From 88372b6a9e071da85307cef59b1c8eb6208b30f9 Mon Sep 17 00:00:00 2001
From: ekzyis <27162016+ekzyis@users.noreply.github.com>
Date: Thu, 1 Jun 2023 02:48:14 +0200
Subject: [PATCH] Use fallback instead of 500 if callback malformed (#296)

Co-authored-by: ekzyis <ek@stacker.news>
---
 pages/login.js  | 8 +++++++-
 pages/signup.js | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/pages/login.js b/pages/login.js
index b167aa07..13eea733 100644
--- a/pages/login.js
+++ b/pages/login.js
@@ -7,7 +7,13 @@ import { isExternal } from '../lib/url'
 export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
   const session = await getSession({ req })
 
-  const external = isExternal(decodeURIComponent(callbackUrl))
+  // assume external by default so we will use fallback callback
+  let external = true;
+  try {
+    external = isExternal(decodeURIComponent(callbackUrl))
+  } catch (err) {
+    console.error("error decoding callback:", callbackUrl, err)
+  }
   if (external) {
     // This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
     callbackUrl = '/'
diff --git a/pages/signup.js b/pages/signup.js
index 1a2b7389..697837f3 100644
--- a/pages/signup.js
+++ b/pages/signup.js
@@ -7,7 +7,13 @@ import { isExternal } from '../lib/url'
 export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
   const session = await getSession({ req })
 
-  const external = isExternal(decodeURIComponent(callbackUrl))
+  // assume external by default so we will use fallback callback
+  let external = true;
+  try {
+    external = isExternal(decodeURIComponent(callbackUrl))
+  } catch (err) {
+    console.error("error decoding callback:", callbackUrl, err)
+  }
   if (external) {
     // This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
     callbackUrl = '/'