fix: fallback redirection and allow non redirect_url query params

Aldiwildan77 · Aldiwildan77 · commit 8a16b8041109 · 2025-03-20T05:16:03.000+07:00
diff --git a/.env.example b/.env.example
@@ -14,6 +14,8 @@ APP_CORS_ALLOW_ORIGINS
 APP_CORS_ALLOW_METHODS
 APP_CORS_ALLOW_CREDENTIALS
 
+APP_FALLBACK_REDIRECT
+
 DB_HOST
 DB_PORT
 DB_USERNAME
diff --git a/cmd/http.go b/cmd/http.go
@@ -44,7 +44,11 @@ func serveHTTP(cmd *cobra.Command, args []string) error {
 		http_middleware.WithAllowCredentials(cfg.App.CORSAllowCredentials),
 	)
 
-	e.Use(CORS, middleware.RequestID())
+	e.Use(
+		CORS,
+		http_middleware.FallbackRedirect(cfg.App.FallbackRedirect),
+		middleware.RequestID(),
+	)
 
 	discordRepository := discord_repository.NewDiscordRepository(cfg.Discord)
 	discordUsecase := module.NewDiscordUsecase(discordRepository)
diff --git a/config/application.go b/config/application.go
@@ -27,6 +27,9 @@ type AppConfig struct {
 	CORSAllowOrigins     []string `env:"APP_CORS_ALLOW_ORIGINS" envSeparator:"," envDefault:"*.mocha-bot.xyz,mocha-bot.xyz"`
 	CORSAllowMethods     []string `env:"APP_CORS_ALLOW_METHODS" envSeparator:"," envDefault:"GET,POST,PUT,DELETE,OPTIONS"`
 	CORSAllowCredentials bool     `env:"APP_CORS_ALLOW_CREDENTIALS" envDefault:"true"`
+
+	// Fallback Redirect
+	FallbackRedirect string `env:"APP_FALLBACK_REDIRECT" envDefault:"https://mocha-bot.xyz"`
 }
 
 func (a AppConfig) GetAddress() string {
diff --git a/core/entity/discord.go b/core/entity/discord.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/go-playground/validator/v10"
-	cookiey "github.com/mocha-bot/mochus/pkg/cookie"
+	cookiey "github.com/mocha-bot/mochus/pkg/cookiey"
 )
 
 const (
diff --git a/core/repository/discord/discord.go b/core/repository/discord/discord.go
@@ -7,7 +7,7 @@ import (
 )
 
 type DiscordRepository interface {
-	GetToken(ctx context.Context, code, redirectURL string) (*entity.AccessToken, error)
+	GetToken(ctx context.Context, code, requestURL string) (*entity.AccessToken, error)
 	GetTokenByRefresh(ctx context.Context, refreshToken string) (*entity.AccessToken, error)
 	RevokeToken(ctx context.Context, req *entity.RevokeTokenRequest) error
 
diff --git a/handler/http/discord.go b/handler/http/discord.go
@@ -6,7 +6,7 @@ import (
 	"github.com/labstack/echo/v4"
 	"github.com/mocha-bot/mochus/config"
 	"github.com/mocha-bot/mochus/core/module"
-	cookiey "github.com/mocha-bot/mochus/pkg/cookie"
+	cookiey "github.com/mocha-bot/mochus/pkg/cookiey"
 )
 
 type discordHandler struct {
diff --git a/handler/http/middleware/redirect.go b/handler/http/middleware/redirect.go
@@ -0,0 +1,14 @@
+package http_middleware
+
+import (
+	"github.com/labstack/echo/v4"
+)
+
+func FallbackRedirect(host string) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			c.Request().Header.Set("X-Fallback-Host", host)
+			return next(c)
+		}
+	}
+}
diff --git a/handler/http/parser.discord.go b/handler/http/parser.discord.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/labstack/echo/v4"
 	"github.com/mocha-bot/mochus/core/entity"
-	cookiey "github.com/mocha-bot/mochus/pkg/cookie"
+	cookiey "github.com/mocha-bot/mochus/pkg/cookiey"
 	"github.com/mocha-bot/mochus/pkg/echoy"
 	zLog "github.com/rs/zerolog/log"
 )
@@ -26,15 +26,21 @@ func parseOauthCallbackRequest(c echo.Context) (*entity.OauthCallbackRequest, er
 	}
 
 	redirectURL := parsedURL.Query().Get(RedirectURLKey)
-	if redirectURL == "" {
-		return nil, fmt.Errorf("%w: %s", entity.ErrorBind, "redirect_url is required")
-	}
 
+	// Construct the final URL for the request URL
+	// Discord known this as a redirect_uri to verify the request
 	finalURL := url.URL{
-		Scheme:   echoy.GetScheme(c),
-		Host:     c.Request().Host,
-		Path:     c.Request().URL.Path,
-		RawQuery: url.Values{RedirectURLKey: {redirectURL}}.Encode(),
+		Scheme: echoy.GetScheme(c),
+		Host:   c.Request().Host,
+		Path:   c.Request().URL.Path,
+	}
+
+	// The redirect URL is optional for the client redirection
+	// If it's not provided, the fallback host will be used
+	if redirectURL == "" {
+		req.RedirectURL = c.Request().Header.Get("X-Fallback-Host")
+	} else {
+		finalURL.RawQuery = url.Values{RedirectURLKey: {req.RedirectURL}}.Encode()
 	}
 
 	req.RequestURL, err = url.QueryUnescape(finalURL.String())
diff --git a/pkg/cookiey/oauth.go b/pkg/cookiey/oauth.go
diff --git a/repository/discord/discord.go b/repository/discord/discord.go
@@ -24,7 +24,7 @@ func NewDiscordRepository(cfg config.DiscordConfig) repository.DiscordRepository
 	}
 }
 
-func (d *discordRepository) GetToken(ctx context.Context, code, redirectURL string) (*entity.AccessToken, error) {
+func (d *discordRepository) GetToken(ctx context.Context, code, requestURL string) (*entity.AccessToken, error) {
 	var response AccessTokenResponse
 
 	headers := map[string]string{
@@ -34,7 +34,7 @@ func (d *discordRepository) GetToken(ctx context.Context, code, redirectURL stri
 	payload := map[string]string{
 		"grant_type":   GrantTypeAuthorizationCode,
 		"code":         code,
-		"redirect_uri": redirectURL,
+		"redirect_uri": requestURL,
 	}
 
 	req := d.client.R().

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,9 @@ type AppConfig struct {`
`27`	`27`	CORSAllowOrigins []string `env:"APP_CORS_ALLOW_ORIGINS" envSeparator:"," envDefault:"*.mocha-bot.xyz,mocha-bot.xyz"`
`28`	`28`	CORSAllowMethods []string `env:"APP_CORS_ALLOW_METHODS" envSeparator:"," envDefault:"GET,POST,PUT,DELETE,OPTIONS"`
`29`	`29`	CORSAllowCredentials bool `env:"APP_CORS_ALLOW_CREDENTIALS" envDefault:"true"`
	`30`	`+`
	`31`	`+ // Fallback Redirect`
	`32`	+ FallbackRedirect string `env:"APP_FALLBACK_REDIRECT" envDefault:"https://mocha-bot.xyz"`
`30`	`33`	`}`
`31`	`34`
`32`	`35`	`func (a AppConfig) GetAddress() string {`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import (`
`6`	`6`	`"time"`
`7`	`7`
`8`	`8`	`"github.com/go-playground/validator/v10"`
`9`		`- cookiey "github.com/mocha-bot/mochus/pkg/cookie"`
	`9`	`+ cookiey "github.com/mocha-bot/mochus/pkg/cookiey"`
`10`	`10`	`)`
`11`	`11`
`12`	`12`	`const (`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ import (`
`7`	`7`	`)`
`8`	`8`
`9`	`9`	`type DiscordRepository interface {`
`10`		`- GetToken(ctx context.Context, code, redirectURL string) (*entity.AccessToken, error)`
	`10`	`+ GetToken(ctx context.Context, code, requestURL string) (*entity.AccessToken, error)`
`11`	`11`	`GetTokenByRefresh(ctx context.Context, refreshToken string) (*entity.AccessToken, error)`
`12`	`12`	`RevokeToken(ctx context.Context, req *entity.RevokeTokenRequest) error`
`13`	`13`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import (`
`6`	`6`	`"github.com/labstack/echo/v4"`
`7`	`7`	`"github.com/mocha-bot/mochus/config"`
`8`	`8`	`"github.com/mocha-bot/mochus/core/module"`
`9`		`- cookiey "github.com/mocha-bot/mochus/pkg/cookie"`
	`9`	`+ cookiey "github.com/mocha-bot/mochus/pkg/cookiey"`
`10`	`10`	`)`
`11`	`11`
`12`	`12`	`type discordHandler struct {`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ func NewDiscordRepository(cfg config.DiscordConfig) repository.DiscordRepository`
`24`	`24`	`}`
`25`	`25`	`}`
`26`	`26`
`27`		`-func (d discordRepository) GetToken(ctx context.Context, code, redirectURL string) (entity.AccessToken, error) {`
	`27`	`+func (d discordRepository) GetToken(ctx context.Context, code, requestURL string) (entity.AccessToken, error) {`
`28`	`28`	`var response AccessTokenResponse`
`29`	`29`
`30`	`30`	`headers := map[string]string{`
`@@ -34,7 +34,7 @@ func (d *discordRepository) GetToken(ctx context.Context, code, redirectURL stri`
`34`	`34`	`payload := map[string]string{`
`35`	`35`	`"grant_type": GrantTypeAuthorizationCode,`
`36`	`36`	`"code": code,`
`37`		`- "redirect_uri": redirectURL,`
	`37`	`+ "redirect_uri": requestURL,`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`req := d.client.R().`