Handle matching wildcards

2026-05-05 12:04:14 +00:00 · 2026-04-23 21:25:13 -07:00
parent 07c7501669
commit b4f0b4e285
2 changed files with 20 additions and 2 deletions
--- a/server/routers/resource/getResourceAuthInfo.ts
+++ b/server/routers/resource/getResourceAuthInfo.ts
@@ -32,6 +32,8 @@ export type GetResourceAuthInfoResponse = {
    sso: boolean;
    blockAccess: boolean;
    url: string;
+    wildcard: boolean;
+    fullDomain: string | null;
    whitelist: boolean;
    skipToIdpId: number | null;
    orgId: string;
@@ -130,7 +132,9 @@ export async function getResourceAuthInfo(
        const headerAuthExtendedCompatibility =
            result?.resourceHeaderAuthExtendedCompatibility;

-        const url = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`;
+        const url = resource.fullDomain
+            ? `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`
+            : null;

        return response<GetResourceAuthInfoResponse>(res, {
            data: {
@@ -145,7 +149,9 @@ export async function getResourceAuthInfo(
                    headerAuthExtendedCompatibility !== null,
                sso: resource.sso,
                blockAccess: resource.blockAccess,
-                url,
+                url: url ?? "",
+                wildcard: resource.wildcard ?? false,
+                fullDomain: resource.fullDomain,
                whitelist: resource.emailWhitelistEnabled,
                skipToIdpId: resource.skipToIdpId,
                orgId: resource.orgId,
--- a/src/app/auth/resource/[resourceGuid]/page.tsx
+++ b/src/app/auth/resource/[resourceGuid]/page.tsx
@@ -106,10 +106,22 @@ export default async function ResourceAuthPage(props: {
            const redirectPort = new URL(searchParams.redirect).port;
            const serverResourceHostWithPort = `${serverResourceHost}:${redirectPort}`;

+            const wildcardMatchesRedirect = (wildcardDomain: string, host: string): boolean => {
+                if (!wildcardDomain.startsWith("*.")) return false;
+                const suffix = wildcardDomain.slice(1); // e.g. ".wildcard.owen.fosrl.io"
+                return host.endsWith(suffix) && host.length > suffix.length;
+            };
+
            if (serverResourceHost === redirectHost) {
                redirectUrl = searchParams.redirect;
            } else if (serverResourceHostWithPort === redirectHost) {
                redirectUrl = searchParams.redirect;
+            } else if (
+                authInfo.wildcard &&
+                authInfo.fullDomain &&
+                wildcardMatchesRedirect(authInfo.fullDomain, redirectHost)
+            ) {
+                redirectUrl = searchParams.redirect;
            }
        } catch (e) {}
    }