AlexK/proxy-oidcv2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
KIENTZ Alexandre 2025-12-03 22:14:52 +01:00
parent 20a1ccf08c
commit 4e09e8762b
3 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/controllers/authController.js
View File

@ -203,6 +203,11 @@ export async function authCallback(req, res) {
return res.redirect(redirectUrl); return res.redirect(redirectUrl);
} }
// Log the incoming request details
console.log('Callback request method:', req.method);
console.log('Callback query params:', Object.keys(req.query));
console.log('Callback body params:', Object.keys(req.body));
const { tokenSet, userInfo } = await handleCallback(req); const { tokenSet, userInfo } = await handleCallback(req);
req.session.tokenSet = tokenSet; req.session.tokenSet = tokenSet;
@ -218,8 +223,11 @@ export async function authCallback(req, res) {
res.redirect(redirectUrl); res.redirect(redirectUrl);
} catch (error) { } catch (error) {
console.error('Callback error:', error); console.error('Callback error:', error.message);
res.status(401).send('Authentication failed'); console.error('Callback error details:', error);
console.error('Session state:', req.session?.state);
console.error('Session nonce:', req.session?.nonce);
res.status(401).send(`Authentication failed: ${error.message}`);
} }
} }

20
src/middleware/oidcMiddleware.js
View File

@ -65,10 +65,24 @@ export async function handleCallback(req) {
...req.body, ...req.body,
}; };
const tokenSet = await client.callback(config.oidc.redirectUri, params, { // Log for debugging
console.log('OAuth callback params:', { code: params.code ? 'present' : 'missing', state: params.state ? 'present' : 'missing', error: params.error || 'none' });
console.log('Session state:', req.session.state ? 'present' : 'missing');
console.log('Session nonce:', req.session.nonce ? 'present' : 'missing');
// Prepare validation options - only include state if it was provided by the provider
const validationOpts = {
nonce: req.session.nonce, nonce: req.session.nonce,
state: req.session.state, };
});
// Only validate state if the provider sent it back
if (params.state) {
validationOpts.state = req.session.state;
}
console.log('Validation options:', { hasNonce: !!validationOpts.nonce, hasState: !!validationOpts.state });
const tokenSet = await client.callback(config.oidc.redirectUri, params, validationOpts);
const userInfo = await client.userinfo(tokenSet); const userInfo = await client.userinfo(tokenSet);

14
src/server.js
View File

@ -22,10 +22,18 @@ import reverseProxyMiddleware from './middleware/proxyMiddleware.js';
const app = express(); const app = express();
const FileStoreSession = FileStore(session); const FileStoreSession = FileStore(session);
// Create sessions directory FIRST (before any middleware) // Create sessions directory FIRST (before any middleware) with proper permissions
const sessionsDir = path.join(process.cwd(), 'sessions');
try { try {
const sessionsDir = path.join(process.cwd(), 'sessions'); // Create with mode 0o755 for read/write access
fs.mkdirSync(sessionsDir, { recursive: true }); if (!fs.existsSync(sessionsDir)) {
fs.mkdirSync(sessionsDir, { recursive: true, mode: 0o755 });
console.log('✓ Sessions directory created at:', sessionsDir);
} else {
console.log('✓ Sessions directory exists at:', sessionsDir);
// Ensure proper permissions
fs.chmodSync(sessionsDir, 0o755);
}
} catch (error) { } catch (error) {
console.error('✗ Failed to create sessions directory:', error); console.error('✗ Failed to create sessions directory:', error);
process.exit(1); process.exit(1);