TDvorak/Trackeep
1
0
Fork 0
mirror of https://github.com/Dvorinka/Trackeep.git synced 2026-06-04 12:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
9c17f80d5d23af9e3f2cc9ebf9b8b0e1228663fe
Trackeep/Others/oauth-service/CHANGES_SUMMARY.md
T
Tomas Dvorak d27cf14110 first test
2026-02-08 14:14:55 +01:00

2.3 KiB
Raw Blame History

OAuth Service Configuration Changes

Summary of Changes

1. CORS Configuration Updated

  • Before: Restricted to specific origins (http://localhost:5173,http://localhost:8080)
  • After: Allows all origins (*) for maximum flexibility
  • Implementation: Updated CORS middleware to handle wildcard origins properly

2. Dynamic Client URL Detection

  • Before: Hardcoded default client URL (http://localhost:5173)
  • After: Dynamically determines client URL from:
    • Query parameter redirect_uri (highest priority)
    • Request Origin header
    • Request Referer header
    • Fallback to DEFAULT_CLIENT_URL environment variable
  • Implementation: Enhanced initiateGitHubOAuth function with URL parsing logic

3. Service Domain Configuration

  • Added: New SERVICE_DOMAIN environment variable
  • Purpose: Identifies the OAuth service domain in logs and webhook responses
  • Current Value: https://oauth.tdvorak.dev

4. Enhanced Webhook Handling

  • Before: Basic webhook processing with minimal logging
  • After:
    • Proper webhook secret configuration check
    • Enhanced logging with service domain identification
    • Detailed event type handling with better payload logging
    • Response includes service domain information

5. Environment Files Updated

  • .env: Updated with new configuration values
  • .env.example: Updated to reflect the new structure for other deployments

Key Benefits

  1. Multi-domain Support: Service can now handle requests from any domain
  2. Dynamic Client Detection: Automatically redirects users back to their originating domain
  3. Better Debugging: Enhanced logging makes troubleshooting easier
  4. Production Ready: Configuration is more flexible for different deployment scenarios

Security Considerations

  • While CORS is set to allow all origins, the OAuth flow itself remains secure
  • State parameter validation prevents CSRF attacks
  • JWT tokens are still properly validated
  • Webhook signature validation is in place (though secret needs to be configured)

Usage

The service will now:

  1. Accept OAuth requests from any domain
  2. Automatically detect the client's origin for proper redirects
  3. Handle webhooks with better logging and domain identification
  4. Work seamlessly with the user's domain (tdvorak.dev) and any other domains
Reference in New Issue View Git Blame Copy Permalink