blob: 72b2bc21596dda846075958eb5c8bdd9800aa92e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
package handlers
import (
"fmt"
"net/url"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/session"
)
// CheckSafeRedirectionPOST handler checking whether the redirection to a given URL provided in body is safe.
func CheckSafeRedirectionPOST(ctx *middlewares.AutheliaCtx) {
var (
s session.UserSession
err error
)
if s, err = ctx.GetSession(); err != nil {
ctx.ReplyUnauthorized()
return
}
if s.IsAnonymous() {
ctx.ReplyUnauthorized()
return
}
var (
bodyJSON checkURIWithinDomainRequestBody
targetURI *url.URL
)
if err = ctx.ParseBody(&bodyJSON); err != nil {
ctx.Error(fmt.Errorf("unable to parse request body: %w", err), messageOperationFailed)
return
}
if targetURI, err = url.ParseRequestURI(bodyJSON.URI); err != nil {
ctx.Error(fmt.Errorf("unable to determine if uri %s is safe to redirect to: failed to parse URI '%s': %w", bodyJSON.URI, bodyJSON.URI, err), messageOperationFailed)
return
}
if err = ctx.SetJSONBody(checkURIWithinDomainResponseBody{OK: ctx.IsSafeRedirectionTargetURI(targetURI)}); err != nil {
ctx.Error(fmt.Errorf("unable to create response body: %w", err), messageOperationFailed)
return
}
}
|
