diff --git a/components/user/UserSignIn.vue b/components/user/UserSignIn.vue index 9f3dc735..ac4eb5e1 100644 --- a/components/user/UserSignIn.vue +++ b/components/user/UserSignIn.vue @@ -26,7 +26,12 @@ async function oauth() { server = server.split('/')[0] try { - location.href = await $fetch(`/api/${server || DEFAULT_SERVER}/login`) + location.href = await $fetch(`/api/${server || DEFAULT_SERVER}/login`, { + method: 'POST', + body: { + origin: location.origin, + }, + }) } catch { displayError = true diff --git a/server/api/[server]/login.ts b/server/api/[server]/login.ts index b813d6d6..d0e823a2 100644 --- a/server/api/[server]/login.ts +++ b/server/api/[server]/login.ts @@ -4,8 +4,9 @@ import { getApp, getRedirectURI } from '~/server/shared' export default defineEventHandler(async (event) => { let { server } = getRouterParams(event) + const { origin } = await readBody(event) server = server.toLocaleLowerCase().trim() - const app = await getApp(server) + const app = await getApp(origin, server) if (!app) { throw createError({ @@ -17,7 +18,7 @@ export default defineEventHandler(async (event) => { const query = stringifyQuery({ client_id: app.client_id, scope: 'read write follow push', - redirect_uri: getRedirectURI(server), + redirect_uri: getRedirectURI(origin, server), response_type: 'code', }) diff --git a/server/api/[server]/oauth.ts b/server/api/[server]/oauth.ts index 62395141..6320c1e7 100644 --- a/server/api/[server]/oauth.ts +++ b/server/api/[server]/oauth.ts @@ -3,9 +3,10 @@ import { createError, defineEventHandler, getQuery, getRouterParams, sendRedirec import { getApp, getRedirectURI } from '~/server/shared' export default defineEventHandler(async (event) => { + const { origin } = getQuery(event) as { origin: string } let { server } = getRouterParams(event) server = server.toLocaleLowerCase().trim() - const app = await getApp(server) + const app = await getApp(origin, server) if (!app) { throw createError({ @@ -27,7 +28,7 @@ export default defineEventHandler(async (event) => { body: { client_id: app.client_id, client_secret: app.client_secret, - redirect_uri: getRedirectURI(server), + redirect_uri: getRedirectURI(origin, server), grant_type: 'authorization_code', code, scope: 'read write follow push', diff --git a/server/shared.ts b/server/shared.ts index 5edcd4a7..b5297493 100644 --- a/server/shared.ts +++ b/server/shared.ts @@ -3,7 +3,7 @@ import _fs from 'unstorage/drivers/fs' // @ts-expect-error unstorage needs to provide backwards-compatible subpath types import _kv from 'unstorage/drivers/cloudflare-kv-http' -import { parseURL } from 'ufo' +import { stringifyQuery } from 'ufo' import { $fetch } from 'ofetch' import type { Storage } from 'unstorage' @@ -14,8 +14,6 @@ import type { AppInfo } from '~/types' import { APP_NAME } from '~/constants' const config = useRuntimeConfig() -export const HOST_URL = config.deployUrl -export const HOST_DOMAIN = parseURL(HOST_URL).host! const fs = _fs as typeof import('unstorage/dist/drivers/fs')['default'] const kv = _kv as typeof import('unstorage/dist/drivers/cloudflare-kv-http')['default'] @@ -33,30 +31,30 @@ else if (config.storage.driver === 'cloudflare') { }))) } -export function getRedirectURI(server: string) { - return `${HOST_URL}/api/${server}/oauth` +export function getRedirectURI(origin: string, server: string) { + return `${origin}/api/${server}/oauth?${stringifyQuery({ origin })}` } -async function fetchAppInfo(server: string) { +async function fetchAppInfo(origin: string, server: string) { const app: AppInfo = await $fetch(`https://${server}/api/v1/apps`, { method: 'POST', body: { client_name: APP_NAME + (config.public.env === 'local' ? ' (dev)' : ''), website: 'https://elk.zone', - redirect_uris: getRedirectURI(server), + redirect_uris: getRedirectURI(origin, server), scopes: 'read write follow push', }, }) return app } -export async function getApp(server: string) { - const key = `servers:${HOST_DOMAIN.replace(/[^\w\d]/g, '-')}:${server}.json` +export async function getApp(origin: string, server: string) { + const key = `servers:${origin.replace(/[^\w\d]/g, '-')}:${server}.json` try { if (await storage.hasItem(key)) return await storage.getItem(key) as Promise - const appInfo = await fetchAppInfo(server) + const appInfo = await fetchAppInfo(origin, server) await storage.setItem(key, appInfo) return appInfo }