calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-27 11:12:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle matching wildcards

Browse Source
This commit is contained in:
Owen
2026-04-23 21:25:13 -07:00
parent 07c7501669
commit b4f0b4e285
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/routers/resource/getResourceAuthInfo.ts
View File

@@ -32,6 +32,8 @@ export type GetResourceAuthInfoResponse = {
sso: boolean; sso: boolean;
blockAccess: boolean; blockAccess: boolean;
url: string; url: string;
wildcard: boolean;
fullDomain: string | null;
whitelist: boolean; whitelist: boolean;
skipToIdpId: number | null; skipToIdpId: number | null;
orgId: string; orgId: string;
@@ -130,7 +132,9 @@ export async function getResourceAuthInfo(
const headerAuthExtendedCompatibility = const headerAuthExtendedCompatibility =
result?.resourceHeaderAuthExtendedCompatibility; result?.resourceHeaderAuthExtendedCompatibility;
const url = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`; const url = resource.fullDomain
? `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`
: null;
return response<GetResourceAuthInfoResponse>(res, { return response<GetResourceAuthInfoResponse>(res, {
data: { data: {
@@ -145,7 +149,9 @@ export async function getResourceAuthInfo(
headerAuthExtendedCompatibility !== null, headerAuthExtendedCompatibility !== null,
sso: resource.sso, sso: resource.sso,
blockAccess: resource.blockAccess, blockAccess: resource.blockAccess,
url, url: url ?? "",
wildcard: resource.wildcard ?? false,
fullDomain: resource.fullDomain,
whitelist: resource.emailWhitelistEnabled, whitelist: resource.emailWhitelistEnabled,
skipToIdpId: resource.skipToIdpId, skipToIdpId: resource.skipToIdpId,
orgId: resource.orgId, orgId: resource.orgId,

12
src/app/auth/resource/[resourceGuid]/page.tsx
View File

@@ -106,10 +106,22 @@ export default async function ResourceAuthPage(props: {
const redirectPort = new URL(searchParams.redirect).port; const redirectPort = new URL(searchParams.redirect).port;
const serverResourceHostWithPort = `${serverResourceHost}:${redirectPort}`; const serverResourceHostWithPort = `${serverResourceHost}:${redirectPort}`;
const wildcardMatchesRedirect = (wildcardDomain: string, host: string): boolean => {
if (!wildcardDomain.startsWith("*.")) return false;
const suffix = wildcardDomain.slice(1); // e.g. ".wildcard.owen.fosrl.io"
return host.endsWith(suffix) && host.length > suffix.length;
};
if (serverResourceHost === redirectHost) { if (serverResourceHost === redirectHost) {
redirectUrl = searchParams.redirect; redirectUrl = searchParams.redirect;
} else if (serverResourceHostWithPort === redirectHost) { } else if (serverResourceHostWithPort === redirectHost) {
redirectUrl = searchParams.redirect; redirectUrl = searchParams.redirect;
} else if (
authInfo.wildcard &&
authInfo.fullDomain &&
wildcardMatchesRedirect(authInfo.fullDomain, redirectHost)
) {
redirectUrl = searchParams.redirect;
} }
} catch (e) {} } catch (e) {}
} }