TDvorak/Trackeep
1
0
Fork 0
mirror of https://github.com/Dvorinka/Trackeep.git synced 2026-06-03 20:12:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

first test

Browse Source
This commit is contained in:
Tomas Dvorak
2026-02-08 14:14:55 +01:00
parent 18aa702174
commit d27cf14110
372 changed files with 98089 additions and 2585 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Others/oauth-service/CHANGES_SUMMARY.md
+56
View File
@@ -0,0 +1,56 @@
# OAuth Service Configuration Changes
## Summary of Changes
### 1. CORS Configuration Updated
- **Before**: Restricted to specific origins (`http://localhost:5173,http://localhost:8080`)
- **After**: Allows all origins (`*`) for maximum flexibility
- **Implementation**: Updated CORS middleware to handle wildcard origins properly
### 2. Dynamic Client URL Detection
- **Before**: Hardcoded default client URL (`http://localhost:5173`)
- **After**: Dynamically determines client URL from:
- Query parameter `redirect_uri` (highest priority)
- Request `Origin` header
- Request `Referer` header
- Fallback to `DEFAULT_CLIENT_URL` environment variable
- **Implementation**: Enhanced `initiateGitHubOAuth` function with URL parsing logic
### 3. Service Domain Configuration
- **Added**: New `SERVICE_DOMAIN` environment variable
- **Purpose**: Identifies the OAuth service domain in logs and webhook responses
- **Current Value**: `https://oauth.tdvorak.dev`
### 4. Enhanced Webhook Handling
- **Before**: Basic webhook processing with minimal logging
- **After**:
- Proper webhook secret configuration check
- Enhanced logging with service domain identification
- Detailed event type handling with better payload logging
- Response includes service domain information
### 5. Environment Files Updated
- **`.env`**: Updated with new configuration values
- **`.env.example`**: Updated to reflect the new structure for other deployments
## Key Benefits
1. **Multi-domain Support**: Service can now handle requests from any domain
2. **Dynamic Client Detection**: Automatically redirects users back to their originating domain
3. **Better Debugging**: Enhanced logging makes troubleshooting easier
4. **Production Ready**: Configuration is more flexible for different deployment scenarios
## Security Considerations
- While CORS is set to allow all origins, the OAuth flow itself remains secure
- State parameter validation prevents CSRF attacks
- JWT tokens are still properly validated
- Webhook signature validation is in place (though secret needs to be configured)
## Usage
The service will now:
1. Accept OAuth requests from any domain
2. Automatically detect the client's origin for proper redirects
3. Handle webhooks with better logging and domain identification
4. Work seamlessly with the user's domain (`tdvorak.dev`) and any other domains