sec: add payload

2024-12-26 08:47:56 +03:00
parent 97187a8e45
commit 17fd260068
2 changed files with 107 additions and 21 deletions
--- a/Endpoint/Controllers/V1/AuthController.cs
+++ b/Endpoint/Controllers/V1/AuthController.cs
@ -16,7 +16,7 @@ using Mirea.Api.Security.Services;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.Security.Claims;
+using System.Linq;
 using System.Threading.Tasks;
 using OAuthProvider = Mirea.Api.Security.Common.Domain.OAuthProvider;

@ -130,17 +130,23 @@ public class AuthController(IOptionsSnapshot<Admin> user, IOptionsSnapshot<Gener
    /// This method generates a redirect URL for the selected provider and redirects the user to it.
    /// </remarks>
    /// <param name="provider">The identifier of the OAuth provider to authorize with.</param>
+    /// <param name="callback">The address where the user will need to be redirected after the end of communication with the OAuth provider</param>
    /// <returns>A redirect to the OAuth provider's authorization URL.</returns>
    /// <exception cref="ControllerArgumentException">Thrown if the specified provider is not valid.</exception>
    [HttpGet("AuthorizeOAuth2")]
    [MaintenanceModeIgnore]
-    public ActionResult AuthorizeOAuth2([FromQuery] int provider)
+    public ActionResult AuthorizeOAuth2([FromQuery] int provider, [FromQuery] Uri callback)
    {
        if (!Enum.IsDefined(typeof(OAuthProvider), provider))
            throw new ControllerArgumentException("There is no selected provider");

-        return Redirect(oAuthService.GetProviderRedirect(HttpContext, GetCookieParams(), HttpContext.GetApiUrl(Url.Action("OAuth2")!),
-            (OAuthProvider)provider).AbsoluteUri);
+        if (!callback.IsAbsoluteUri)
+            throw new ControllerArgumentException("The callback URL must be absolute.");
+
+        return Redirect(oAuthService.GetProviderRedirect(HttpContext, GetCookieParams(),
+            HttpContext.GetApiUrl(Url.Action("OAuth2")!),
+            (OAuthProvider)provider,
+            callback).AbsoluteUri);
    }

    /// <summary>
@ -152,9 +158,17 @@ public class AuthController(IOptionsSnapshot<Admin> user, IOptionsSnapshot<Gener
    /// <returns>A list of available providers and their redirect URLs.</returns>
    [HttpGet("AvailableProviders")]
    [MaintenanceModeIgnore]
-    public ActionResult<List<AvailableOAuthProvidersResponse>> AvailableProviders() =>
+    public ActionResult<List<AvailableOAuthProvidersResponse>> AvailableProviders([FromQuery] Uri callback) =>
        Ok(oAuthService
            .GetAvailableProviders(HttpContext.GetApiUrl(Url.Action("AuthorizeOAuth2")!))
+            .Select(x =>
+            {
+                if (!callback.IsAbsoluteUri)
+                    throw new ControllerArgumentException("The callback URL must be absolute.");
+
+                x.Redirect = new Uri(x.Redirect + "&callback=" + Uri.EscapeDataString(callback.AbsoluteUri));
+                return x;
+            })
            .ConvertToDto());

    /// <summary>