/
handler_checks_safe_redirection.go
41 lines (33 loc) · 1.13 KB
/
handler_checks_safe_redirection.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package handlers
import (
"fmt"
"github.com/authelia/authelia/v4/internal/authentication"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/utils"
)
// CheckSafeRedirectionPOST handler checking whether the redirection to a given URL provided in body is safe.
func CheckSafeRedirectionPOST(ctx *middlewares.AutheliaCtx) {
userSession := ctx.GetSession()
if userSession.AuthenticationLevel == authentication.NotAuthenticated {
ctx.ReplyUnauthorized()
return
}
var reqBody checkURIWithinDomainRequestBody
err := ctx.ParseBody(&reqBody)
if err != nil {
ctx.Error(fmt.Errorf("unable to parse request body: %w", err), messageOperationFailed)
return
}
safe, err := utils.IsRedirectionURISafe(reqBody.URI, ctx.Configuration.Session.Domain)
if err != nil {
ctx.Error(fmt.Errorf("unable to determine if uri %s is safe to redirect to: %w", reqBody.URI, err), messageOperationFailed)
return
}
err = ctx.SetJSONBody(checkURIWithinDomainResponseBody{
OK: safe,
})
if err != nil {
ctx.Error(fmt.Errorf("unable to create response body: %w", err), messageOperationFailed)
return
}
}