diff --git a/.env.example b/.env.example index deba5fa..f38317c 100644 --- a/.env.example +++ b/.env.example @@ -18,3 +18,4 @@ SPOTIFY_CLIENT_ID= SPOTIFY_SECRET= ANILIST_SECRET= ANILIST_CLIENT_ID= +BACK_URL= diff --git a/api/src/Api/OIDC.hs b/api/src/Api/OIDC.hs index 1f6e793..fd96da9 100644 --- a/api/src/Api/OIDC.hs +++ b/api/src/Api/OIDC.hs @@ -40,34 +40,34 @@ urlHandler :: Service -> Maybe String -> AppM NoContent urlHandler _ Nothing = throwError err400 urlHandler Anilist (Just r) = do clientId <- liftIO $ envAsString "ANILIST_CLIENT_ID" "" - backRedirect <- liftIO $ envAsString "BACK_REDIRECT_URL" "" + backRedirect <- liftIO $ envAsString "BACK_URL" "" throwError $ err302 { errHeaders = - [("Location", B8.pack $ "https://anilist.co/api/v2/oauth/authorize?client_id=" ++ clientId ++ "&response_type=code&redirect_uri=" ++ backRedirect ++ "&state=" ++ r)] } + [("Location", B8.pack $ "https://anilist.co/api/v2/oauth/authorize?client_id=" ++ clientId ++ "&response_type=code&redirect_uri=" ++ backRedirect ++ "auth/redirect" ++ "&state=" ++ r)] } urlHandler Discord (Just r) = do clientId <- liftIO $ envAsString "DISCORD_CLIENT_ID" "" - backRedirect <- liftIO $ envAsString "BACK_REDIRECT_URL" "" + backRedirect <- liftIO $ envAsString "BACK_URL" "" throwError $ err302 { errHeaders = - [("Location", B8.pack $ "https://discord.com/api/oauth2/authorize?response_type=code&scope=identify%20guilds%20messages.read%20activities.write%20webhook.incoming&client_id=" ++ clientId ++ "&response_type=code&redirect_uri=" ++ backRedirect ++ "&state=" ++ r)] } + [("Location", B8.pack $ "https://discord.com/api/oauth2/authorize?response_type=code&scope=identify%20guilds%20messages.read%20activities.write%20webhook.incoming&client_id=" ++ clientId ++ "&response_type=code&redirect_uri=" ++ backRedirect ++ "auth/redirect" ++ "&state=" ++ r)] } urlHandler Google (Just r) = do clientId <- liftIO $ envAsString "GOOGLE_CLIENT_ID" "" - backRedirect <- liftIO $ envAsString "BACK_REDIRECT_URL" "" + backRedirect <- liftIO $ envAsString "BACK_URL" "" throwError $ err302 { errHeaders = - [("Location", B8.pack $ "https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/youtube.force-ssl&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "&state=" ++ r)] } + [("Location", B8.pack $ "https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/youtube.force-ssl&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "auth/redirect" ++ "&state=" ++ r)] } urlHandler Twitter (Just r) = do clientId <- liftIO $ envAsString "TWITTER_CLIENT_ID" "" - backRedirect <- liftIO $ envAsString "BACK_REDIRECT_URL" "" + backRedirect <- liftIO $ envAsString "BACK_URL" "" throwError $ err302 { errHeaders = - [("Location", B8.pack $ "https://twitter.com/i/oauth2/authorize?response_type=code&scope=like.write like.read follows.read follows.write offline.access tweet.read tweet.write&code_challenge=challenge&code_challenge_method=plain&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "&state=" ++ r)] } + [("Location", B8.pack $ "https://twitter.com/i/oauth2/authorize?response_type=code&scope=like.write like.read follows.read follows.write offline.access tweet.read tweet.write&code_challenge=challenge&code_challenge_method=plain&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "auth/redirect" ++ "&state=" ++ r)] } urlHandler Spotify (Just r) = do clientId <- liftIO $ envAsString "SPOTIFY_CLIENT_ID" "" - backRedirect <- liftIO $ envAsString "BACK_REDIRECT_URL" "" + backRedirect <- liftIO $ envAsString "BACK_URL" "" throwError $ err302 { errHeaders = - [("Location", B8.pack $ "https://accounts.spotify.com/authorize?response_type=code&scope=user-library-read&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "&state=" ++ r)] } + [("Location", B8.pack $ "https://accounts.spotify.com/authorize?response_type=code&scope=user-library-read&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "auth/redirect" ++ "&state=" ++ r)] } urlHandler Github (Just r) = do clientId <- liftIO $ envAsString "GITHUB_CLIENT_ID" "" - backRedirect <- liftIO $ envAsString "BACK_REDIRECT_URL" "" + backRedirect <- liftIO $ envAsString "BACK_URL" "" throwError $ err302 { errHeaders = - [("Location", B8.pack $ "https://github.com/login/oauth/authorize?response_type=code&scope=repo&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "&state=" ++ r)] } + [("Location", B8.pack $ "https://github.com/login/oauth/authorize?response_type=code&scope=repo&client_id=" ++ clientId ++ "&redirect_uri=" ++ backRedirect ++ "auth/redirect" ++ "&state=" ++ r)] } servicesHandler :: AuthRes -> AppM [String] servicesHandler (Authenticated (User uid name slug)) = do diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index adce781..df818fd 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -17,6 +17,7 @@ services: depends_on: - "db" environment: + - BACK_URL=${BACK_URL} - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_HOST=${POSTGRES_HOST} diff --git a/docker-compose.yml b/docker-compose.yml index ef75283..feedd51 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -42,6 +42,7 @@ services: - POSTGRES_PORT=${POSTGRES_PORT} - WORKER_API_KEY=${WORKER_API_KEY} - WORKER_URL=${WORKER_URL} + - BACK_URL=${BACK_URL} - DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID} - DISCORD_SECRET=${DISCORD_SECRET} - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}