mirror of
https://github.com/teamhanko/hanko.git
synced 2025-10-27 22:27:23 +08:00
601ffaae92
This pull request introduces the new Flowpilot system along with several new features and various improvements. The key enhancements include configurable authorization, registration, and profile flows, as well as the ability to enable and disable user identifiers (e.g., email addresses and usernames) and login methods. --------- Co-authored-by: Frederic Jahn <frederic.jahn@hanko.io> Co-authored-by: Lennart Fleischmann <lennart.fleischmann@hanko.io> Co-authored-by: lfleischmann <67686424+lfleischmann@users.noreply.github.com> Co-authored-by: merlindru <hello@merlindru.com>
65 lines
1.9 KiB
Go
65 lines
1.9 KiB
Go
package shared
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/teamhanko/hanko/backend/flowpilot"
|
|
"net/url"
|
|
)
|
|
|
|
type GenerateOAuthLinks struct {
|
|
Action
|
|
}
|
|
|
|
func (h GenerateOAuthLinks) Execute(c flowpilot.HookExecutionContext) error {
|
|
deps := h.GetDeps(c)
|
|
|
|
returnToUrl := deps.Cfg.ThirdParty.DefaultRedirectURL
|
|
|
|
referer := deps.HttpContext.Request().Header.Get("Referer")
|
|
if referer != "" {
|
|
u, err := url.Parse(referer)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// remove any query and fragment parts of the referer
|
|
u.RawQuery = ""
|
|
u.Fragment = ""
|
|
returnToUrl = u.String()
|
|
}
|
|
|
|
if deps.Cfg.ThirdParty.Providers.GitHub.Enabled {
|
|
c.AddLink(OAuthLink("github", h.generateHref(deps.HttpContext, "github", returnToUrl)))
|
|
}
|
|
if deps.Cfg.ThirdParty.Providers.Google.Enabled {
|
|
c.AddLink(OAuthLink("google", h.generateHref(deps.HttpContext, "google", returnToUrl)))
|
|
}
|
|
if deps.Cfg.ThirdParty.Providers.Apple.Enabled {
|
|
c.AddLink(OAuthLink("apple", h.generateHref(deps.HttpContext, "apple", returnToUrl)))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (h GenerateOAuthLinks) generateHref(c echo.Context, provider string, returnToUrl string) string {
|
|
host := c.Request().Host
|
|
forwardedProto := c.Request().Header.Get("X-Forwarded-Proto")
|
|
if forwardedProto == "" {
|
|
// Assume that a proxy is setting the X-Forwarded-Proto header correctly. Hanko should always be deployed behind a proxy,
|
|
// because you cannot start the backend with https and passkeys only work in a secure context.
|
|
// If the X-Forwarded-Proto header is not set, set it to 'http' because otherwise you would need to set up a https environment for local testing.
|
|
forwardedProto = "http"
|
|
}
|
|
|
|
u, _ := url.Parse(fmt.Sprintf("%s://%s/thirdparty/auth", forwardedProto, host))
|
|
query := url.Values{}
|
|
query.Set("provider", provider)
|
|
if returnToUrl != "" {
|
|
query.Set("redirect_to", returnToUrl)
|
|
}
|
|
u.RawQuery = query.Encode()
|
|
|
|
return u.String()
|
|
}
|