feat: accept return url from auth param

marjune163 · marjune163 · commit 5dca9cbe6df4 · 2024-01-30T20:51:33.000+08:00
diff --git a/doc/en-US/api.md b/doc/en-US/api.md
@@ -158,5 +158,5 @@ curl -X POST -d 'name=dir1&name=dir2&name=dir3' 'http://localhost/tmp/?delete'
 # Login
 Perform a login authentication even not required by current path:
 ```
-GET <path>?auth
+GET <path>?auth[=return_url]
 ```
diff --git a/doc/zh-CN/api.md b/doc/zh-CN/api.md
@@ -155,5 +155,5 @@ curl -X POST -d 'name=dir1&name=dir2&name=dir3' 'http://localhost/tmp/?delete'
 # 登录
 发起登录认证，即使当前路径无需验证：
 ```
-GET <path>?auth
+GET <path>?auth[=return_url]
 ```
diff --git a/src/serverHandler/auth.go b/src/serverHandler/auth.go
@@ -3,6 +3,7 @@ package serverHandler
 import (
 	"errors"
 	"net/http"
+	"net/url"
 	"strings"
 )
 
@@ -46,3 +47,26 @@ func (h *aliasHandler) verifyAuth(r *http.Request, needAuth bool) (userid int, u
 
 	return
 }
+
+func (h *aliasHandler) redirectWithoutRequestAuth(w http.ResponseWriter, r *http.Request, session *sessionContext, data *responseData) {
+	var returnUrl string
+	index := strings.Index(r.URL.RawQuery, authQueryParam+"=")
+	if index >= 0 {
+		returnUrl = r.URL.RawQuery[index+len(authQueryParam)+1:]
+		index = strings.LastIndexByte(returnUrl, '&')
+		if index >= 0 {
+			returnUrl = returnUrl[:index]
+		}
+		url, err := url.QueryUnescape(returnUrl)
+		if err == nil {
+			returnUrl = url
+		}
+	} else {
+		returnUrl = r.Header.Get("Referer")
+	}
+	if len(returnUrl) == 0 {
+		returnUrl = session.prefixReqPath + data.Context.QueryString()
+	}
+
+	http.Redirect(w, r, returnUrl, http.StatusFound)
+}
diff --git a/src/serverHandler/redirect.go b/src/serverHandler/redirect.go
@@ -9,12 +9,3 @@ func redirect(w http.ResponseWriter, r *http.Request, path string, code int) {
 	}
 	http.Redirect(w, r, target, code)
 }
-
-func (h *aliasHandler) redirectWithoutRequestAuth(w http.ResponseWriter, r *http.Request, session *sessionContext, data *responseData) {
-	returnUrl := r.Header.Get("Referer")
-	if len(returnUrl) == 0 {
-		returnUrl = session.prefixReqPath + data.Context.QueryString()
-	}
-
-	http.Redirect(w, r, returnUrl, http.StatusFound)
-}

Original file line number	Diff line number	Diff line change
`@@ -9,12 +9,3 @@ func redirect(w http.ResponseWriter, r *http.Request, path string, code int) {`
`9`	`9`	`}`
`10`	`10`	`http.Redirect(w, r, target, code)`
`11`	`11`	`}`
`12`		`-`
`13`		`-func (h aliasHandler) redirectWithoutRequestAuth(w http.ResponseWriter, r http.Request, session sessionContext, data responseData) {`
`14`		`- returnUrl := r.Header.Get("Referer")`
`15`		`- if len(returnUrl) == 0 {`
`16`		`- returnUrl = session.prefixReqPath + data.Context.QueryString()`
`17`		`- }`
`18`		`-`
`19`		`- http.Redirect(w, r, returnUrl, http.StatusFound)`
`20`		`-}`