Use fallback instead of 500 if callback malformed (#296)

Co-authored-by: ekzyis <ek@stacker.news>
2023-06-01 02:48:14 +02:00 · 2023-06-01 02:48:14 +02:00 · 88372b6a9e
parent 36d5478e74
commit 88372b6a9e
2 changed files with 14 additions and 2 deletions
--- a/pages/login.js
+++ b/pages/login.js
@ -7,7 +7,13 @@ import { isExternal } from '../lib/url'
 export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
  const session = await getSession({ req })

-  const external = isExternal(decodeURIComponent(callbackUrl))
+  // assume external by default so we will use fallback callback
+  let external = true;
+  try {
+    external = isExternal(decodeURIComponent(callbackUrl))
+  } catch (err) {
+    console.error("error decoding callback:", callbackUrl, err)
+  }
  if (external) {
    // This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
    callbackUrl = '/'
--- a/pages/signup.js
+++ b/pages/signup.js
@ -7,7 +7,13 @@ import { isExternal } from '../lib/url'
 export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
  const session = await getSession({ req })

-  const external = isExternal(decodeURIComponent(callbackUrl))
+  // assume external by default so we will use fallback callback
+  let external = true;
+  try {
+    external = isExternal(decodeURIComponent(callbackUrl))
+  } catch (err) {
+    console.error("error decoding callback:", callbackUrl, err)
+  }
  if (external) {
    // This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
    callbackUrl = '/'