOAuthLoginPath(req: Request) {
+    const {redirectURL, retPath} = getRedirectURL(req);
     const config = getOAuthSettings(req);
-    const host = req.get('host');
     const params = new URLSearchParams({
         response_type: 'code',
         client_id: config.clientId,
         scope: config.scope,
-        redirect_uri: `https://${host}/api/oauth/callback`,
+        redirect_uri: `${redirectURL}/api/oauth/callback`,
+        state: `retPath=${retPath}`,
     });
 
     const url = new URL(config.authPath, config.baseURL);
@@ -95,9 +105,10 @@ export function getOAuthLogoutPath(req: Request) {
         return '/api/oauth/logout/callback';
     }
 
-    const host = req.get('host');
+    const {redirectURL} = getRedirectURL(req);
+
     const params = new URLSearchParams({
-        post_logout_redirect_uri: `https://${host}/api/oauth/logout/callback`,
+        post_logout_redirect_uri: `${redirectURL}/api/oauth/logout/callback`,
         client_id: config.clientId,
     });
 
@@ -134,14 +145,15 @@ export async function exchangeOAuthToken(
     req: Request,
     code: string,
 ): Promise<OAuthAuthorizationTokens> {
+    const {redirectURL, retPath} = getRedirectURL(req);
     const config = getOAuthSettings(req);
-    const host = req.get('host');
     const params = new URLSearchParams({
         grant_type: 'authorization_code',
         client_id: config.clientId,
         code: code as string,
         client_secret: config.clientSecret,
-        redirect_uri: `https://${host}/api/oauth/callback`,
+        redirect_uri: `${redirectURL}/api/oauth/callback`,
+        state: `retPath=${retPath}`,
     });
 
     const {data} = await axios.post(

diff --git a/packages/ui/src/server/controllers/oauth-login.ts b/packages/ui/src/server/controllers/oauth-login.ts
@@ -16,17 +16,25 @@ export function oauthLogout(_: Request, res: Response) {
 }
 
 export async function oauthCallback(req: Request, res: Response) {
-    const {code} = req.query;
+    const {code, state} = req.query;
     if (!code) {
         throw new Error('Authorization code is not specified');
     }
 
+    let redirectURL = '/';
+
+    if (state) {
+        const params = new URLSearchParams(state as string);
+
+        redirectURL = params.get('retPath') ?? '/';
+    }
+
     try {
         const tokens = await exchangeOAuthToken(req, code as string);
 
         saveOAuthTokensInCookies(res, tokens);
 
-        res.redirect('/');
+        res.redirect(redirectURL);
     } catch (e) {
         req.ctx.logError('exchange token error', e);
         const message = e instanceof Error ? e.message : 'Unknown error';