feat: add redirectTo query parameter support for the login route handler

README.md

@@ -25,7 +25,7 @@ In addition upon every login, logout or token refresh action prxi-openid-connect
 - `PROXY_REQUEST_TIMEOUT` - [optional] timeout for the proxy requests (default value: `30000`, 30s)
 - `UPSTREAM_URL` - the upstream host URL (default value: none)
 - `HEALTH_PATH` - [optional] health check api path (default value: `/_prxi_/health`)
-- `LOGOIN_PATH` - [optional] end login endpoint path (default value: `/_prxi_/login`)
+- `LOGOIN_PATH` - [optional] end login endpoint path (default value: `/_prxi_/login`), when calling optional `redirectTo` query parameter can be passed to redirect user to given url after login
 - `LOGOUT_PATH` - [optional] end session/logout path (default value: `/_prxi_/logout`)
 - `LOG_LEVEL` - [optional] log level (default value: `info`)
 - `LOG_FILE` - [optional] log file path (default value: `/prxi/logs/prxi-openid-connect.log`)

src/handlers/LoginHandler.ts

@@ -1,10 +1,11 @@
 import { IncomingMessage, ServerResponse } from "http";
 import { HttpMethod, ProxyRequest, RequestHandlerConfig } from "prxi";
 import { getConfig } from "../config/getConfig";
-import { sendRedirect } from "../utils/ResponseUtils";
+import { invalidateAuthCookies, sendRedirect } from "../utils/ResponseUtils";
 import { OpenIDUtils } from "../utils/OpenIDUtils";
 import { Logger } from "pino";
 import getLogger from "../Logger";
+import { parse } from "url";
 
 export class LoginHandler implements RequestHandlerConfig {
   private logger: Logger;
@@ -26,6 +27,18 @@ export class LoginHandler implements RequestHandlerConfig {
   public async handle(req: IncomingMessage, res: ServerResponse, proxyRequest: ProxyRequest): Promise<void> {
     this.logger.info('Handle login request');
 
+    const { redirectTo } = parse(req.url, true).query;
+    if (redirectTo) {
+      invalidateAuthCookies(res, {
+        [getConfig().cookies.names.originalPath]: {
+          value: redirectTo.toString(),
+          expires: new Date(Date.now() + 30 * 60 * 1000), // 30 minutes
+        },
+      });
+    } else {
+      invalidateAuthCookies(res);
+    }
+
     await sendRedirect(res, OpenIDUtils.getAuthorizationUrl());
   }
 }

test/LoginHandler.suite.ts

@@ -17,4 +17,17 @@ export class LoginHandlerSuite extends BaseSuite {
       strictEqual(json.http.originalUrl, uri);
     });
   }
+
+  @test()
+  async loginWithCustomRedirect() {
+    const uri = '/api/test?q=str';
+    await this.withNewPage(getConfig().hostURL + getConfig().loginPath + `?redirectTo=${encodeURIComponent(uri)}`, async (page) => {
+      await this.loginOnKeycloak(page);
+
+      // make sure we can access the resource
+      await this.navigate(page, getConfig().hostURL + uri);
+      const json = await this.getJsonFromPage(page);
+      strictEqual(json.http.originalUrl, uri);
+    });
+  }
 }