GitFOSS

// 3rd-party
import type { ReqHandler } from "@ethicdevs/react-monolith";
// app
import { AppRoute, AppRouteParams } from "../../routes.defs";
import LoginView, { LoginViewProps } from "../../views/auth/LoginView";

const getLoginView: ReqHandler<AppRouteParams, AppRoute.AUTH_LOGIN> = (
  request,
  reply
) => {
  const { after_login_goto } = request.query;

  if (after_login_goto != null && after_login_goto.trim().startsWith("/")) {
    // ! TODO(security):
    // ! - [x] check that path is not an external url (avoid open redirect attack)
    // ! - [ ] check that path belongs to a registered route (how?)
    // ! - [ ] **do not** honour requests when both conditions ^ are not met

    request.session.data.auth_redirect_to = after_login_goto;
  }

  const reqHandler = reply.makeRequestHandler(request, reply);
  return reqHandler<LoginViewProps>(LoginView.name, {});
};

export default getLoginView;