add post auth url

server/routers/resource/authWithAccessToken.ts

@@ -14,6 +14,7 @@ import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToke
 import config from "@server/lib/config";
 import stoi from "@server/lib/stoi";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
+import { normalizePostAuthPath } from "@server/lib/normalizePostAuthPath";
 
 const authWithAccessTokenBodySchema = z.strictObject({
     accessToken: z.string(),
@@ -164,10 +165,16 @@ export async function authWithAccessToken(
             requestIp: req.ip
         });
 
+        let redirectUrl = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`;
+        const postAuthPath = normalizePostAuthPath(resource.postAuthPath);
+        if (postAuthPath) {
+            redirectUrl = redirectUrl + postAuthPath;
+        }
+
         return response<AuthWithAccessTokenResponse>(res, {
             data: {
                 session: token,
-                redirectUrl: `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`
+                redirectUrl
             },
             success: true,
             error: false,

server/routers/resource/createResource.ts

@@ -36,7 +36,8 @@ const createHttpResourceSchema = z
         http: z.boolean(),
         protocol: z.enum(["tcp", "udp"]),
         domainId: z.string(),
-        stickySession: z.boolean().optional()
+        stickySession: z.boolean().optional(),
+        postAuthPath: z.string().nullable().optional()
     })
     .refine(
         (data) => {
@@ -188,7 +189,7 @@ async function createHttpResource(
         );
     }
 
-    const { name, domainId } = parsedBody.data;
+    const { name, domainId, postAuthPath } = parsedBody.data;
     const subdomain = parsedBody.data.subdomain;
     const stickySession = parsedBody.data.stickySession;
 
@@ -255,7 +256,8 @@ async function createHttpResource(
                 http: true,
                 protocol: "tcp",
                 ssl: true,
-                stickySession: stickySession
+                stickySession: stickySession,
+                postAuthPath: postAuthPath
             })
             .returning();
 

server/routers/resource/getResourceAuthInfo.ts

@@ -35,6 +35,7 @@ export type GetResourceAuthInfoResponse = {
     whitelist: boolean;
     skipToIdpId: number | null;
     orgId: string;
+    postAuthPath: string | null;
 };
 
 export async function getResourceAuthInfo(
@@ -147,7 +148,8 @@ export async function getResourceAuthInfo(
                 url,
                 whitelist: resource.emailWhitelistEnabled,
                 skipToIdpId: resource.skipToIdpId,
-                orgId: resource.orgId
+                orgId: resource.orgId,
+                postAuthPath: resource.postAuthPath ?? null
             },
             success: true,
             error: false,

server/routers/resource/updateResource.ts

@@ -55,7 +55,8 @@ const updateHttpResourceBodySchema = z
         maintenanceModeType: z.enum(["forced", "automatic"]).optional(),
         maintenanceTitle: z.string().max(255).nullable().optional(),
         maintenanceMessage: z.string().max(2000).nullable().optional(),
-        maintenanceEstimatedTime: z.string().max(100).nullable().optional()
+        maintenanceEstimatedTime: z.string().max(100).nullable().optional(),
+        postAuthPath: z.string().nullable().optional()
     })
     .refine((data) => Object.keys(data).length > 0, {
         error: "At least one field must be provided for update"