fix: possible redirect url inconsistency (#1003)

uubulb · web-flow · commit 5fc1c8d83ca4 · 2025-02-24T20:53:11.000+08:00
diff --git a/cmd/dashboard/controller/oauth2.go b/cmd/dashboard/controller/oauth2.go
@@ -51,17 +51,19 @@ func oauth2redirect(c *gin.Context) (*model.Oauth2LoginResponse, error) {
 	if !has {
 		return nil, singleton.Localizer.ErrorT("provider not found")
 	}
-	o2conf := o2confRaw.Setup(getRedirectURL(c))
+	redirectURL := getRedirectURL(c)
+	o2conf := o2confRaw.Setup(redirectURL)
 
 	randomString, err := utils.GenerateRandomString(32)
 	if err != nil {
 		return nil, err
 	}
 	state, stateKey := randomString[:16], randomString[16:]
 	singleton.Cache.Set(fmt.Sprintf("%s%s", model.CacheKeyOauth2State, stateKey), &model.Oauth2State{
-		Action:   model.Oauth2LoginType(rTypeInt),
-		Provider: provider,
-		State:    state,
+		Action:      model.Oauth2LoginType(rTypeInt),
+		Provider:    provider,
+		State:       state,
+		RedirectURL: redirectURL,
 	}, cache.DefaultExpiration)
 
 	url := o2conf.AuthCodeURL(state, oauth2.AccessTypeOnline)
@@ -138,7 +140,7 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (any,
 			return nil, singleton.Localizer.ErrorT("code is required")
 		}
 
-		openId, err := exchangeOpenId(c, o2confRaw, callbackData)
+		openId, err := exchangeOpenId(c, o2confRaw, callbackData, state.RedirectURL)
 		if err != nil {
 			model.BlockIP(singleton.DB, realip, model.WAFBlockReasonTypeBruteForceOauth2, model.BlockIDToken)
 			return nil, err
@@ -188,8 +190,9 @@ func oauth2callback(jwtConfig *jwt.GinJWTMiddleware) func(c *gin.Context) (any,
 	}
 }
 
-func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config, callbackData *model.Oauth2Callback) (string, error) {
-	o2conf := o2confRaw.Setup(getRedirectURL(c))
+func exchangeOpenId(c *gin.Context, o2confRaw *model.Oauth2Config,
+	callbackData *model.Oauth2Callback, redirectURL string) (string, error) {
+	o2conf := o2confRaw.Setup(redirectURL)
 	ctx := context.Background()
 
 	otk, err := o2conf.Exchange(ctx, callbackData.Code)
diff --git a/model/oauth2bind.go b/model/oauth2bind.go
@@ -17,7 +17,8 @@ const (
 )
 
 type Oauth2State struct {
-	Action   Oauth2LoginType
-	Provider string
-	State    string
+	Action      Oauth2LoginType
+	Provider    string
+	State       string
+	RedirectURL string
 }

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,8 @@ const (`
`17`	`17`	`)`
`18`	`18`
`19`	`19`	`type Oauth2State struct {`
`20`		`- Action Oauth2LoginType`
`21`		`- Provider string`
`22`		`- State string`
	`20`	`+ Action Oauth2LoginType`
	`21`	`+ Provider string`
	`22`	`+ State string`
	`23`	`+ RedirectURL string`
`23`	`24`	`}`