Merge pull request #78 from ansopedia/feat/redirect-on-google-sign-in

Enhance Google Sign-In API to Support Redirect After Login
ansopedia · Oct 22, 2024 · c24ae27 · c24ae27
2 parents 4a10ee6 + 43eb328
commit c24ae27
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 8 deletions.
diff --git a/src/api/v1/auth/auth.controller.ts b/src/api/v1/auth/auth.controller.ts
@@ -2,7 +2,7 @@ import { NextFunction, Request, Response } from "express";
 
 import { STATUS_CODES, envConstants } from "@/constants";
 import { GoogleUser } from "@/types/passport-google";
-import { sendResponse } from "@/utils";
+import { isValidRedirectUrl, sendResponse } from "@/utils";
 
 import { success } from "./auth.constant";
 import { AuthService } from "./auth.service";
@@ -58,14 +58,24 @@ export class AuthController {
 
       // TODO: used action token instead of access token
       res.cookie("access-token", accessToken, {
-        httpOnly: false,
+        httpOnly: true,
         secure: true,
         sameSite: "strict",
         maxAge: 60000, // 1 minute
       });
 
-      // Instead of sending a JSON response, redirect to the client's URL
-      res.redirect(`${envConstants.CLIENT_URL}/login?success=true`);
+      // Validate and sanitize the redirect URL
+      const state = req.query.state as string;
+      let redirectUrl = `${envConstants.CLIENT_URL}/profile?success=true`; // Default redirect URL
+
+      if (state) {
+        const decodedUrl = Buffer.from(state, "base64").toString("utf-8");
+        if (isValidRedirectUrl(decodedUrl)) {
+          redirectUrl = decodedUrl;
+        }
+      }
+
+      res.redirect(redirectUrl);
     } catch (error) {
       next(error);
     }

diff --git a/src/middlewares/passport.ts b/src/middlewares/passport.ts
@@ -19,5 +19,7 @@ export const signInWithGoogleCallback = (req: Request, res: Response, next: Next
   passport.authenticate("google", {
     session: false,
     failureRedirect: `${envConstants.CLIENT_URL}/login?error=failed`,
+    // Pass the state parameter to the callback
+    state: req.query.state as string | undefined,
   })(req, res, next);
 };
diff --git a/src/types/index.d.ts b/src/types/index.d.ts
@@ -4,9 +4,5 @@ declare global {
     interface Request {
       user: CreateUser;
     }
-
-    interface User extends GoogleUser {
-      id: string;
-    }
   }
 }
diff --git a/src/types/passport-google.d.ts → src/types/passport-google.ts b/src/types/passport-google.d.ts → src/types/passport-google.ts
diff --git a/src/utils/helper.util.ts b/src/utils/helper.util.ts
@@ -1,5 +1,7 @@
 import { Request } from "express";
 
+import { envConstants } from "@/constants";
+
 export const getServerURL = (req: Request) => {
   return `${req.protocol}://${req.get("host")}`;
 };
@@ -8,3 +10,12 @@ export const generateRandomUsername = (): string => {
   const randomString = Math.random().toString(36).substring(2, 10);
   return `user_${randomString}`;
 };
+
+export const isValidRedirectUrl = (url: string): boolean => {
+  try {
+    const parsedUrl = new URL(url);
+    return parsedUrl.origin === envConstants.CLIENT_URL;
+  } catch {
+    return false;
+  }
+};