New translations en.json (Korean)

2026-03-29 10:46:38 +00:00 · 2026-03-27 12:04:07 +01:00
7 changed files with 55 additions and 104 deletions
--- a/backend/internal/controller/oidc_controller.go
+++ b/backend/internal/controller/oidc_controller.go
@@ -89,19 +89,12 @@ type OidcController struct {
 // @Router /api/oidc/authorize [post]
 func (oc *OidcController) authorizeHandler(c *gin.Context) {
 	var input dto.AuthorizeOidcClientRequestDto
-	err := c.ShouldBindJSON(&input)
+	if err := c.ShouldBindJSON(&input); err != nil {
 	if err != nil {
 		_ = c.Error(err)
 		return
 	}
-	code, callbackURL, err := oc.oidcService.Authorize(
+	code, callbackURL, err := oc.oidcService.Authorize(c.Request.Context(), input, c.GetString("userID"), c.ClientIP(), c.Request.UserAgent())
 		c.Request.Context(),
 		input,
 		c.GetString("userID"),
 		c.ClientIP(),
 		c.Request.UserAgent(),
 	)
 	if err != nil {
 		_ = c.Error(err)
 		return
--- a/backend/internal/dto/oidc_dto.go
+++ b/backend/internal/dto/oidc_dto.go
@@ -33,8 +33,8 @@ type OidcClientWithAllowedGroupsCountDto struct {
 type OidcClientUpdateDto struct {
 	Name                     string                   `json:"name" binding:"required,max=50" unorm:"nfc"`
-	CallbackURLs             []string                 `json:"callbackURLs" binding:"omitempty,dive,callback_url_pattern"`
+	CallbackURLs             []string                 `json:"callbackURLs" binding:"omitempty,dive,callback_url"`
-	LogoutCallbackURLs       []string                 `json:"logoutCallbackURLs" binding:"omitempty,dive,callback_url_pattern"`
+	LogoutCallbackURLs       []string                 `json:"logoutCallbackURLs" binding:"omitempty,dive,callback_url"`
 	IsPublic                 bool                     `json:"isPublic"`
 	PkceEnabled              bool                     `json:"pkceEnabled"`
 	RequiresReauthentication bool                     `json:"requiresReauthentication"`
@@ -66,7 +66,7 @@ type OidcClientFederatedIdentityDto struct {
 type AuthorizeOidcClientRequestDto struct {
 	ClientID              string `json:"clientID" binding:"required"`
 	Scope                 string `json:"scope" binding:"required"`
-	CallbackURL           string `json:"callbackURL" binding:"omitempty,callback_url"`
+	CallbackURL           string `json:"callbackURL"`
 	Nonce                 string `json:"nonce"`
 	CodeChallenge         string `json:"codeChallenge"`
 	CodeChallengeMethod   string `json:"codeChallengeMethod"`
--- a/backend/internal/dto/validations.go
+++ b/backend/internal/dto/validations.go
@@ -1,9 +1,7 @@
 package dto
 import (
 	"net/url"
 	"regexp"
 	"strings"
 	"time"
 	"github.com/pocket-id/pocket-id/backend/internal/utils"
@@ -21,38 +19,38 @@ var validateUsernameRegex = regexp.MustCompile("^[a-zA-Z0-9]([a-zA-Z0-9_.@-]*[a-
 var validateClientIDRegex = regexp.MustCompile("^[a-zA-Z0-9._-]+$")
 func init() {
-	engine := binding.Validator.Engine().(*validator.Validate)
+	v := binding.Validator.Engine().(*validator.Validate)
 	// Maximum allowed value for TTLs
 	const maxTTL = 31 * 24 * time.Hour
-	validators := map[string]validator.Func{
+	if err := v.RegisterValidation("username", func(fl validator.FieldLevel) bool {
-		"username": func(fl validator.FieldLevel) bool {
+		return ValidateUsername(fl.Field().String())
-			return ValidateUsername(fl.Field().String())
+	}); err != nil {
-		},
+		panic("Failed to register custom validation for username: " + err.Error())
 		"client_id": func(fl validator.FieldLevel) bool {
 			return ValidateClientID(fl.Field().String())
 		},
 		"ttl": func(fl validator.FieldLevel) bool {
 			ttl, ok := fl.Field().Interface().(utils.JSONDuration)
 			if !ok {
 				return false
 			}
 			// Allow zero, which means the field wasn't set
 			return ttl.Duration == 0 || (ttl.Duration > time.Second && ttl.Duration <= maxTTL)
 		},
 		"callback_url": func(fl validator.FieldLevel) bool {
 			return ValidateCallbackURL(fl.Field().String())
 		},
 		"callback_url_pattern": func(fl validator.FieldLevel) bool {
 			return ValidateCallbackURLPattern(fl.Field().String())
 		},
 	}
-	for k, v := range validators {
+
-		err := engine.RegisterValidation(k, v)
+	if err := v.RegisterValidation("client_id", func(fl validator.FieldLevel) bool {
-		if err != nil {
+		return ValidateClientID(fl.Field().String())
-			panic("Failed to register custom validation for " + k + ": " + err.Error())
+	}); err != nil {
 		panic("Failed to register custom validation for client_id: " + err.Error())
 	}
 	if err := v.RegisterValidation("ttl", func(fl validator.FieldLevel) bool {
 		ttl, ok := fl.Field().Interface().(utils.JSONDuration)
 		if !ok {
 			return false
 		}
 		// Allow zero, which means the field wasn't set
 		return ttl.Duration == 0 || (ttl.Duration > time.Second && ttl.Duration <= maxTTL)
 	}); err != nil {
 		panic("Failed to register custom validation for ttl: " + err.Error())
 	}
 	if err := v.RegisterValidation("callback_url", func(fl validator.FieldLevel) bool {
 		return ValidateCallbackURL(fl.Field().String())
 	}); err != nil {
 		panic("Failed to register custom validation for callback_url: " + err.Error())
 	}
 }
@@ -66,24 +64,8 @@ func ValidateClientID(clientID string) bool {
 	return validateClientIDRegex.MatchString(clientID)
 }
-// ValidateCallbackURL validates the input callback URL
+// ValidateCallbackURL validates callback URLs with support for wildcards
-func ValidateCallbackURL(str string) bool {
+func ValidateCallbackURL(raw string) bool {
 	// Ensure the URL is a valid one and that the protocol is not "javascript:" or "data:"
 	u, err := url.Parse(str)
 	if err != nil {
 		return false
 	}
 	switch strings.ToLower(u.Scheme) {
 	case "javascript", "data":
 		return false
 	default:
 		return true
 	}
 }
 // ValidateCallbackURLPattern validates callback URL patterns, with support for wildcards
 func ValidateCallbackURLPattern(raw string) bool {
 	err := utils.ValidateCallbackURLPattern(raw)
 	return err == nil
 }
--- a/backend/internal/dto/validations_test.go
+++ b/backend/internal/dto/validations_test.go
@@ -57,28 +57,3 @@ func TestValidateClientID(t *testing.T) {
 		})
 	}
 }
 func TestValidateCallbackURL(t *testing.T) {
 	tests := []struct {
 		name     string
 		input    string
 		expected bool
 	}{
 		{"valid https URL", "https://example.com/callback", true},
 		{"valid loopback URL", "http://127.0.0.1:49813/callback", true},
 		{"empty scheme", "//127.0.0.1:49813/callback", true},
 		{"valid custom scheme", "pocketid://callback", true},
 		{"invalid malformed URL", "http://[::1", false},
 		{"invalid missing scheme separator", "://example.com/callback", false},
 		{"rejects javascript scheme", "javascript:alert(1)", false},
 		{"rejects mixed case javascript scheme", "JavaScript:alert(1)", false},
 		{"rejects data scheme", "data:text/html;base64,PGgxPkhlbGxvPC9oMT4=", false},
 		{"rejects mixed case data scheme", "DaTa:text/html;base64,PGgxPkhlbGxvPC9oMT4=", false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			assert.Equal(t, tt.expected, ValidateCallbackURL(tt.input))
 		})
 	}
 }
--- a/backend/internal/service/oidc_service.go
+++ b/backend/internal/service/oidc_service.go
@@ -125,7 +125,9 @@ func (s *OidcService) getJWKCache(ctx context.Context) (*jwk.Cache, error) {
 func (s *OidcService) Authorize(ctx context.Context, input dto.AuthorizeOidcClientRequestDto, userID, ipAddress, userAgent string) (string, string, error) {
 	tx := s.db.Begin()
-	defer tx.Rollback()
+	defer func() {
 		tx.Rollback()
 	}()
 	var client model.OidcClient
 	err := tx.
--- a/frontend/messages/ko.json
+++ b/frontend/messages/ko.json
@@ -490,7 +490,7 @@
 	"scim_provisioning_description": "SCIM 프로비저닝을 통해 OIDC 클라이언트에서 사용자 및 그룹을 자동으로 프로비저닝 및 디프로비저닝할 수 있습니다. 자세한 내용은 <link href='https://pocket-id.org/docs/configuration/scim'>문서를</link> 참조하세요.",
 	"scim_endpoint": "SCIM 엔드포인트",
 	"scim_token": "SCIM 토큰",
-	"last_successful_sync_at": "마지막 성공적인 동기화: {time}",
+	"last_successful_sync_at": "마지막 동기화 성공: {time}",
 	"scim_configuration_updated_successfully": "SCIM 구성이 성공적으로 업데이트되었습니다.",
 	"scim_enabled_successfully": "SCIM이 성공적으로 활성화되었습니다.",
 	"scim_disabled_successfully": "SCIM이 성공적으로 비활성화되었습니다.",
--- a/frontend/src/routes/authorize/+page.svelte
+++ b/frontend/src/routes/authorize/+page.svelte
@@ -71,16 +71,19 @@
 				reauthToken = await webauthnService.reauthenticate(authResponse);
 			}
-			const authResult = await oidService.authorize(
+			await oidService
-				client!.id,
+				.authorize(
-				scope,
+					client!.id,
-				callbackURL,
+					scope,
-				nonce,
+					callbackURL,
-				codeChallenge,
+					nonce,
-				codeChallengeMethod,
+					codeChallenge,
-				reauthToken
+					codeChallengeMethod,
-			);
+					reauthToken
-			onSuccess(authResult.code, authResult.callbackURL, authResult.issuer);
+				)
 				.then(async ({ code, callbackURL, issuer }) => {
 					onSuccess(code, callbackURL, issuer);
 				});
 		} catch (e) {
 			errorMessage = getWebauthnErrorMessage(e);
 			isLoading = false;
@@ -88,17 +91,13 @@
 	}
 	function onSuccess(code: string, callbackURL: string, issuer: string) {
 		const redirectURL = new URL(callbackURL);
 		if (redirectURL.protocol == 'javascript:' || redirectURL.protocol == 'data:') {
 			throw new Error('Invalid redirect URL protocol');
 		}
 		redirectURL.searchParams.append('code', code);
 		redirectURL.searchParams.append('state', authorizeState);
 		redirectURL.searchParams.append('iss', issuer);
 		success = true;
 		setTimeout(() => {
 			const redirectURL = new URL(callbackURL);
 			redirectURL.searchParams.append('code', code);
 			redirectURL.searchParams.append('state', authorizeState);
 			redirectURL.searchParams.append('iss', issuer);
 			window.location.href = redirectURL.toString();
 		}, 1000);
 	}