mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-07-19 02:56:23 +08:00
feat: drop outdated session (#14373)
#### PR Dependency Tree * **PR #14373** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added client version tracking and validation to ensure application compatibility across authentication flows and sessions. * Enhanced OAuth authentication with improved version handling during sign-in and refresh operations. * **Bug Fixes** * Improved payment callback URL handling with safer defaults for redirect links. * **Tests** * Expanded test coverage for client version enforcement and session management. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
@@ -5,7 +5,12 @@ import type { Request } from 'express';
|
||||
import { nanoid } from 'nanoid';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { CaptchaVerificationFailed, Config, OnEvent } from '../../base';
|
||||
import {
|
||||
CaptchaVerificationFailed,
|
||||
Config,
|
||||
getRequestClientIp,
|
||||
OnEvent,
|
||||
} from '../../base';
|
||||
import { ServerFeature, ServerService } from '../../core';
|
||||
import { Models, TokenType } from '../../models';
|
||||
import { verifyChallengeResponse } from '../../native';
|
||||
@@ -133,7 +138,7 @@ export class CaptchaService {
|
||||
} else {
|
||||
const isTokenVerified = await this.verifyCaptchaToken(
|
||||
credential.token,
|
||||
req.headers['CF-Connecting-IP'] as string
|
||||
getRequestClientIp(req)
|
||||
);
|
||||
|
||||
if (!isTokenVerified) {
|
||||
|
||||
@@ -15,6 +15,7 @@ import type { Request, Response } from 'express';
|
||||
import {
|
||||
ActionForbidden,
|
||||
Config,
|
||||
getClientVersionFromRequest,
|
||||
InvalidAuthState,
|
||||
InvalidOauthCallbackState,
|
||||
MissingOauthQueryParameter,
|
||||
@@ -50,6 +51,7 @@ export class OAuthController {
|
||||
@Post('/preflight')
|
||||
@HttpCode(HttpStatus.OK)
|
||||
async preflight(
|
||||
@Req() req: Request,
|
||||
@Body('provider') unknownProviderName?: keyof typeof OAuthProviderName,
|
||||
@Body('redirect_uri') redirectUri?: string,
|
||||
@Body('client') client?: string,
|
||||
@@ -75,11 +77,13 @@ export class OAuthController {
|
||||
throw new ActionForbidden();
|
||||
}
|
||||
|
||||
const clientVersion = getClientVersionFromRequest(req);
|
||||
const state = await this.oauth.saveOAuthState({
|
||||
provider: providerName,
|
||||
redirectUri,
|
||||
client,
|
||||
clientNonce,
|
||||
clientVersion,
|
||||
...(pkce
|
||||
? {
|
||||
pkce: {
|
||||
@@ -220,7 +224,7 @@ export class OAuthController {
|
||||
tokens
|
||||
);
|
||||
|
||||
await this.auth.setCookies(req, res, user.id);
|
||||
await this.auth.setCookies(req, res, user.id, state.clientVersion);
|
||||
|
||||
if (
|
||||
state.provider === OAuthProviderName.Apple &&
|
||||
|
||||
@@ -13,6 +13,7 @@ export interface OAuthState {
|
||||
redirectUri?: string;
|
||||
client?: string;
|
||||
clientNonce?: string;
|
||||
clientVersion?: string;
|
||||
provider: OAuthProviderName;
|
||||
pkce?: OAuthPkceState;
|
||||
token?: string;
|
||||
|
||||
@@ -87,7 +87,7 @@ export class SelfhostTeamSubscriptionManager extends SubscriptionManager {
|
||||
return { allow_promotion_codes: true };
|
||||
})();
|
||||
|
||||
let successUrl = this.url.link(params.successCallbackLink);
|
||||
let successUrl = this.url.safeLink(params.successCallbackLink || '/');
|
||||
// stripe only accept unescaped '{CHECKOUT_SESSION_ID}' as query
|
||||
successUrl = this.url.addSimpleQuery(
|
||||
successUrl,
|
||||
|
||||
@@ -204,7 +204,7 @@ export class UserSubscriptionManager extends SubscriptionManager {
|
||||
],
|
||||
...mode,
|
||||
...discounts,
|
||||
success_url: this.url.link(params.successCallbackLink),
|
||||
success_url: this.url.safeLink(params.successCallbackLink || '/'),
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -120,7 +120,7 @@ export class WorkspaceSubscriptionManager extends SubscriptionManager {
|
||||
},
|
||||
},
|
||||
...discounts,
|
||||
success_url: this.url.link(params.successCallbackLink),
|
||||
success_url: this.url.safeLink(params.successCallbackLink || '/'),
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user