Skip to content

Commit 32bda97

Browse files
lovasoalovasoa
committed
improve local oidc configurability
1 parent d5fd554 commit 32bda97

File tree

1 file changed

+33
-15
lines changed

1 file changed

+33
-15
lines changed

src/webserver/oidc.rs

Lines changed: 33 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,15 @@ impl TryFrom<&AppConfig> for OidcConfig {
4141
.host
4242
.as_ref()
4343
.or_else(|| config.https_domain.as_ref())
44-
.ok_or(Some("The \"host\" or \"https_domain\" setting is required to build the OIDC redirect URL"))?;
44+
.cloned()
45+
.unwrap_or_else(|| {
46+
let host = config.listen_on().to_string();
47+
log::warn!(
48+
"No host or https_domain provided in the configuration, using \"{}\" as the app host to build the redirect URL. This will only work locally.",
49+
host
50+
);
51+
host
52+
});
4553

4654
Ok(Self {
4755
issuer_url: issuer_url.clone(),
@@ -300,20 +308,30 @@ fn make_oidc_client(
300308
let client_id = openidconnect::ClientId::new(config.client_id.clone());
301309
let client_secret = openidconnect::ClientSecret::new(config.client_secret.clone());
302310

303-
let local_hosts = ["localhost", "127.0.0.1", "::1"];
304-
let is_localhost = local_hosts.iter().any(|host| {
305-
config.app_host.starts_with(host)
306-
&& config
307-
.app_host
308-
.get(host.len()..(host.len() + 1))
309-
.is_none_or(|c| c == ":")
310-
});
311-
let redirect_url = RedirectUrl::new(format!(
312-
"{}://{}{}",
313-
if is_localhost { "http" } else { "https" },
314-
config.app_host,
315-
SQLPAGE_REDIRECT_URI,
316-
))?;
311+
let mut redirect_url = RedirectUrl::new(format!(
312+
"https://{}{}",
313+
config.app_host, SQLPAGE_REDIRECT_URI,
314+
))
315+
.with_context(|| {
316+
format!(
317+
"Failed to build the redirect URL; invalid app host \"{}\"",
318+
config.app_host
319+
)
320+
})?;
321+
let needs_http = match redirect_url.url().host() {
322+
Some(openidconnect::url::Host::Domain(domain)) => domain == "localhost",
323+
Some(openidconnect::url::Host::Ipv4(_)) => true,
324+
Some(openidconnect::url::Host::Ipv6(_)) => true,
325+
None => false,
326+
};
327+
if needs_http {
328+
log::debug!("Redirect URL is local, changing to HTTP");
329+
redirect_url = RedirectUrl::new(format!(
330+
"http://{}{}",
331+
config.app_host, SQLPAGE_REDIRECT_URI,
332+
))?;
333+
}
334+
log::debug!("Redirect URL: {redirect_url}");
317335
let client = openidconnect::core::CoreClient::from_provider_metadata(
318336
provider_metadata,
319337
client_id,

0 commit comments

Comments
 (0)