From b6be4dea21d606f54f67c58e6d3a1803739ddbb8 Mon Sep 17 00:00:00 2001
From: Tao Chen <42793494+IamTaoChen@users.noreply.github.com>
Date: Thu, 31 Jul 2025 10:46:11 +0800
Subject: [PATCH] feat: Optimize login workflow (#345)

* add "disable_pwd" and "auto_oidc" at /admin/login-options

* fix: build RedirectURL by host and scheme, not Origin
---
 http/controller/admin/login.go |  2 ++
 service/oauth.go               | 27 ++++++++++++++++++++++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/http/controller/admin/login.go b/http/controller/admin/login.go
index 7153e3a..a67738d 100644
--- a/http/controller/admin/login.go
+++ b/http/controller/admin/login.go
@@ -169,6 +169,8 @@ func (ct *Login) LoginOptions(c *gin.Context) {
 		"ops":          ops,
 		"register":     global.Config.App.Register,
 		"need_captcha": needCaptcha,
+		"disable_pwd": 	global.Config.App.DisablePwdLogin,
+		"auto_oidc":  	global.Config.App.DisablePwdLogin && len(ops) == 1,
 	})
 }
 
diff --git a/service/oauth.go b/service/oauth.go
index d03375a..fbeff8b 100644
--- a/service/oauth.go
+++ b/service/oauth.go
@@ -180,14 +180,12 @@ func (os *OauthService) GetOauthConfig(c *gin.Context, op string) (err error, oa
 	if oauthInfo.Id == 0 || oauthInfo.ClientId == "" || oauthInfo.ClientSecret == "" {
 		return errors.New("ConfigNotFound"), nil, nil, nil
 	}
-	host := c.GetHeader("Origin")
-	if host == "" {
-		host = Config.Rustdesk.ApiServer
-	}
+	redirectUrl := os.buildRedirectURL(c)
+	Logger.Debug("Redirect URL: ", redirectUrl)
 	oauthConfig = &oauth2.Config{
 		ClientID:     oauthInfo.ClientId,
 		ClientSecret: oauthInfo.ClientSecret,
-		RedirectURL:  host + "/api/oidc/callback",
+		RedirectURL:  redirectUrl,
 	}
 
 	// Maybe should validate the oauthConfig here
@@ -529,3 +527,22 @@ func (os *OauthService) getGithubPrimaryEmail(client *http.Client, githubUser *m
 
 	return fmt.Errorf("no primary verified email found")
 }
+
+func (os *OauthService) buildRedirectURL(c *gin.Context) string {
+	baseUrl := Config.Rustdesk.ApiServer
+	host := c.Request.Host
+
+	if host != "" {
+		scheme := c.GetHeader("X-Forwarded-Proto")
+		if scheme == "" {
+			if c.Request.TLS != nil {
+				scheme = "https"
+			} else {
+				scheme = "http"
+			}
+		}
+		baseUrl = fmt.Sprintf("%s://%s", scheme, host)
+	}
+
+	return fmt.Sprintf("%s/api/oidc/callback", baseUrl)
+}
\ No newline at end of file