Use port from the request while calculating the redirection url. (#298)

gkrajniak · gkrajniaksap · web-flow · commit 07284891264a · 2025-10-21T13:39:46.000+02:00
Co-authored-by: Grzegorz Krajniak &lt;grzegorz.krajniak@sap.com&gt;
diff --git a/README.md b/README.md
@@ -3,20 +3,20 @@
 ![Build Status](https://github.com/openmfp/portal-server-lib/actions/workflows/pipeline.yaml/badge.svg)
 [![REUSE status](https://api.reuse.software/badge/github.com/openmfp/portal-server-lib)](https://api.reuse.software/info/github.com/openmfp/portal-server-lib)
 
-This library help you to set up a [Nest.js](https://nestjs.com/) server to serve a dynamic luigi configuration.
+This library helps you to set up a [Nest.js](https://nestjs.com/) server to serve a dynamic luigi configuration.
 It is closely related to the [portal ui library](https://github.com/openmfp/portal-ui-lib).
 
-Main features of this library are:
+The main features of this library are:
 
-- Provide a Dynamic Luigi configuration, without the need to deploy a library
+- Provide a Dynamic Luigi configuration without the need to deploy a library
 - Authentication capabilities with GitHub and Auth Server
 - Dynamic development capabilities - Embed your local MicroFrontend into a running luigi frame.
 
 # Getting started
 
-## Set up environment
+## Set up an environment
 
-In order to be able to use the library following environment properties have to be provided:
+To be able to use the library, the following environment properties have to be provided:
 
 - **Mandatory**
 
@@ -32,15 +32,15 @@ In order to be able to use the library following environment properties have to
 
 - **Optional**
 
-| Property name           | Description                                                                                                                                                                                                 |
-| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| HEALTH_CHECK_INTERVAL   | The interval in _milliseconds_ at which the application performs health checks to ensure its components are functioning correctly. Default 2000 ms.                                                         |
-| LOGOUT_REDIRECT_URL     | The url to redirect user after logout action, by default _/logout_.                                                                                                                                         |
-| ENVIRONMENT             | This property indicates the environment in which the application is running, _local_ indicates development environment.                                                                                     |
-| DEVELOPMENT_INSTANCE    | This property indicates if the portal runs in development mode.                                                                                                                                             |
-| FRONTEND_PORT           | Set the port number on which the frontend of the application will run in _local_ environment.                                                                                                               |
+| Property name           | Description                                                                                                                                                                                                |
+| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| HEALTH_CHECK_INTERVAL   | The interval in _milliseconds_ at which the application performs health checks to ensure its components are functioning correctly. Default 2000 ms.                                                        |
+| LOGOUT_REDIRECT_URL     | The url to redirect user after logout action, by default _/logout_.                                                                                                                                        |
+| ENVIRONMENT             | This property indicates the environment in which the application is running, _local_ indicates development environment.                                                                                    |
+| DEVELOPMENT_INSTANCE    | This property indicates if the portal runs in development mode.                                                                                                                                            |
+| FRONTEND_PORT           | Set the port number on which the frontend of the application will run.                                                                                                               |
 | VALID_WEBCOMPONENT_URLS | To enable CORS Web component Loading: basically you need to add external domains where the Web Components are hosted; `".?"` in this examle, we are sepcify that we can load Web Components from everyhere. |
-| FEATURE_TOGGLES         | Comma separated values of features following the convention `featureName=boolean`. Boolean value indicates is the feature is on/off (true/false)                                                            |
+| FEATURE_TOGGLES         | Comma separated values of features following the convention `featureName=boolean`. Boolean value indicates is the feature is on/off (true/false)                                                           |
 
 Below is an example of a `.env` file for configuring the application:
 
@@ -101,8 +101,8 @@ bootstrap();
 
 ## Requirements
 
-The portal requires a installation of node.js and npm.
-Checkout the [package.json](package.json) for the required node version and dependencies.
+The portal requires an installation of node.js and npm.
+Check out the [package.json](package.json) for the required node version and dependencies.
 
 ## Contributing
 
diff --git a/src/auth/auth-token.service.spec.ts b/src/auth/auth-token.service.spec.ts
@@ -188,7 +188,7 @@ describe('AuthTokenService', () => {
       // Arrange
       requestMock.hostname = 'localhost';
       requestMock.protocol = 'http';
-      process.env['FRONTEND_PORT'] = '4700';
+      requestMock.headers = { host: 'localhost:4700' };
       const env = await authConfigService.getAuthConfig(requestMock);
       const code = 'secret code';
 
@@ -211,7 +211,6 @@ describe('AuthTokenService', () => {
       await expect(authTokenResponsePromise).rejects.toThrow(
         'Error response from auth token server: AxiosError: Request failed with status code 500',
       );
-      delete process.env['FRONTEND_PORT'];
     });
   });
 });
diff --git a/src/auth/auth-token.service.ts b/src/auth/auth-token.service.ts
@@ -1,16 +1,15 @@
-import { EnvService } from '../env/index.js';
 import { AUTH_CONFIG_INJECTION_TOKEN } from '../injection-tokens.js';
 import { CookiesService } from '../services/index.js';
 import {
   AuthConfigService,
   ServerAuthVariables,
 } from './auth-config.service.js';
+import { getRedirectUri } from './redirect-uri.js';
 import { HttpService } from '@nestjs/axios';
 import { Inject, Injectable } from '@nestjs/common';
 import { AxiosError } from 'axios';
 import type { Request, Response } from 'express';
 import { catchError, firstValueFrom } from 'rxjs';
-import { getRedirectUri } from './redirect-uri.js';
 
 export interface AuthTokenData {
   access_token: string;
@@ -27,7 +26,6 @@ export class AuthTokenService {
   constructor(
     @Inject(AUTH_CONFIG_INJECTION_TOKEN)
     private authConfigService: AuthConfigService,
-    private envService: EnvService,
     private httpService: HttpService,
     private cookiesService: CookiesService,
   ) {}
@@ -44,7 +42,7 @@ export class AuthTokenService {
     code: string,
   ): Promise<AuthTokenData> {
     const authConfig = await this.authConfigService.getAuthConfig(request);
-    const redirectUri = getRedirectUri(request, this.envService.getEnv());
+    const redirectUri = getRedirectUri(request);
 
     const body = new URLSearchParams({
       client_id: authConfig.clientId,
diff --git a/src/auth/redirect-uri.spec.ts b/src/auth/redirect-uri.spec.ts
@@ -1,61 +1,86 @@
 import { getRedirectUri } from './redirect-uri.js';
 import type { Request } from 'express';
-import { EnvVariables } from '../env/env.service.js';
 
 describe('getRedirectUri', () => {
-    const baseEnv: EnvVariables = {
-        frontendPort: '3000',
-    } as any;
+  const makeReq = (options: Partial<Request>): Request =>
+    ({
+      headers: options.headers || {},
+      hostname: options.hostname || 'example.com',
+      protocol: options.protocol || 'http',
+    }) as Request;
 
-    const makeReq = (headers: Record<string, any> = {}, hostname = 'example.com', protocol = 'http'): Request =>
-        ({
-            headers,
-            hostname,
-            protocol,
-        } as Request);
-
-    it('uses x-forwarded-proto and x-forwarded-host when present', () => {
-        const req = makeReq({
-            'x-forwarded-proto': 'https',
-            'x-forwarded-host': 'forwarded.com',
-        });
-        const result = getRedirectUri(req, baseEnv);
-        expect(result).toBe('https://forwarded.com:3000/callback?storageType=none');
+  it('uses x-forwarded headers for proto, host, and port', () => {
+    const req = makeReq({
+      headers: {
+        'x-forwarded-proto': 'https',
+        'x-forwarded-host': 'forwarded.com',
+        'x-forwarded-port': '8443',
+      },
     });
+    const result = getRedirectUri(req);
+    expect(result).toBe('https://forwarded.com:8443/callback?storageType=none');
+  });
 
-    it('uses first value when x-forwarded-proto and host are arrays', () => {
-        const req = makeReq({
-            'x-forwarded-proto': ['https', 'http'],
-            'x-forwarded-host': ['multi.com:8080', 'other.com'],
-        });
-        const result = getRedirectUri(req, baseEnv);
-        expect(result).toBe('https://multi.com:3000/callback?storageType=none');
+  it('handles x-forwarded headers as arrays', () => {
+    const req = makeReq({
+      headers: {
+        'x-forwarded-proto': ['https', 'http'],
+        'x-forwarded-host': ['multi.com:8080', 'other.com'],
+        'x-forwarded-port': ['8081', '8082'],
+      },
     });
+    const result = getRedirectUri(req);
+    expect(result).toBe('https://multi.com:8081/callback?storageType=none');
+  });
 
-    it('falls back to request protocol and hostname if headers missing', () => {
-        const req = makeReq({}, 'local.dev', 'http');
-        const result = getRedirectUri(req, baseEnv);
-        expect(result).toBe('http://local.dev:3000/callback?storageType=none');
+  it('omits standard ports 80 and 443', () => {
+    const req80 = makeReq({
+      headers: {
+        'x-forwarded-proto': 'http',
+        'x-forwarded-host': 'plain.com',
+        'x-forwarded-port': '80',
+      },
     });
-
-    it('omits port if standard (80 or 443)', () => {
-        const env80 = { frontendPort: '80' } as EnvVariables;
-        const env443 = { frontendPort: '443' } as EnvVariables;
-        const req = makeReq({ 'x-forwarded-proto': 'https', 'x-forwarded-host': 'secure.com' });
-        expect(getRedirectUri(req, env80)).toBe('https://secure.com/callback?storageType=none');
-        expect(getRedirectUri(req, env443)).toBe('https://secure.com/callback?storageType=none');
+    const req443 = makeReq({
+      headers: {
+        'x-forwarded-proto': 'https',
+        'x-forwarded-host': 'secure.com',
+        'x-forwarded-port': '443',
+      },
     });
+    expect(getRedirectUri(req80)).toBe(
+      'http://plain.com/callback?storageType=none',
+    );
+    expect(getRedirectUri(req443)).toBe(
+      'https://secure.com/callback?storageType=none',
+    );
+  });
 
-    it('omits port if env.frontendPort is empty', () => {
-        const envEmpty = { frontendPort: '' } as EnvVariables;
-        const req = makeReq({ 'x-forwarded-proto': 'https', 'x-forwarded-host': 'noport.com' });
-        const result = getRedirectUri(req, envEmpty);
-        expect(result).toBe('https://noport.com/callback?storageType=none');
+  it('falls back to host header port when x-forwarded-port missing', () => {
+    const req = makeReq({
+      headers: {
+        host: 'local.dev:3000',
+        'x-forwarded-proto': 'http',
+      },
     });
+    const result = getRedirectUri(req);
+    expect(result).toBe('http://example.com:3000/callback?storageType=none');
+  });
+
+  it('falls back to request protocol and hostname if no headers', () => {
+    const req = makeReq({ hostname: 'app.local', protocol: 'http' });
+    const result = getRedirectUri(req);
+    expect(result).toBe('http://app.local/callback?storageType=none');
+  });
 
-    it('extracts hostname correctly when x-forwarded-host includes port', () => {
-        const req = makeReq({ 'x-forwarded-proto': 'https', 'x-forwarded-host': 'withport.com:8080' });
-        const result = getRedirectUri(req, baseEnv);
-        expect(result).toBe('https://withport.com:3000/callback?storageType=none');
+  it('extracts hostname correctly from x-forwarded-host with port', () => {
+    const req = makeReq({
+      headers: {
+        'x-forwarded-proto': 'https',
+        'x-forwarded-host': 'withport.com:9090',
+      },
     });
+    const result = getRedirectUri(req);
+    expect(result).toBe('https://withport.com/callback?storageType=none');
+  });
 });
diff --git a/src/auth/redirect-uri.ts b/src/auth/redirect-uri.ts
@@ -1,29 +1,34 @@
 import type { Request } from 'express';
-import {EnvVariables} from "../env/env.service.js";
 
 /**
  *  Redirection URL is calculated based on the incoming request
  */
-export const getRedirectUri = (request: Request, env: EnvVariables)=> {
-    const isStandardOrEmptyPort =
-        env.frontendPort === '80' ||
-        env.frontendPort === '443' ||
-        !env.frontendPort;
-    const port = isStandardOrEmptyPort ? '' : ':' + env.frontendPort;
+export const getRedirectUri = (request: Request) => {
+  const forwardedPort = request.headers['x-forwarded-port'];
+  const forwardedPortValue = Array.isArray(forwardedPort)
+    ? forwardedPort[0]
+    : forwardedPort;
+  const requestHostPort = request.headers.host?.split(':')[1];
+  const portFromRequest =
+    process.env.FRONTEND_PORT || forwardedPortValue || requestHostPort || '';
 
-    const forwardedProto = request.headers['x-forwarded-proto'];
-    const forwardedProtoValue = Array.isArray(forwardedProto)
-        ? forwardedProto[0]
-        : forwardedProto;
-    const protocol = forwardedProtoValue || request.protocol;
+  const isStandardOrEmptyPort =
+    portFromRequest === '80' || portFromRequest === '443' || !portFromRequest;
+  const port = isStandardOrEmptyPort ? '' : `:${portFromRequest}`;
 
-    const forwardedHost = request.headers['x-forwarded-host'];
-    const forwardedHostValue = Array.isArray(forwardedHost)
-        ? forwardedHost[0]
-        : forwardedHost
-    const forwardedHostname = forwardedHostValue?.split(':')[0];
-    const host = forwardedHostname || request.hostname;
+  const forwardedProto = request.headers['x-forwarded-proto'];
+  const forwardedProtoValue = Array.isArray(forwardedProto)
+    ? forwardedProto[0]
+    : forwardedProto;
+  const protocol = forwardedProtoValue || request.protocol;
 
-    const redirectionUrl = `${protocol}://${host}${port}`;
-    return `${redirectionUrl}/callback?storageType=none`;
-}
+  const forwardedHost = request.headers['x-forwarded-host'];
+  const forwardedHostValue = Array.isArray(forwardedHost)
+    ? forwardedHost[0]
+    : forwardedHost;
+  const forwardedHostname = forwardedHostValue?.split(':')[0];
+  const host = forwardedHostname || request.hostname;
+
+  const redirectionUrl = `${protocol}://${host}${port}`;
+  return `${redirectionUrl}/callback?storageType=none`;
+};
diff --git a/src/env/env.controller.spec.ts b/src/env/env.controller.spec.ts
@@ -37,7 +37,6 @@ describe('EnvController', () => {
       developmentInstance: false,
       isLocal: false,
       idpNames: [],
-      frontendPort: '',
     } as EnvConfigVariables;
 
     beforeEach(function () {
diff --git a/src/env/env.service.spec.ts b/src/env/env.service.spec.ts
@@ -84,18 +84,6 @@ describe('EnvService', () => {
     delete process.env['ENVIRONMENT'];
   });
 
-  it('should get empty string for default frontend port', () => {
-    expect(service.getEnv().frontendPort).toEqual('');
-  });
-
-  it('should get frontend port', () => {
-    process.env['FRONTEND_PORT'] = '4700';
-
-    expect(service.getEnv().frontendPort).toBe('4700');
-
-    delete process.env['FRONTEND_PORT'];
-  });
-
   it('should get if it is a local instance', () => {
     process.env['ENVIRONMENT'] = 'local';
 
diff --git a/src/env/env.service.ts b/src/env/env.service.ts
@@ -8,7 +8,6 @@ export interface EnvVariables extends Record<string, any> {
   logoutRedirectUrl?: string;
   healthCheckInterval?: number;
   isLocal?: boolean;
-  frontendPort?: string;
   developmentInstance?: boolean;
   validWebcomponentUrls?: string[];
   uiOptions?: string[];
@@ -25,7 +24,6 @@ export class EnvService {
       logoutRedirectUrl: process.env.LOGOUT_REDIRECT_URL || '/logout',
       isLocal: process.env.ENVIRONMENT === 'local',
       developmentInstance: process.env.DEVELOPMENT_INSTANCE === 'true',
-      frontendPort: process.env.FRONTEND_PORT || '',
       validWebcomponentUrls: (process.env.VALID_WEBCOMPONENT_URLS || '').split(
         ',',
       ),
