velocitatem/cvfs
1
0
Fork 0
mirror of https://github.com/velocitatem/cvfs.git synced 2026-05-31 16:53:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

use authentik host for authorize urls

Browse Source
This commit is contained in:
Daniel Rosel
2026-04-03 19:13:28 +02:00
parent 81165ca9db
commit 531c27b669
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/webapp/src/app/api/auth/callback/route.ts
View File

@@ -1,5 +1,15 @@
import { NextRequest, NextResponse } from 'next/server'; import { NextRequest, NextResponse } from 'next/server';
function authentikBase(url?: string | null) {
if (!url) return null;
try {
const parsed = new URL(url);
return parsed.origin.replace(/\/$/, '');
} catch {
return null;
}
}
export async function GET(req: NextRequest) { export async function GET(req: NextRequest) {
const { searchParams, origin } = new URL(req.url); const { searchParams, origin } = new URL(req.url);
const code = searchParams.get('code'); const code = searchParams.get('code');
@@ -11,13 +21,13 @@ export async function GET(req: NextRequest) {
const clientSecret = process.env.AUTHENTIK_CLIENT_SECRET; const clientSecret = process.env.AUTHENTIK_CLIENT_SECRET;
const redirectUri = `${process.env.NEXT_PUBLIC_BASE_URL ?? origin}/api/auth/callback`; const redirectUri = `${process.env.NEXT_PUBLIC_BASE_URL ?? origin}/api/auth/callback`;
const issuer = issuerRaw?.replace(/\/application\/o\/authorize\/?$/, '').replace(/\/$/, ''); const authentikHost = authentikBase(issuerRaw);
if (!issuer || !clientId || !clientSecret) { if (!authentikHost || !clientId || !clientSecret) {
return NextResponse.redirect(`${origin}/login?error=oidc_not_configured`); return NextResponse.redirect(`${origin}/login?error=oidc_not_configured`);
} }
const tokenRes = await fetch(`${issuer}/application/o/token/`, { const tokenRes = await fetch(`${authentikHost}/application/o/token/`, {
method: 'POST', method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' }, headers: { 'content-type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({ body: new URLSearchParams({

15
apps/webapp/src/app/login/page.tsx
View File

@@ -3,23 +3,28 @@
import { useState } from 'react'; import { useState } from 'react';
import { useRouter } from 'next/navigation'; import { useRouter } from 'next/navigation';
function normalizeIssuer(url?: string | null) { function authentikBase(url?: string | null) {
if (!url) return null; if (!url) return null;
return url.replace(/\/application\/o\/authorize\/?$/, '').replace(/\/$/, ''); try {
const parsed = new URL(url);
return parsed.origin.replace(/\/$/, '');
} catch {
return null;
}
} }
function authentikUrl() { function authentikUrl() {
const issuer = normalizeIssuer(process.env.NEXT_PUBLIC_AUTHENTIK_ISSUER); const baseHost = authentikBase(process.env.NEXT_PUBLIC_AUTHENTIK_ISSUER);
const clientId = process.env.NEXT_PUBLIC_AUTHENTIK_CLIENT_ID; const clientId = process.env.NEXT_PUBLIC_AUTHENTIK_CLIENT_ID;
const base = process.env.NEXT_PUBLIC_BASE_URL ?? (typeof window !== 'undefined' ? window.location.origin : ''); const base = process.env.NEXT_PUBLIC_BASE_URL ?? (typeof window !== 'undefined' ? window.location.origin : '');
if (!issuer || !clientId) return null; if (!baseHost || !clientId) return null;
const params = new URLSearchParams({ const params = new URLSearchParams({
response_type: 'code', response_type: 'code',
client_id: clientId, client_id: clientId,
redirect_uri: `${base}/api/auth/callback`, redirect_uri: `${base}/api/auth/callback`,
scope: 'openid email profile', scope: 'openid email profile',
}); });
return `${issuer}/application/o/authorize/?${params}`; return `${baseHost}/application/o/authorize/?${params}`;
} }
export default function LoginPage() { export default function LoginPage() {