tcjlj/nezha
1
0
Fork 0
mirror of https://github.com/nezhahq/nezha.git synced 2025-03-12 00:38:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: possible redirect url inconsistency (#1003)
Some checks failed
CodeQL / Analyze (go) (push) Has been cancelled
Details
CodeQL / Analyze (javascript) (push) Has been cancelled
Details
Contributors / contributors (push) Has been cancelled
Details
Sync / sync-to-jihulab (push) Has been cancelled
Details
Run Tests / tests (macos) (push) Has been cancelled
Details
Run Tests / tests (ubuntu) (push) Has been cancelled
Details
Run Tests / tests (windows) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
UUBulb 2025-02-24 20:53:11 +08:00 committed by GitHub
parent 41a0a7e4cc
commit 5fc1c8d83c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/dashboard/controller/oauth2.go
View File

@ -51,7 +51,8 @@ func oauth2redirect(c *gin.Context) (*model.Oauth2LoginResponse, error) {
if !has { if !has {
return nil, singleton.Localizer.ErrorT("provider not found") return nil, singleton.Localizer.ErrorT("provider not found")
} }
o2conf := o2confRaw.Setup(getRedirectURL(c)) redirectURL := getRedirectURL(c)
o2conf := o2confRaw.Setup(redirectURL)
randomString, err := utils.GenerateRandomString(32) randomString, err := utils.GenerateRandomString(32)
if err != nil { if err != nil {
@ -59,9 +60,10 @@ func oauth2redirect(c *gin.Context) (*model.Oauth2LoginResponse, error) {
} }
state, stateKey := randomString[:16], randomString[16:] state, stateKey := randomString[:16], randomString[16:]
singleton.Cache.Set(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, stateKey), &model.Oauth2State{ singleton.Cache.Set(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, stateKey), &model.Oauth2State{
Action: model.Oauth2LoginType(rTypeInt), Action: model.Oauth2LoginType(rTypeInt),
Provider: provider, Provider: provider,
State: state, State: state,
RedirectURL: redirectURL,
}, cache.DefaultExpiration) }, cache.DefaultExpiration)
url := o2conf.AuthCodeURL(state, oauth2.AccessTypeOnline) url := o2conf.AuthCodeURL(state, oauth2.AccessTypeOnline)
@ -138,7 +140,7 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (any,
return nil, singleton.Localizer.ErrorT("code is required") return nil, singleton.Localizer.ErrorT("code is required")
} }
openId, err := exchangeOpenId(c, o2confRaw, callbackData) openId, err := exchangeOpenId(c, o2confRaw, callbackData, state.RedirectURL)
if err != nil { if err != nil {
model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeBruteForceOauth2, model.BlockIDToken) model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeBruteForceOauth2, model.BlockIDToken)
return nil, err return nil, err
@ -188,8 +190,9 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (any,
} }
} }
func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, callbackData *model.Oauth2Callback) (string, error) { func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config,
o2conf := o2confRaw.Setup(getRedirectURL(c)) callbackData *model.Oauth2Callback, redirectURL string) (string, error) {
o2conf := o2confRaw.Setup(redirectURL)
ctx := context.Background() ctx := context.Background()
otk, err := o2conf.Exchange(ctx, callbackData.Code) otk, err := o2conf.Exchange(ctx, callbackData.Code)

7
model/oauth2bind.go
View File

@ -17,7 +17,8 @@ const (
) )
type Oauth2State struct { type Oauth2State struct {
Action Oauth2LoginType Action Oauth2LoginType
Provider string Provider string
State string State string
RedirectURL string
} }