stacker.news/pages/login.js

import { providers, getSession } from 'next-auth/client'
import Link from 'next/link'
import LayoutStatic from '../components/layout-static'
import Login from '../components/login'

export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
  const session = await getSession({ req })

  const regex = /^https?:\/\/stacker.news\//
  const external = !regex.test(decodeURIComponent(callbackUrl))
  if (external) {
    // This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
    // TODO: Add redirect notice to warn users
    return res.status(500).end()
  }

  if (session && res && callbackUrl) {
    res.writeHead(302, {
      Location: callbackUrl
    })
    res.end()
    return { props: {} }
  }

  return {
    props: {
      providers: await providers({ req, res }),
      callbackUrl,
      error
    }
  }
}

function LoginFooter ({ callbackUrl }) {
  return (
    <small className='font-weight-bold text-muted pt-4'>Don't have an account? <Link href={{ pathname: '/signup', query: { callbackUrl } }}>sign up</Link></small>
  )
}

export default function LoginPage (props) {
  return (
    <LayoutStatic>
      <Login
        Footer={() => <LoginFooter callbackUrl={props.callbackUrl} />}
        {...props}
      />
    </LayoutStatic>
  )
}
create invite page 2021-10-15 17:56:54 +00:00			`import { providers, getSession } from 'next-auth/client'`
sign up buttons 2023-01-10 00:33:44 +00:00			`import Link from 'next/link'`
nostr sub 2023-05-01 20:58:30 +00:00			`import LayoutStatic from '../components/layout-static'`
create invite page 2021-10-15 17:56:54 +00:00			`import Login from '../components/login'`
custom auth page 2021-04-24 21:05:07 +00:00
			`export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {`
			`const session = await getSession({ req })`

Fix slash after stacker.news not required The slash should be required else we could still redirect to external sites. For example, a site could just use "stacker.news" as a subdomain: https://stacker.news.mallory.com/ 2023-05-07 12:13:53 +00:00			`const regex = /^https?:\/\/stacker.news\//`
Return 500 if callback URL is external 2023-05-07 11:59:19 +00:00			`const external = !regex.test(decodeURIComponent(callbackUrl))`
			`if (external) {`
			`// This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264`
			`// TODO: Add redirect notice to warn users`
			`return res.status(500).end()`
			`}`

make callback url on login great again 2021-08-12 23:48:27 +00:00			`if (session && res && callbackUrl) {`
custom auth page 2021-04-24 21:05:07 +00:00			`res.writeHead(302, {`
			`Location: callbackUrl`
			`})`
			`res.end()`
ranking mostly 2021-04-27 21:30:58 +00:00			`return { props: {} }`
custom auth page 2021-04-24 21:05:07 +00:00			`}`

			`return {`
			`props: {`
			`providers: await providers({ req, res }),`
create invite page 2021-10-15 17:56:54 +00:00			`callbackUrl,`
custom auth page 2021-04-24 21:05:07 +00:00			`error`
			`}`
			`}`
			`}`

sign up buttons 2023-01-10 00:33:44 +00:00			`function LoginFooter ({ callbackUrl }) {`
			`return (`
			`<small className='font-weight-bold text-muted pt-4'>Don't have an account? <Link href={{ pathname: '/signup', query: { callbackUrl } }}>sign up</Link></small>`
			`)`
			`}`

			`export default function LoginPage (props) {`
			`return (`
nostr sub 2023-05-01 20:58:30 +00:00			`<LayoutStatic>`
global modal + small fixes/enhancements 2023-01-10 23:13:37 +00:00			`<Login`
			`Footer={() => <LoginFooter callbackUrl={props.callbackUrl} />}`
			`{...props}`
			`/>`
nostr sub 2023-05-01 20:58:30 +00:00			`</LayoutStatic>`
sign up buttons 2023-01-10 00:33:44 +00:00			`)`
			`}`