pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-09 12:16:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

verify redirects are safe before redirecting

Browse Source
This commit is contained in:
Milo Schwartz
2025-01-09 23:21:57 -05:00
parent a556339b76
commit 6c813186b8
18 changed files with 99 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/app/auth/login/page.tsx
View File

@@ -5,6 +5,7 @@ import { cache } from "react";
import DashboardLoginForm from "./DashboardLoginForm";
import { Mail } from "lucide-react";
import { pullEnv } from "@app/lib/pullEnv";
import { cleanRedirect } from "@app/lib/cleanRedirect";
export const dynamic = "force-dynamic";
@@ -25,6 +26,11 @@ export default async function Page(props: {
redirect("/");
}
let redirectUrl: string | undefined = undefined;
if (searchParams.redirect) {
redirectUrl = cleanRedirect(searchParams.redirect as string);
}
return (
<>
{isInvite && (
@@ -42,16 +48,16 @@ export default async function Page(props: {
</div>
)}
<DashboardLoginForm redirect={searchParams.redirect as string} />
<DashboardLoginForm redirect={redirectUrl} />
{(!signUpDisabled || isInvite) && (
<p className="text-center text-muted-foreground mt-4">
Don't have an account?{" "}
<Link
href={
!searchParams.redirect
!redirectUrl
? `/auth/signup`
: `/auth/signup?redirect=${searchParams.redirect}`
: `/auth/signup?redirect=${redirectUrl}`
}
className="underline"
>