@auth/core - npm Package Compare versions

lib/oauth/authorization-url.js

		@@ -37,5 +37,7 @@ import * as checks from "./checks.js";
		const cookies = [];
		// TODO: verify that comparison is safe
		const isOriginProxy = provider.redirectProxy?.startsWith(options.url.origin);
		const data = isOriginProxy ? undefined : { origin: provider.callbackUrl };
		const data = !provider.redirectProxy \|\|
		// TODO: verify that comparison is safe
		provider.redirectProxy.startsWith(options.url.origin)
		? undefined
		: { origin: provider.callbackUrl };
		const state = await checks.state.create(options, data);
		@@ -42,0 +44,0 @@ if (state) {

lib/oauth/checks.js

		@@ -92,3 +92,4 @@ import * as o from "oauth4webapi";
		throw new InvalidState("Could not parse state cookie.");
		if (options.provider.redirectProxy) {
		const isOriginProxy = provider.redirectProxy?.startsWith(options.url.origin);
		if (!isOriginProxy) {
		if (!paramRandom)
		@@ -95,0 +96,0 @@ throw new InvalidState("Random state was missing in the decoded `state` parameter, but required when using `redirectProxy`.");

lib/routes/callback.js

		@@ -16,9 +16,9 @@ import { handleLogin } from "../callback-handler.js";
		let randomState;
		// TODO: verify that comparison is safe
		const isOriginProxy = provider.redirectProxy?.startsWith(options.url.origin);
		if (isOriginProxy && query?.state) {
		if (provider.redirectProxy && query?.state) {
		const state = decodeState(query.state);
		randomState = state?.random;
		// TODO: verify that comparison is safe
		const isOriginProxy = provider.redirectProxy.startsWith(options.url.origin);
		// TODO: verify that redirect is safe
		if (state?.origin) {
		if (isOriginProxy && state?.origin) {
		return { redirect: `${state.origin}?${new URLSearchParams(query)}` };
		@@ -25,0 +25,0 @@ }

package.json

		{
		"name": "@auth/core",
		"version": "0.0.0-9ed650479",
		"version": "0.0.0-a775c46b1",
		"description": "Authentication for the Web.",
		@@ -5,0 +5,0 @@ "keywords": [

src/lib/oauth/authorization-url.ts

		@@ -61,5 +61,8 @@ import * as checks from "./checks.js"

		// TODO: verify that comparison is safe
		const isOriginProxy = provider.redirectProxy?.startsWith(options.url.origin)
		const data = isOriginProxy ? undefined : { origin: provider.callbackUrl }
		const data =
		!provider.redirectProxy \|\|
		// TODO: verify that comparison is safe
		provider.redirectProxy.startsWith(options.url.origin)
		? undefined
		: { origin: provider.callbackUrl }

		@@ -66,0 +69,0 @@ const state = await checks.state.create(options, data)

src/lib/oauth/checks.ts

		@@ -135,3 +135,4 @@ import * as o from "oauth4webapi"

		if (options.provider.redirectProxy) {
		const isOriginProxy = provider.redirectProxy?.startsWith(options.url.origin)
		if (!isOriginProxy) {
		if (!paramRandom)
		@@ -138,0 +139,0 @@ throw new InvalidState(

src/lib/routes/callback.ts

		@@ -49,7 +49,3 @@ import { handleLogin } from "../callback-handler.js"

		// TODO: verify that comparison is safe
		const isOriginProxy = provider.redirectProxy?.startsWith(
		options.url.origin
		)
		if (isOriginProxy && query?.state) {
		if (provider.redirectProxy && query?.state) {
		const state = decodeState<{ origin: string; random: string }>(
		@@ -61,4 +57,8 @@ query.state

		// TODO: verify that comparison is safe
		const isOriginProxy = provider.redirectProxy.startsWith(
		options.url.origin
		)
		// TODO: verify that redirect is safe
		if (state?.origin) {
		if (isOriginProxy && state?.origin) {
		return { redirect: `${state.origin}?${new URLSearchParams(query)}` }
		@@ -65,0 +65,0 @@ }

lib/oauth/authorization-url.d.ts.map

Sorry, the diff of this file is not supported yet

lib/oauth/checks.d.ts.map

Sorry, the diff of this file is not supported yet

New alerts