auth
21:51700827b6ee Browse Files
Redirect after login. After a successful login, redirect based on a query parameter. Only allow redirections to the domain listed in the config and its subdomains. If no redirect is specified, redirect to the root of the domain listed in the config.
1.1 --- a/config.go Sat Aug 16 20:06:30 2014 -0400 1.2 +++ b/config.go Sat Aug 16 20:34:56 2014 -0400 1.3 @@ -59,8 +59,9 @@ 1.4 // The base path of documentation 1.5 DocumentationDomain string 1.6 1.7 - SessionLength time.Duration 1.8 - RequestIPHeader string 1.9 + SessionLength time.Duration 1.10 + RequestIPHeader string 1.11 + LoginRedirectDomain string 1.12 } 1.13 1.14 // NewServerConfig returns a new ServerConfig with default configuration
2.1 --- a/session.go Sat Aug 16 20:06:30 2014 -0400 2.2 +++ b/session.go Sat Aug 16 20:34:56 2014 -0400 2.3 @@ -3,8 +3,10 @@ 2.4 import ( 2.5 "errors" 2.6 "net/http" 2.7 + "net/url" 2.8 "time" 2.9 2.10 + "strings" 2.11 "secondbit.org/uuid" 2.12 ) 2.13 2.14 @@ -72,5 +74,21 @@ 2.15 Secure: true, 2.16 HttpOnly: true, 2.17 }) 2.18 - // TODO: redirect 2.19 + 2.20 + redirectString := r.URL.Query().Get("redirect_to") 2.21 + if redirectString != "" { 2.22 + redirectURI, err := url.Parse(redirectString) 2.23 + if err != nil { 2.24 + // TODO: render a bad request error 2.25 + return 2.26 + } 2.27 + if !strings.HasSuffix("."+ctx.Config.LoginRedirectDomain, redirectURI.Host) && redirectURI.Host != ctx.Config.LoginRedirectDomain { 2.28 + // TODO: render a bad request error 2.29 + return 2.30 + } 2.31 + } else { 2.32 + redirectString = "https://" + ctx.Config.LoginRedirectDomain 2.33 + } 2.34 + http.Redirect(w, r, redirectString, http.StatusFound) 2.35 + return 2.36 }