normalize auth/callback redirect url

2025-06-14 16:49:10 +00:00 · 2022-01-31 23:50:05 -05:00 · 2022-01-31 23:50:05 -05:00 · b24f3fd00a
commit b24f3fd00a
parent 8d7d331c82
4 changed files with 109 additions and 99 deletions
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -18,11 +18,12 @@
    "@roleypoly/misc-utils": "*",
    "@roleypoly/types": "*",
    "@types/node": "^17.0.13",
-    "esbuild": "^0.14.14",
+    "esbuild": "^0.14.16",
    "itty-router": "^2.4.10",
    "jest-environment-miniflare": "^2.2.0",
    "lodash": "^4.17.21",
    "miniflare": "^2.2.0",
+    "normalize-url": "^4.5.1",
    "ts-jest": "^27.1.3",
    "tweetnacl": "^1.0.3",
    "ulid-workers": "^1.1.0"
--- a/packages/api/src/routes/auth/callback.spec.ts
+++ b/packages/api/src/routes/auth/callback.spec.ts
@ -54,7 +54,7 @@ describe('GET /auth/callback', () => {
    expect(mockDiscordFetch).toBeCalledTimes(1);
    expect(mockCreateSession).toBeCalledWith(expect.any(Object), tokens);
    expect(response.headers.get('Location')).toContain(
-      'http://web.test.local/machinery/new-session/test-session-id'
+      'http://web.test.local/machinery/new-session#/test-session-id'
    );
  });

@ -73,7 +73,7 @@ describe('GET /auth/callback', () => {

    expect(response.status).toBe(303);
    expect(response.headers.get('Location')).toContain(
-      'http://web.test.local/machinery/error?error_code=authFailure&extra=state invalid'
+      'http://web.test.local/error/authFailure?extra=state invalid'
    );
  });

@ -87,7 +87,7 @@ describe('GET /auth/callback', () => {

    expect(response.status).toBe(303);
    expect(response.headers.get('Location')).toContain(
-      'http://web.test.local/machinery/error?error_code=authFailure&extra=state invalid'
+      'http://web.test.local/error/authFailure?extra=state invalid'
    );
  });
 });
--- a/packages/api/src/routes/auth/callback.ts
+++ b/packages/api/src/routes/auth/callback.ts
@ -7,6 +7,7 @@ import { dateFromID } from '@roleypoly/api/src/utils/id';
 import { formDataRequest, getQuery } from '@roleypoly/api/src/utils/request';
 import { seeOther } from '@roleypoly/api/src/utils/response';
 import { AuthTokenResponse, StateSession } from '@roleypoly/types';
+import normalizeUrl from 'normalize-url';

 const authFailure = (uiPublicURI: string, extra?: string) =>
  seeOther(uiPublicURI + `/error/authFailure${extra ? `?extra=${extra}` : ''}`);
@ -69,5 +70,8 @@ export const authCallback: RoleypolyHandler = async (
    return authFailure(config.uiPublicURI, 'session setup failure');
  }

-  return seeOther(bounceBaseUrl + 'machinery/new-session/#/' + session.sessionID);
+  const nextURL = normalizeUrl(
+    bounceBaseUrl + '/machinery/new-session/#/' + session.sessionID
+  );
+  return seeOther(nextURL);
 };