fix: fix issue #33

Author: aborn

playground/nuxt.config.ts

@@ -1,6 +1,7 @@
 
 export default defineNuxtConfig({
   app: {
+    baseURL: '/openid/',
     head: {
       title: 'OIDC',
       link: [

src/runtime/plugin.ts

@@ -1,6 +1,6 @@
 import { defineNuxtPlugin } from '#app'
 import { Storage, StorageOptions } from './storage'
-import { isUnset, isSet } from './utils/utils'
+import { isUnset, isSet, getCleanUrl } from './utils/utils'
 import { encrypt, decrypt } from './utils/encrypt'
 import { useState, useFetch, useRuntimeConfig, useCookie } from '#imports'
 
@@ -95,23 +95,27 @@ export class Oidc {
 
   login(redirect = '/') {
     if (import.meta.client) {
+      const { app } = useRuntimeConfig()
       const params = new URLSearchParams({ redirect })
-      const toStr = '/oidc/login?' + params.toString()
-      window.location.replace(toStr)
+      const link = '/oidc/login?' + params.toString()
+      window.location.replace(getCleanUrl(app.baseURL + link))
+      // navigateTo({ path: link })
     }
   }
 
   logout(redirect = '/') {
     // TODO clear user info when accessToken expired.
     if (import.meta.client) {
+      const { app } = useRuntimeConfig()
       const params = new URLSearchParams({ redirect })
-      const toStr = '/oidc/logout?' + params.toString()
+      const link = '/oidc/logout?' + params.toString()
 
       this.$useState.value.user = {}
       this.$useState.value.isLoggedIn = false
 
       this.$storage.removeUserInfo()
-      window.location.replace(toStr)
+      window.location.replace(getCleanUrl(app.baseURL + link))
+      // navigateTo({ path: link })
     }
   }
 }

src/runtime/server/routes/oidc/callback.ts

@@ -2,13 +2,16 @@ import * as http from 'http'
 import { defineEventHandler, getCookie, setCookie, deleteCookie } from 'h3'
 import { initClient } from '../../../utils/issueclient'
 import { encrypt } from '../../../utils/encrypt'
-import { getRedirectUrl, getCallbackUrl, getDefaultBackUrl, getResponseMode, setCookieInfo, setCookieTokenAndRefreshToken } from '../../../utils/utils'
+import { getRedirectUrl, getCallbackUrl, getDefaultBackUrl, getResponseMode, setCookieInfo, setCookieTokenAndRefreshToken, getCleanUrl } from '../../../utils/utils'
 import { useRuntimeConfig } from '#imports'
 
 export default defineEventHandler(async (event) => {
+  console.log('---------oidc nitro --------------')
   const req = event.node.req
   const res = event.node.res
   console.log('[CALLBACK]: oidc/callback calling, method:' + req.method)
+  const { app } = useRuntimeConfig()
+  const baseUrl = app.baseURL
 
   let request = req
   if (req.method === 'POST') {
@@ -25,11 +28,12 @@ export default defineEventHandler(async (event) => {
   const responseMode = getResponseMode(config)
   const sessionid = getCookie(event, config.secret)
   deleteCookie(event, config.secret)
+  // Note: here not need add baseUrl, case in login already added baseUrl.
   const redirectUrl = getRedirectUrl(req.url)
   // console.log('---Callback. redirectUrl:' + redirectUrl)
   // console.log(' -- req.url:' + req.url + '   #method:' + req.method + ' #response_mode:' + responseMode)
 
-  const callbackUrl = getCallbackUrl(op.callbackUrl, redirectUrl, req.headers.host)
+  const callbackUrl = getCallbackUrl('', redirectUrl, req.headers.host)
   const defCallBackUrl = getDefaultBackUrl(redirectUrl, req.headers.host)
 
   const issueClient = await initClient(op, req, [defCallBackUrl, callbackUrl])
@@ -39,7 +43,7 @@ export default defineEventHandler(async (event) => {
     // Implicit ID Token Flow: access_token
     console.log('[CALLBACK]: has access_token in params, accessToken:' + params.access_token)
     await processUserInfo(params.access_token, null, event)
-    res.writeHead(302, { Location: redirectUrl || '/' })
+    res.writeHead(302, { Location: redirectUrl || baseUrl })
     res.end()
   } else if (params.code) {
     // Authorization Code Flow: code -> access_token
@@ -48,7 +52,7 @@ export default defineEventHandler(async (event) => {
     if (tokenSet.access_token) {
       await processUserInfo(tokenSet.access_token, tokenSet, event)
     }
-    res.writeHead(302, { Location: redirectUrl || '/' })
+    res.writeHead(302, { Location: redirectUrl || baseUrl })
     res.end()
   } else {
     // Error dealing.
@@ -57,15 +61,15 @@ export default defineEventHandler(async (event) => {
       // redirct to auth failed error page.
       console.error('[CALLBACK]: error callback')
       console.error(params.error + ', error_description:' + params.error_description)
-      res.writeHead(302, { Location: '/oidc/error' })
+      res.writeHead(302, { Location: getCleanUrl(baseUrl + '/oidc/error') })
       res.end()
     } else if (responseMode === 'fragment') {
       console.warn('[CALLBACK]: callback redirect')
-      res.writeHead(302, { Location: '/oidc/cbt?redirect=' + redirectUrl })
+      res.writeHead(302, { Location: getCleanUrl(baseUrl + '/oidc/cbt?redirect=' + redirectUrl) })
       res.end()
     } else {
       console.error('[CALLBACK]: error callback')
-      res.writeHead(302, { Location: redirectUrl || '/' })
+      res.writeHead(302, { Location: redirectUrl || baseUrl })
       res.end()
     }
   }

src/runtime/server/routes/oidc/login.ts

@@ -6,13 +6,16 @@ import { getRedirectUrl, getCallbackUrl, getDefaultBackUrl, getResponseMode } fr
 import { useRuntimeConfig } from '#imports'
 
 export default defineEventHandler(async (event) => {
+  console.log('---------oidc nitro --------------')
   console.log('[Login]: oidc/login calling')
   const req = event.node.req
   const res = event.node.res
+  const { app } = useRuntimeConfig()
+  const baseUrl = app.baseURL
 
   const { op, config } = useRuntimeConfig().openidConnect
-  const redirectUrl = getRedirectUrl(req.url)
-  const callbackUrl = getCallbackUrl(op.callbackUrl, redirectUrl, req.headers.host)
+  const redirectUrl = getRedirectUrl(req.url, baseUrl)
+  const callbackUrl = getCallbackUrl('', redirectUrl, req.headers.host)
   const defCallBackUrl = getDefaultBackUrl(redirectUrl, req.headers.host)
 
   const issueClient = await initClient(op, req, [defCallBackUrl, callbackUrl])

src/runtime/server/routes/oidc/logout.ts

@@ -3,13 +3,16 @@ import { getRedirectUrl } from '../../../utils/utils';
 import { useRuntimeConfig } from '#imports'
 
 export default defineEventHandler((event) => {
+  console.log('---------oidc nitro --------------')
   const res = event.node.res
   const req = event.node.req
+  const { app } = useRuntimeConfig()
+  const baseUrl = app.baseURL
 
   console.log('[LOGOUT]: oidc/logout calling')
 
   const { config } = useRuntimeConfig().openidConnect
-  const redirectUrl = getRedirectUrl(req.url)
+  const redirectUrl = getRedirectUrl(req.url, baseUrl)
   deleteCookie(event, config.secret)
   deleteCookie(event, config.cookiePrefix + 'access_token')
   deleteCookie(event, config.cookiePrefix + 'refresh_token')

src/runtime/server/routes/oidc/status.ts

@@ -1,7 +1,16 @@
 import { defineEventHandler } from 'h3'
 
 export default defineEventHandler((event) => {
+  console.log('---------oidc nitro --------------')
+  const config = useRuntimeConfig()
+  const baseUrl = config.app.baseURL
+  const query = getQuery(event)
   const req = event.node.req
+
+  // console.log(req.headers)
+
+  console.log(req.url)
+  console.log(baseUrl)
   return {
     api: 'nuxt-openid-connect api works'
   }

src/runtime/utils/utils.ts

@@ -17,16 +17,16 @@ export const setCookieTokenAndRefreshToken = (event: any, config: any, tokenSet:
   }
 
   // refresh token setting
-    if (tokenSet && tokenSet.refresh_expires_in && tokenSet.refresh_token) {
-        setCookie(event, config.cookiePrefix + 'refresh_token', tokenSet.refresh_token, {
-            maxAge: tokenSet.refresh_expires_in
-        })
-    } else if (tokenSet && !config.hasCookieRefreshExpireDate && tokenSet.refresh_token) {
-        const expireDate = new Date(Date.now() + config.cookieRefreshDefaultMaxAge * 1000);
-        setCookie(event, config.cookiePrefix + 'refresh_token', tokenSet.refresh_token, {
-            expires: expireDate
-        })
-    }
+  if (tokenSet && tokenSet.refresh_expires_in && tokenSet.refresh_token) {
+    setCookie(event, config.cookiePrefix + 'refresh_token', tokenSet.refresh_token, {
+      maxAge: tokenSet.refresh_expires_in
+    })
+  } else if (tokenSet && !config.hasCookieRefreshExpireDate && tokenSet.refresh_token) {
+    const expireDate = new Date(Date.now() + config.cookieRefreshDefaultMaxAge * 1000);
+    setCookie(event, config.cookiePrefix + 'refresh_token', tokenSet.refresh_token, {
+      expires: expireDate
+    })
+  }
 }
 
 export const setCookieInfo = async (event: any, config: any, userinfo: any) => {
@@ -54,13 +54,15 @@ export const isUnset = (o: unknown): boolean =>
 
 export const isSet = (o: unknown): boolean => !isUnset(o)
 
-export const getRedirectUrl = (uri: string | null | undefined): string => {
+export const getRedirectUrl = (uri: string | null | undefined, baseURL: string | undefined = undefined): string => {
   if (!uri) {
-    return '/'
+    return baseURL || '/'
   }
   const idx = uri.indexOf('?')
   const searchParams = new URLSearchParams(idx >= 0 ? uri.substring(idx) : uri)
-  return searchParams.get('redirect') || '/'
+  const redirUrl = (baseURL ? baseURL + '/' : '') + searchParams.get('redirect')
+  const cleanUrl = getCleanUrl(redirUrl)
+  return cleanUrl || baseURL || '/'
 }
 
 export function getCallbackUrl(callbackUrl: string, redirectUrl: string, host: string | undefined): string {
@@ -72,9 +74,15 @@ export function getCallbackUrl(callbackUrl: string, redirectUrl: string, host: s
 }
 
 export function getDefaultBackUrl(redirectUrl: string, host: string | undefined): string {
-  return 'http://' + host + '/oidc/cbt?redirect=' + redirectUrl
+  const config = useRuntimeConfig()
+  const baseUrl = config.app.baseURL
+  console.log('------>baseUrl:' + baseUrl)
+  return getCleanUrl('http://' + host + baseUrl + '/oidc/cbt?redirect=' + redirectUrl)
 }
 
+export function getCleanUrl(url: string): string {
+  return url.indexOf(':') >=0 ? url.replace(/([^:]\/)\/+/g, "$1") : url.replace(/\/\/+/g, '/')
+}
 /**
    * Response Mode
    *   The Response Mode determines how the Authorization Server returns result parameters from the Authorization Endpoint.