From 159face27efead0a6ce316754cfc1c64323291db Mon Sep 17 00:00:00 2001
From: Alexandre KIENTZ <alexkientz6@gmail.com>
Date: Wed, 3 Dec 2025 22:08:26 +0100
Subject: [PATCH] first commit

---
 src/middleware/oidcMiddleware.js | 5 ++++-
 src/server.js                    | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/middleware/oidcMiddleware.js b/src/middleware/oidcMiddleware.js
index a6c5fa0..3b669f6 100644
--- a/src/middleware/oidcMiddleware.js
+++ b/src/middleware/oidcMiddleware.js
@@ -46,13 +46,15 @@ export function getOIDCClient() {
 export function getAuthorizationUrl(req) {
   const client = getOIDCClient();
   const nonce = Math.random().toString(36).substring(7);
+  const state = Math.random().toString(36).substring(7);
   req.session.nonce = nonce;
+  req.session.state = state;
 
   return client.authorizationUrl({
     scope: 'openid profile email',
     response_mode: 'form_post',
     nonce,
-    state: Math.random().toString(36).substring(7),
+    state,
   });
 }
 
@@ -65,6 +67,7 @@ export async function handleCallback(req) {
 
   const tokenSet = await client.callback(config.oidc.redirectUri, params, {
     nonce: req.session.nonce,
+    state: req.session.state,
   });
 
   const userInfo = await client.userinfo(tokenSet);
diff --git a/src/server.js b/src/server.js
index c9c47a5..46cd3f2 100644
--- a/src/server.js
+++ b/src/server.js
@@ -54,6 +54,7 @@ async function initialize() {
 }
 
 // Middleware
+app.trust('proxy');
 app.use(requestLogger);
 app.use(securityHeaders);
 app.use(bodyParser.json({ limit: '10mb' }));