Jennie Robinson Faber
a3b4f1118c
Set x-forwarded-proto header on requests before passing to oidc-provider so generated URLs use https:// in production.
33 lines
1 KiB
TypeScript
33 lines
1 KiB
TypeScript
/**
|
|
* Catch-all route that delegates all /oidc/* requests to the oidc-provider.
|
|
*
|
|
* This exposes the standard OIDC endpoints:
|
|
* /oidc/auth — authorization
|
|
* /oidc/token — token exchange
|
|
* /oidc/me — userinfo
|
|
* /oidc/session/end — logout
|
|
* /oidc/jwks — JSON Web Key Set
|
|
*/
|
|
import { getOidcProvider } from "../../utils/oidc-provider.js";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const provider = await getOidcProvider();
|
|
const { req, res } = event.node;
|
|
|
|
// The provider's routes config includes the /oidc prefix,
|
|
// so pass the full path through without stripping.
|
|
|
|
// Ensure the provider sees https when behind Traefik
|
|
if (!req.headers["x-forwarded-proto"]) {
|
|
req.headers["x-forwarded-proto"] = "https";
|
|
}
|
|
|
|
// Hand off to oidc-provider's Connect-style callback
|
|
const callback = provider.callback() as Function;
|
|
await new Promise<void>((resolve, reject) => {
|
|
callback(req, res, (err: unknown) => {
|
|
if (err) reject(err);
|
|
else resolve();
|
|
});
|
|
});
|
|
});
|