feat: Improve oauth redirect (#303)

* fix: redirects after oauth can potentially misalign with server's actually hostname * feat: remove `RedirectURL` from oauth config, as it should checked by provider rather than client * feat: align oauth endpoint with the hostname in requests
2026-02-16 11:10:53 +00:00 · 2025-07-04 16:30:07 +10:00
parent 17dcff4f43
commit c52706e621
11 changed files with 40 additions and 57 deletions
--- a/http/controller/admin/login.go
+++ b/http/controller/admin/login.go
@@ -2,6 +2,7 @@ package admin

 import (
 	"fmt"
+
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/controller/api"
@@ -188,7 +189,7 @@ func (ct *Login) OidcAuth(c *gin.Context) {
 		return
 	}

-	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(f.Op)
+	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(c, f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
--- a/http/controller/admin/oauth.go
+++ b/http/controller/admin/oauth.go
@@ -1,13 +1,14 @@
 package admin

 import (
+	"strconv"
+
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	adminReq "github.com/lejianwen/rustdesk-api/v2/http/request/admin"
 	"github.com/lejianwen/rustdesk-api/v2/http/response"
 	"github.com/lejianwen/rustdesk-api/v2/service"
-	"strconv"
 )

 type Oauth struct {
@@ -43,7 +44,7 @@ func (o *Oauth) ToBind(c *gin.Context) {
 		return
 	}

-	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(f.Op)
+	err, state, verifier, nonce, url := service.AllService.OauthService.BeginAuth(c, f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
--- a/http/controller/api/ouath.go
+++ b/http/controller/api/ouath.go
@@ -1,6 +1,8 @@
 package api

 import (
+	"net/http"
+
 	"github.com/gin-gonic/gin"
 	"github.com/lejianwen/rustdesk-api/v2/global"
 	"github.com/lejianwen/rustdesk-api/v2/http/request/api"
@@ -10,7 +12,6 @@ import (
 	"github.com/lejianwen/rustdesk-api/v2/service"
 	"github.com/lejianwen/rustdesk-api/v2/utils"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
-	"net/http"
 )

 type Oauth struct {
@@ -35,7 +36,7 @@ func (o *Oauth) OidcAuth(c *gin.Context) {

 	oauthService := service.AllService.OauthService

-	err, state, verifier, nonce, url := oauthService.BeginAuth(f.Op)
+	err, state, verifier, nonce, url := oauthService.BeginAuth(c, f.Op)
 	if err != nil {
 		response.Error(c, response.TranslateMsg(c, err.Error()))
 		return
@@ -169,7 +170,7 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
 	var user *model.User
 	// 获取用户信息
 	code := c.Query("code")
-	err, oauthUser := oauthService.Callback(code, verifier, op, nonce)
+	err, oauthUser := oauthService.Callback(c, code, verifier, op, nonce)
 	if err != nil {
 		c.HTML(http.StatusOK, "oauth_fail.html", gin.H{
 			"message":     "OauthFailed",
@@ -225,8 +226,7 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
 			if !*oauthConfig.AutoRegister {
 				//c.String(http.StatusInternalServerError, "还未绑定用户，请先绑定")
 				oauthCache.UpdateFromOauthUser(oauthUser)
-				url := global.Config.Rustdesk.ApiServer + "/_admin/#/oauth/bind/" + cacheKey
-				c.Redirect(http.StatusFound, url)
+				c.Redirect(http.StatusFound, "/_admin/#/oauth/bind/"+cacheKey)
 				return
 			}

@@ -251,8 +251,7 @@ func (o *Oauth) OauthCallback(c *gin.Context) {
 				Type:     model.LoginLogTypeOauth,
 				Platform: oauthService.DeviceOs,
 			})*/
-			url := global.Config.Rustdesk.ApiServer + "/_admin/#/"
-			c.Redirect(http.StatusFound, url)
+			c.Redirect(http.StatusFound, "/_admin/#/")
 			return
 		}
 		c.HTML(http.StatusOK, "oauth_success.html", gin.H{
--- a/http/request/admin/oauth.go
+++ b/http/request/admin/oauth.go
@@ -22,7 +22,6 @@ type OauthForm struct {
 	Scopes       string `json:"scopes" validate:"omitempty"`
 	ClientId     string `json:"client_id" validate:"required"`
 	ClientSecret string `json:"client_secret" validate:"required"`
-	RedirectUrl  string `json:"redirect_url" validate:"required"`
 	AutoRegister *bool  `json:"auto_register"`
 	PkceEnable   *bool  `json:"pkce_enable"`
 	PkceMethod   string `json:"pkce_method"`
@@ -34,7 +33,6 @@ func (of *OauthForm) ToOauth() *model.Oauth {
 		OauthType:    of.OauthType,
 		ClientId:     of.ClientId,
 		ClientSecret: of.ClientSecret,
-		RedirectUrl:  of.RedirectUrl,
 		AutoRegister: of.AutoRegister,
 		Issuer:       of.Issuer,
 		Scopes:       of.Scopes,