feat: supports redirecting to a specified page after successful login

halo-sigs · Jun 2, 2023 · 1a4b4a1 · 1a4b4a1
1 parent b6e5dae
commit 1a4b4a1
Showing 1 changed file with 54 additions and 4 deletions.
diff --git a/src/main/java/run/halo/oauth/Oauth2LoginConfiguration.java b/src/main/java/run/halo/oauth/Oauth2LoginConfiguration.java
@@ -1,9 +1,13 @@
 package run.halo.oauth;
 
+import java.net.URI;
 import lombok.Getter;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.DelegatingReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
@@ -34,6 +38,7 @@
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory;
 import org.springframework.security.web.server.DefaultServerRedirectStrategy;
 import org.springframework.security.web.server.ServerRedirectStrategy;
+import org.springframework.security.web.server.WebFilterExchange;
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
 import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
@@ -45,6 +50,8 @@
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ClassUtils;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
 import run.halo.app.extension.ReactiveExtensionClient;
 
 /**
@@ -105,10 +112,7 @@ public void setRequestCache(ServerRequestCache requestCache) {
     class Initializer {
 
         ServerAuthenticationSuccessHandler getAuthenticationSuccessHandler() {
-            RedirectServerAuthenticationSuccessHandler handler =
-                new RedirectServerAuthenticationSuccessHandler("/console/dashboard");
-            handler.setRequestCache(requestCache);
-            return handler;
+            return new QueryParamRedirectServerAuthenticationSuccessHandler("/console/dashboard");
         }
 
         ServerAuthenticationFailureHandler getAuthenticationFailureHandler() {
@@ -218,4 +222,50 @@ ReactiveOAuth2AuthorizedClientService getAuthorizedClientService() {
                 getClientRegistrationRepository());
         }
     }
+
+    static class QueryParamRedirectServerAuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
+        private static final String REDIRECT_URI_PARAM = "login_redirect_uri";
+        private URI location = URI.create("/");
+
+        private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
+
+        /**
+         * Creates a new instance with location of "/"
+         */
+        public QueryParamRedirectServerAuthenticationSuccessHandler() {
+        }
+
+        /**
+         * Creates a new instance with the specified location
+         * @param location the location to redirect if the no request is cached in
+         * {@link #setRequestCache(ServerRequestCache)}
+         */
+        public QueryParamRedirectServerAuthenticationSuccessHandler(String location) {
+            this.location = URI.create(location);
+        }
+
+        @Override
+        public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
+            return getRedirectUri(webFilterExchange.getExchange())
+                .defaultIfEmpty(this.location)
+                .flatMap(redirectUri ->
+                    redirectStrategy.sendRedirect(webFilterExchange.getExchange(), redirectUri)
+                );
+        }
+
+        Mono<URI> getRedirectUri(ServerWebExchange exchange) {
+            ServerHttpRequest request = exchange.getRequest();
+            String redirectUriString = request.getQueryParams().getFirst(REDIRECT_URI_PARAM);
+            if (StringUtils.isBlank(redirectUriString)) {
+                return Mono.empty();
+            }
+            URI redirectUri = URI.create(redirectUriString);
+            // Only redirect to the same host and port
+            if (redirectUri.getAuthority() != null
+                && !redirectUri.getAuthority().equals(request.getURI().getAuthority())) {
+                return Mono.empty();
+            }
+            return Mono.just(redirectUri);
+        }
+    }
 }