roleypoly/v3
1
0
Fork 0
mirror of https://github.com/roleypoly/roleypoly.git synced 2025-06-17 01:59:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: temporarily loosen CORS, add OAuth state info for backend bouncing

Browse source
This commit is contained in:
41666 2021-03-13 15:49:36 -05:00
parent ed82a67594
commit 6edfe7455f
8 changed files with 72 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

15
packages/api/handlers/login-bounce.ts
View file

@ -1,4 +1,5 @@
import KSUID from 'ksuid';
import { StateSession } from '@roleypoly/types';
import { getQuery, isAllowedCallbackHost, setupStateSession } from '../utils/api-tools';
import { Bounce } from '../utils/bounce';
import { apiPublicURI, botClientID } from '../utils/config';
@ -16,9 +17,17 @@ const buildURL = (params: URLParams) =>
)}&state=${params.state}`;
export const LoginBounce = async (request: Request): Promise<Response> => {
const state = await KSUID.random();
const stateSessionData: StateSession = {};
const { cbh: callbackHost } = getQuery(request);
if (callbackHost && isAllowedCallbackHost(callbackHost)) {
stateSessionData.callbackHost = callbackHost;
}
const state = await setupStateSession(stateSessionData);
const redirectURI = `${apiPublicURI}/login-callback`;
const clientID = botClientID;
return Bounce(buildURL({ state: state.string, redirectURI, clientID }));
return Bounce(buildURL({ state, redirectURI, clientID }));
};