erin/graph-editor
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

use redirect locations from state

Browse source
This commit is contained in:
Erin 2023-11-12 13:02:54 -05:00
parent 80415104e5
commit bf09096740
1 changed files with 25 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
src/routes/auth/[provider]/callback/+page.server.ts
View file

@ -18,30 +18,6 @@ export const load: PageServerLoad = async event => {
throw redirect(302, '/');
}
// check for errors from the provider
// TODO: this is still technically provider-specific and should be split out
// into the provider implementations since different providers can call back
// with different parameters
const errorCode = event.url.searchParams.get('error');
const errorDescription = event.url.searchParams.get('error_description');
// if the user cancelled the login, redirect home gracefully
if (errorCode === 'access_denied') {
throw redirect(302, '/');
}
// if another error was encountered, return the error information only
if (errorCode) {
return {
error: {
code: errorCode,
description: errorDescription ?? '',
},
};
}
const providerImpl = authProviderImplementations[provider];
// retrieve the state we stored for this session and compare against the
// state we received from the provider
const dataSource = await getDataSource();
@ -58,13 +34,37 @@ export const load: PageServerLoad = async event => {
if (!storedState || !receivedState || storedState.state !== receivedState) {
return {
error: {
code: 'consumer_state_mismatch',
code: 'state_mismatch',
description:
`Expected state ${storedState?.state}, received ${receivedState}`,
},
};
}
// check for errors from the provider
// TODO: this is still technically provider-specific and should be split out
// into the provider implementations since different providers can call back
// with different parameters
const errorCode = event.url.searchParams.get('error');
const errorDescription = event.url.searchParams.get('error_description');
// if the user cancelled the login, redirect home gracefully
if (errorCode === 'access_denied') {
throw redirect(302, storedState.prev);
}
// if another error was encountered, return the error information only
if (errorCode) {
return {
error: {
code: errorCode,
description: errorDescription ?? '',
},
};
}
const providerImpl = authProviderImplementations[provider];
const code = event.url.searchParams.get('code');
if (!code) {
return {