first commit

2025-12-03 22:14:52 +01:00 · 2025-12-03 22:14:52 +01:00 · 4e09e8762b
commit 4e09e8762b
parent 20a1ccf08c
3 changed files with 38 additions and 8 deletions
--- a/src/controllers/authController.js
+++ b/src/controllers/authController.js
@ -203,6 +203,11 @@ export async function authCallback(req, res) {
      return res.redirect(redirectUrl);
    }

+    // Log the incoming request details
+    console.log('Callback request method:', req.method);
+    console.log('Callback query params:', Object.keys(req.query));
+    console.log('Callback body params:', Object.keys(req.body));
+
    const { tokenSet, userInfo } = await handleCallback(req);

    req.session.tokenSet = tokenSet;
@ -218,8 +223,11 @@ export async function authCallback(req, res) {

    res.redirect(redirectUrl);
  } catch (error) {
-    console.error('Callback error:', error);
-    res.status(401).send('Authentication failed');
+    console.error('Callback error:', error.message);
+    console.error('Callback error details:', error);
+    console.error('Session state:', req.session?.state);
+    console.error('Session nonce:', req.session?.nonce);
+    res.status(401).send(`Authentication failed: ${error.message}`);
  }
 }

--- a/src/middleware/oidcMiddleware.js
+++ b/src/middleware/oidcMiddleware.js
@ -65,10 +65,24 @@ export async function handleCallback(req) {
    ...req.body,
  };

-  const tokenSet = await client.callback(config.oidc.redirectUri, params, {
+  // Log for debugging
+  console.log('OAuth callback params:', { code: params.code ? 'present' : 'missing', state: params.state ? 'present' : 'missing', error: params.error || 'none' });
+  console.log('Session state:', req.session.state ? 'present' : 'missing');
+  console.log('Session nonce:', req.session.nonce ? 'present' : 'missing');
+
+  // Prepare validation options - only include state if it was provided by the provider
+  const validationOpts = {
    nonce: req.session.nonce,
-    state: req.session.state,
-  });
+  };
+
+  // Only validate state if the provider sent it back
+  if (params.state) {
+    validationOpts.state = req.session.state;
+  }
+
+  console.log('Validation options:', { hasNonce: !!validationOpts.nonce, hasState: !!validationOpts.state });
+
+  const tokenSet = await client.callback(config.oidc.redirectUri, params, validationOpts);

  const userInfo = await client.userinfo(tokenSet);

--- a/src/server.js
+++ b/src/server.js
@ -22,10 +22,18 @@ import reverseProxyMiddleware from './middleware/proxyMiddleware.js';
 const app = express();
 const FileStoreSession = FileStore(session);

-// Create sessions directory FIRST (before any middleware)
+// Create sessions directory FIRST (before any middleware) with proper permissions
+const sessionsDir = path.join(process.cwd(), 'sessions');
 try {
-  const sessionsDir = path.join(process.cwd(), 'sessions');
-  fs.mkdirSync(sessionsDir, { recursive: true });
+  // Create with mode 0o755 for read/write access
+  if (!fs.existsSync(sessionsDir)) {
+    fs.mkdirSync(sessionsDir, { recursive: true, mode: 0o755 });
+    console.log('✓ Sessions directory created at:', sessionsDir);
+  } else {
+    console.log('✓ Sessions directory exists at:', sessionsDir);
+    // Ensure proper permissions
+    fs.chmodSync(sessionsDir, 0o755);
+  }
 } catch (error) {
  console.error('✗ Failed to create sessions directory:', error);
  process.exit(1);