Fix protocol and hostname resolution (#297)

Co-authored-by: Grzegorz Krajniak <[email protected]>

Author: gkrajniak

src/auth/auth-token.service.ts

@@ -10,6 +10,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import { AxiosError } from 'axios';
 import type { Request, Response } from 'express';
 import { catchError, firstValueFrom } from 'rxjs';
+import { getRedirectUri } from './redirect-uri.js';
 
 export interface AuthTokenData {
   access_token: string;
@@ -43,7 +44,7 @@ export class AuthTokenService {
     code: string,
   ): Promise<AuthTokenData> {
     const authConfig = await this.authConfigService.getAuthConfig(request);
-    const redirectUri = this.getRedirectUri(request);
+    const redirectUri = getRedirectUri(request, this.envService.getEnv());
 
     const body = new URLSearchParams({
       client_id: authConfig.clientId,
@@ -121,21 +122,4 @@ export class AuthTokenService {
       `Unexpected response code from auth token server: ${tokenFetchResult.status}, ${tokenFetchResult.statusText}`,
     );
   }
-
-  /**
-   *  Redirection URL is calculated based on the ENVIRONMENT system variable.
-   *  When running locally after executing token retrieval the call will be redirected to localhost and port set in FRONTEND_PORT system variable,
-   *  otherwise to the host of the initiating request
-   */
-  private getRedirectUri(request: Request) {
-    let redirectionUrl: string;
-    const env = this.envService.getEnv();
-    const isStandardOrEmptyPort =
-      env.frontendPort === '80' ||
-      env.frontendPort === '443' ||
-      !env.frontendPort;
-    const port = isStandardOrEmptyPort ? '' : ':' + env.frontendPort;
-    redirectionUrl = `${request.protocol}://${request.hostname}${port}`;
-    return `${redirectionUrl}/callback?storageType=none`;
-  }
 }

src/auth/redirect-uri.spec.ts

@@ -0,0 +1,61 @@
+import { getRedirectUri } from './redirect-uri.js';
+import type { Request } from 'express';
+import { EnvVariables } from '../env/env.service.js';
+
+describe('getRedirectUri', () => {
+    const baseEnv: EnvVariables = {
+        frontendPort: '3000',
+    } as any;
+
+    const makeReq = (headers: Record<string, any> = {}, hostname = 'example.com', protocol = 'http'): Request =>
+        ({
+            headers,
+            hostname,
+            protocol,
+        } as Request);
+
+    it('uses x-forwarded-proto and x-forwarded-host when present', () => {
+        const req = makeReq({
+            'x-forwarded-proto': 'https',
+            'x-forwarded-host': 'forwarded.com',
+        });
+        const result = getRedirectUri(req, baseEnv);
+        expect(result).toBe('https://forwarded.com:3000/callback?storageType=none');
+    });
+
+    it('uses first value when x-forwarded-proto and host are arrays', () => {
+        const req = makeReq({
+            'x-forwarded-proto': ['https', 'http'],
+            'x-forwarded-host': ['multi.com:8080', 'other.com'],
+        });
+        const result = getRedirectUri(req, baseEnv);
+        expect(result).toBe('https://multi.com:3000/callback?storageType=none');
+    });
+
+    it('falls back to request protocol and hostname if headers missing', () => {
+        const req = makeReq({}, 'local.dev', 'http');
+        const result = getRedirectUri(req, baseEnv);
+        expect(result).toBe('http://local.dev:3000/callback?storageType=none');
+    });
+
+    it('omits port if standard (80 or 443)', () => {
+        const env80 = { frontendPort: '80' } as EnvVariables;
+        const env443 = { frontendPort: '443' } as EnvVariables;
+        const req = makeReq({ 'x-forwarded-proto': 'https', 'x-forwarded-host': 'secure.com' });
+        expect(getRedirectUri(req, env80)).toBe('https://secure.com/callback?storageType=none');
+        expect(getRedirectUri(req, env443)).toBe('https://secure.com/callback?storageType=none');
+    });
+
+    it('omits port if env.frontendPort is empty', () => {
+        const envEmpty = { frontendPort: '' } as EnvVariables;
+        const req = makeReq({ 'x-forwarded-proto': 'https', 'x-forwarded-host': 'noport.com' });
+        const result = getRedirectUri(req, envEmpty);
+        expect(result).toBe('https://noport.com/callback?storageType=none');
+    });
+
+    it('extracts hostname correctly when x-forwarded-host includes port', () => {
+        const req = makeReq({ 'x-forwarded-proto': 'https', 'x-forwarded-host': 'withport.com:8080' });
+        const result = getRedirectUri(req, baseEnv);
+        expect(result).toBe('https://withport.com:3000/callback?storageType=none');
+    });
+});

src/auth/redirect-uri.ts

@@ -0,0 +1,29 @@
+import type { Request } from 'express';
+import {EnvVariables} from "../env/env.service.js";
+
+/**
+ *  Redirection URL is calculated based on the incoming request
+ */
+export const getRedirectUri = (request: Request, env: EnvVariables)=> {
+    const isStandardOrEmptyPort =
+        env.frontendPort === '80' ||
+        env.frontendPort === '443' ||
+        !env.frontendPort;
+    const port = isStandardOrEmptyPort ? '' : ':' + env.frontendPort;
+
+    const forwardedProto = request.headers['x-forwarded-proto'];
+    const forwardedProtoValue = Array.isArray(forwardedProto)
+        ? forwardedProto[0]
+        : forwardedProto;
+    const protocol = forwardedProtoValue || request.protocol;
+
+    const forwardedHost = request.headers['x-forwarded-host'];
+    const forwardedHostValue = Array.isArray(forwardedHost)
+        ? forwardedHost[0]
+        : forwardedHost
+    const forwardedHostname = forwardedHostValue?.split(':')[0];
+    const host = forwardedHostname || request.hostname;
+
+    const redirectionUrl = `${protocol}://${host}${port}`;
+    return `${redirectionUrl}/callback?storageType=none`;
+}