till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 22:01:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

🐛 fix(mana-core-auth): OIDC token exchange now works with body-parser

Browse source 
- Removed debug logging that exposed sensitive client_secret in production logs
- The body-parser middleware in main.ts correctly handles form-urlencoded token requests
- handleOidcRequest properly converts parsed body to URLSearchParams for Better Auth
This commit is contained in:
Till-JS 2026-02-01 12:28:41 +01:00
parent 5a8e20e0f2
commit f0cf1bc804
2 changed files with 0 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
services/mana-core-auth/src/auth/oidc.controller.ts
View file

@ -59,9 +59,6 @@ export class OidcController {
*/
@Post('api/auth/oauth2/token')
async tokenOauth2(@Req() req: Request, @Res() res: Response) {
console.log('[Token Endpoint] Content-Type:', req.headers['content-type']);
console.log('[Token Endpoint] Body:', req.body);
console.log('[Token Endpoint] Body keys:', Object.keys(req.body || {}));
return this.handleOidcRequest(req, res);
}

8
services/mana-core-auth/src/auth/services/better-auth.service.ts
View file

@ -1297,8 +1297,6 @@ export class BetterAuthService {
let requestBody: string | undefined;
if (req.method !== 'GET' && req.method !== 'HEAD' && req.body) {
const contentType = req.headers['content-type'] || '';
console.log('[handleOidcRequest] Processing body with content-type:', contentType);
console.log('[handleOidcRequest] req.body:', JSON.stringify(req.body, null, 2));
if (contentType.includes('application/x-www-form-urlencoded')) {
// Convert object to URL-encoded form data
const params = new URLSearchParams();
@ -1308,7 +1306,6 @@ export class BetterAuthService {
}
}
requestBody = params.toString();
console.log('[handleOidcRequest] Converted to URLSearchParams:', requestBody);
} else {
// Default to JSON
requestBody = JSON.stringify(req.body);
@ -1320,9 +1317,6 @@ export class BetterAuthService {
}
// Create Fetch Request
console.log('[handleOidcRequest] Creating Fetch Request to:', url.toString());
console.log('[handleOidcRequest] Method:', req.method);
console.log('[handleOidcRequest] Headers content-type:', headers.get('content-type'));
const fetchRequest = new Request(url.toString(), {
method: req.method,
headers,
@ -1331,7 +1325,6 @@ export class BetterAuthService {
// Call Better Auth's handler
const response = await this.auth.handler(fetchRequest);
console.log('[handleOidcRequest] Better Auth response status:', response.status);
// Convert Response to our format
const responseHeaders: Record<string, string> = {};
@ -1343,7 +1336,6 @@ export class BetterAuthService {
let body: unknown;
const contentType = response.headers.get('content-type');
const textBody = await response.text();
console.log('[handleOidcRequest] Response body:', textBody);
if (contentType?.includes('application/json') && textBody.length > 0) {
try {