fix: Redirect URL verification

vriteio · May 12, 2024 · 310b660 · 310b660
1 parent 6fe8ba0
commit 310b660
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/apps/web/src/lib/utils/validate.ts b/apps/web/src/lib/utils/validate.ts
@@ -22,10 +22,23 @@ const validateURL = (input: string): boolean => {
 
   return url.protocol === "http:" || url.protocol === "https:";
 };
+const validateRedirectURL = (input: string): boolean => {
+  if (input.startsWith("/")) return true;
+  if (validateURL(input) && input.startsWith(window.env.PUBLIC_APP_URL)) return true;
+
+  return false;
+};
 const validatePassword = (input: string): boolean => {
   const passwordRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/;
 
   return passwordRegex.test(input);
 };
 
-export { validateEmail, validateUsername, validateKey, validateURL, validatePassword };
+export {
+  validateEmail,
+  validateUsername,
+  validateKey,
+  validateURL,
+  validatePassword,
+  validateRedirectURL
+};
diff --git a/apps/web/src/views/auth/view.tsx b/apps/web/src/views/auth/view.tsx
@@ -16,7 +16,7 @@ import { mdiGithub, mdiEmail, mdiFormTextboxPassword } from "@mdi/js";
 import { createStore, SetStoreFunction } from "solid-js/store";
 import { useNavigate } from "@solidjs/router";
 import { Card, IconButton, Tooltip } from "#components/primitives";
-import { createRef, validateEmail } from "#lib/utils";
+import { createRef, validateEmail, validateRedirectURL } from "#lib/utils";
 import { useClient, useHostConfig } from "#context";
 import { logoIcon } from "#assets/icons";
 
@@ -46,7 +46,8 @@ const AuthView: Component = () => {
   const navigate = useNavigate();
   const [showForm, setShowForm] = createSignal(false);
   const initialError = new URL(location.href).searchParams.get("error");
-  const redirect = new URL(location.href).searchParams.get("redirect") || "/";
+  const redirectParam = new URL(location.href).searchParams.get("redirect") || "/";
+  const redirect = validateRedirectURL(redirectParam) ? redirectParam : "/";
   const plan = new URL(location.href).searchParams.get("plan") || "personal";
   const [formData, setFormData] = createStore<AuthFormData>({
     password: "",

diff --git a/packages/backend/src/routes/auth/handlers/send-magic-link.ts b/packages/backend/src/routes/auth/handlers/send-magic-link.ts
@@ -14,6 +14,10 @@ const inputSchema = z.object({
 const handler = async (ctx: Context, input: z.infer<typeof inputSchema>): Promise<void> => {
   const users = getUsersCollection(ctx.db);
   const user = await users.findOne({ email: input.email });
+  const isValidRedirect =
+    input.redirect?.startsWith("/") ||
+    input.redirect?.startsWith(ctx.fastify.config.PUBLIC_APP_URL);
+  const redirect = isValidRedirect ? input.redirect || "/" : "/";
 
   if (!user) throw errors.notFound("user");
 
@@ -39,12 +43,7 @@ const handler = async (ctx: Context, input: z.infer<typeof inputSchema>): Promis
     "EX",
     60 * 30
   );
-  await ctx.fastify.redis.set(
-    `user:${user._id}:magicLinkRedirect`,
-    input.redirect || "/",
-    "EX",
-    60 * 30
-  );
+  await ctx.fastify.redis.set(`user:${user._id}:magicLinkRedirect`, redirect, "EX", 60 * 30);
   await ctx.fastify.redis.set(`user:${user._id}:magicLinkSent`, "true", "EX", 60);
   await ctx.fastify.email.sendMagicLink(user.email, {
     code: magicLinkCode,