merge: sync dev and finalize sub2api localhost callback flow
This commit is contained in:
@@ -42,8 +42,8 @@ function getSub2ApiOrigin(payload = {}) {
|
||||
}
|
||||
}
|
||||
|
||||
function normalizeRedirectUri(rawUrl) {
|
||||
const input = (rawUrl || '').trim() || SUB2API_DEFAULT_REDIRECT_URI;
|
||||
function normalizeRedirectUri() {
|
||||
const input = SUB2API_DEFAULT_REDIRECT_URI;
|
||||
const withProtocol = /^https?:\/\//i.test(input) ? input : `http://${input}`;
|
||||
const parsed = new URL(withProtocol);
|
||||
if (!parsed.pathname || parsed.pathname === '/') {
|
||||
@@ -288,7 +288,7 @@ function openAccountsPageSoon(origin) {
|
||||
}
|
||||
|
||||
async function step1_generateOpenAiAuthUrl(payload = {}) {
|
||||
const redirectUri = normalizeRedirectUri(payload.sub2apiRedirectUri);
|
||||
const redirectUri = normalizeRedirectUri();
|
||||
const groupName = (payload.sub2apiGroupName || SUB2API_DEFAULT_GROUP_NAME).trim() || SUB2API_DEFAULT_GROUP_NAME;
|
||||
|
||||
const { origin, token } = await loginSub2Api(payload);
|
||||
|
||||
@@ -169,7 +169,7 @@ function isLocalhostOAuthCallbackUrl(rawUrl) {
|
||||
if (!parsed) return false;
|
||||
if (!['http:', 'https:'].includes(parsed.protocol)) return false;
|
||||
if (!['localhost', '127.0.0.1'].includes(parsed.hostname)) return false;
|
||||
if (parsed.pathname !== '/auth/callback') return false;
|
||||
if (!['/auth/callback', '/codex/callback'].includes(parsed.pathname)) return false;
|
||||
|
||||
const code = (parsed.searchParams.get('code') || '').trim();
|
||||
const state = (parsed.searchParams.get('state') || '').trim();
|
||||
|
||||
Reference in New Issue
Block a user