mirror of
https://github.com/h44z/wg-portal.git
synced 2026-02-23 02:46:23 +00:00
Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
6e47d8c3e9 | ||
|
|
eb28492539 |
@@ -1,7 +1,7 @@
|
||||
export function base64_url_encode(input) {
|
||||
let output = btoa(input)
|
||||
output = output.replace('+', '.')
|
||||
output = output.replace('/', '_')
|
||||
output = output.replace('=', '-')
|
||||
output = output.replaceAll('+', '.')
|
||||
output = output.replaceAll('/', '_')
|
||||
output = output.replaceAll('=', '-')
|
||||
return output
|
||||
}
|
||||
@@ -6,7 +6,6 @@ import (
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-pkgz/routegroup"
|
||||
@@ -449,7 +448,17 @@ func (e AuthEndpoint) handleLogoutPost() http.HandlerFunc {
|
||||
|
||||
// isValidReturnUrl checks if the given return URL matches the configured external URL of the application.
|
||||
func (e AuthEndpoint) isValidReturnUrl(returnUrl string) bool {
|
||||
if !strings.HasPrefix(returnUrl, e.cfg.Web.ExternalUrl) {
|
||||
expectedUrl, err := url.Parse(e.cfg.Web.ExternalUrl)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
returnUrlParsed, err := url.Parse(returnUrl)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if returnUrlParsed.Scheme != expectedUrl.Scheme || returnUrlParsed.Host != expectedUrl.Host {
|
||||
return false
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user