velocitatem/cvfs
1
0
Fork 0
mirror of https://github.com/velocitatem/cvfs.git synced 2026-05-31 08:43:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

use authentik host for authorize urls

Browse Source
This commit is contained in:
Daniel Rosel
2026-04-03 19:13:28 +02:00
parent 81165ca9db
commit 531c27b669
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/webapp/src/app/api/auth/callback/route.ts
View File

@@ -1,5 +1,15 @@
import { NextRequest, NextResponse } from 'next/server';
function authentikBase(url?: string | null) {
if (!url) return null;
try {
const parsed = new URL(url);
return parsed.origin.replace(/\/$/, '');
} catch {
return null;
}
}
export async function GET(req: NextRequest) {
const { searchParams, origin } = new URL(req.url);
const code = searchParams.get('code');
@@ -11,13 +21,13 @@ export async function GET(req: NextRequest) {
const clientSecret = process.env.AUTHENTIK_CLIENT_SECRET;
const redirectUri = `${process.env.NEXT_PUBLIC_BASE_URL ?? origin}/api/auth/callback`;
const issuer = issuerRaw?.replace(/\/application\/o\/authorize\/?$/, '').replace(/\/$/, '');
const authentikHost = authentikBase(issuerRaw);
if (!issuer || !clientId || !clientSecret) {
if (!authentikHost || !clientId || !clientSecret) {
return NextResponse.redirect(`${origin}/login?error=oidc_not_configured`);
}
const tokenRes = await fetch(`${issuer}/application/o/token/`, {
const tokenRes = await fetch(`${authentikHost}/application/o/token/`, {
method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({

15
apps/webapp/src/app/login/page.tsx
View File

@@ -3,23 +3,28 @@
import { useState } from 'react';
import { useRouter } from 'next/navigation';
function normalizeIssuer(url?: string | null) {
function authentikBase(url?: string | null) {
if (!url) return null;
return url.replace(/\/application\/o\/authorize\/?$/, '').replace(/\/$/, '');
try {
const parsed = new URL(url);
return parsed.origin.replace(/\/$/, '');
} catch {
return null;
}
}
function authentikUrl() {
const issuer = normalizeIssuer(process.env.NEXT_PUBLIC_AUTHENTIK_ISSUER);
const baseHost = authentikBase(process.env.NEXT_PUBLIC_AUTHENTIK_ISSUER);
const clientId = process.env.NEXT_PUBLIC_AUTHENTIK_CLIENT_ID;
const base = process.env.NEXT_PUBLIC_BASE_URL ?? (typeof window !== 'undefined' ? window.location.origin : '');
if (!issuer || !clientId) return null;
if (!baseHost || !clientId) return null;
const params = new URLSearchParams({
response_type: 'code',
client_id: clientId,
redirect_uri: `${base}/api/auth/callback`,
scope: 'openid email profile',
});
return `${issuer}/application/o/authorize/?${params}`;
return `${baseHost}/application/o/authorize/?${params}`;
}
export default function LoginPage() {