frontend: Janky code to make redirects after login work

2025-12-14 11:42:25 +00:00 · 2025-04-13 19:55:48 +02:00
parent 14e5533b6f
commit 64233f91d2
7 changed files with 89 additions and 21 deletions
--- a/crates/frontend/src/routes/login.rs
+++ b/crates/frontend/src/routes/login.rs
@@ -3,7 +3,7 @@ use actix_session::Session;
 use actix_web::{
    HttpRequest, HttpResponse, Responder,
    error::ErrorUnauthorized,
-    web::{Data, Form, Redirect},
+    web::{Data, Form, Query, Redirect},
 };
 use askama::Template;
 use askama_web::WebTemplate;
@@ -13,11 +13,22 @@ use serde::Deserialize;
 #[derive(Template, WebTemplate)]
 #[template(path = "pages/login.html")]
 struct LoginPage<'a> {
+    redirect_uri: Option<String>,
    oidc_data: Option<OidcProviderData<'a>>,
 }

-pub async fn route_get_login(req: HttpRequest, config: Data<FrontendConfig>) -> impl Responder {
+#[derive(Debug, Deserialize)]
+pub struct GetLoginQuery {
+    redirect_uri: Option<String>,
+}
+
+pub async fn route_get_login(
+    Query(GetLoginQuery { redirect_uri }): Query<GetLoginQuery>,
+    req: HttpRequest,
+    config: Data<FrontendConfig>,
+) -> impl Responder {
    LoginPage {
+        redirect_uri,
        oidc_data: config.oidc.as_ref().map(|oidc| OidcProviderData {
            name: &oidc.name,
            redirect_url: req
@@ -33,20 +44,35 @@ pub async fn route_get_login(req: HttpRequest, config: Data<FrontendConfig>) ->
 pub struct PostLoginForm {
    username: String,
    password: String,
+    redirect_uri: Option<String>,
 }

 pub async fn route_post_login<AP: AuthenticationProvider>(
    req: HttpRequest,
-    form: Form<PostLoginForm>,
+    Form(PostLoginForm {
+        username,
+        password,
+        redirect_uri,
+    }): Form<PostLoginForm>,
    session: Session,
    auth_provider: Data<AP>,
 ) -> HttpResponse {
+    // Ensure that redirect_uri never goes cross-origin
+    let default_redirect = "/frontend/user".to_string();
+    let redirect_uri = redirect_uri.unwrap_or(default_redirect.clone());
+    let redirect_uri = req
+        .full_url()
+        .join(&redirect_uri)
+        .ok()
+        .and_then(|uri| req.full_url().make_relative(&uri))
+        .unwrap_or(default_redirect);
+
    if let Ok(Some(user)) = auth_provider
-        .validate_user_token(&form.username, &form.password)
+        .validate_user_token(&username, &password)
        .await
    {
        session.insert("user", user.id).unwrap();
-        Redirect::to(format!("/frontend/user/{}", &form.username))
+        Redirect::to(redirect_uri)
            .see_other()
            .respond_to(&req)
            .map_into_boxed_body()