fix(oidc): update login handler to set redirect header for frontend requests

2025-05-31 17:12:34 +02:00 · 2025-05-29 20:08:52 +08:00 · 2025-05-29 20:08:52 +08:00 · 24ba4c2a46
commit 24ba4c2a46
parent ed07bf42ce
2 changed files with 17 additions and 2 deletions
--- a/internal/auth/oidc.go
+++ b/internal/auth/oidc.go
@ -193,7 +193,13 @@ func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) {
 	state := generateState()
 	SetTokenCookie(w, r, CookieOauthState, state, 300*time.Second)
 	// redirect user to Idp
-	http.Redirect(w, r, auth.oauthConfig.AuthCodeURL(state, optRedirectPostAuth(r)), http.StatusFound)
+	url := auth.oauthConfig.AuthCodeURL(state, optRedirectPostAuth(r))
+	if IsFrontend(r) {
+		w.Header().Set("X-Redirect-To", url)
+		w.WriteHeader(http.StatusForbidden)
+	} else {
+		http.Redirect(w, r, url, http.StatusFound)
+	}
 }

 func parseClaims(idToken *oidc.IDToken) (*IDTokenClaims, error) {
--- a/internal/auth/utils.go
+++ b/internal/auth/utils.go
@ -1,6 +1,7 @@
 package auth

 import (
+	"net"
 	"net/http"
 	"time"

@ -16,7 +17,15 @@ var (
 )

 func IsFrontend(r *http.Request) bool {
-	return r.Host == common.APIHTTPAddr
+	return requestRemoteIP(r) == "127.0.0.1"
+}
+
+func requestRemoteIP(r *http.Request) string {
+	ip, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		return ""
+	}
+	return ip
 }

 func requestHost(r *http.Request) string {