We want to make it so that we can use only one redirect URI (gh.fredkiss.dev) but still be able to redirect to the correct subdomain (especially for preview envs: #129).
This will also enhance security and prevent CSRF attacks on the website.
Describe the work that needs to be done
Handle auth with subdomains in a radomly generated Token that is generated using nanoid as the random value (like we do for sessions) and stored in REDIS as a key with the value as the subdomain and the nextURL to redirect to, this is passed to the state querystring when forming the github redirect oauth URL, that state should be deleted after one use and expires in less than 5 minutes, with this we determine the domain to redirect to and also make sure that the request originated from our app.
What is the reason to do this refactor ?
We want to make it so that we can use only one redirect URI (
gh.fredkiss.dev) but still be able to redirect to the correct subdomain (especially for preview envs: #129).This will also enhance security and prevent CSRF attacks on the website.
Describe the work that needs to be done
Handle auth with subdomains in a radomly generated Token that is generated using
nanoidas the random value (like we do for sessions) and stored in REDIS as a key with the value as the subdomain and the nextURL to redirect to, this is passed to thestatequerystring when forming the github redirect oauth URL, that state should be deleted after one use and expires in less than 5 minutes, with this we determine the domain to redirect to and also make sure that the request originated from our app.Additional context