feat: add PKCE support

2025-12-20 05:09:24 +00:00 · 2024-11-15 15:00:25 +01:00
parent 760c8e83bb
commit 3613ac261c
15 changed files with 188 additions and 86 deletions
--- a/backend/internal/middleware/cors.go
+++ b/backend/internal/middleware/cors.go
@@ -1,11 +1,8 @@
 package middleware

 import (
-	"github.com/stonith404/pocket-id/backend/internal/common"
-	"time"
-
-	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
+	"github.com/stonith404/pocket-id/backend/internal/common"
 )

 type CorsMiddleware struct{}
@@ -15,10 +12,22 @@ func NewCorsMiddleware() *CorsMiddleware {
 }

 func (m *CorsMiddleware) Add() gin.HandlerFunc {
-	return cors.New(cors.Config{
-		AllowOrigins: []string{common.EnvConfig.AppURL},
-		AllowMethods: []string{"*"},
-		AllowHeaders: []string{"*"},
-		MaxAge:       12 * time.Hour,
-	})
+	return func(c *gin.Context) {
+		// Allow all origins for the token endpoint
+		if c.FullPath() == "/api/oidc/token" {
+			c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+		} else {
+			c.Writer.Header().Set("Access-Control-Allow-Origin", common.EnvConfig.AppURL)
+		}
+
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "*")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
 }