From 6a1be0fcd5897da1e4c7889e8b3cb740114181f0 Mon Sep 17 00:00:00 2001
From: YANG QIA <2013xile@gmail.com>
Date: Wed, 20 Mar 2024 14:46:22 +0800
Subject: [PATCH] fix(auth): sso auth bug when deploying with subpath (#3764)

---
 .../plugin-cas/src/server/actions/service.ts        | 13 +++++++++----
 .../plugin-oidc/src/server/actions/redirect.ts      |  7 +++++--
 .../plugin-saml/src/server/actions/redirect.ts      | 11 +++++++----
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/packages/plugins/@nocobase/plugin-cas/src/server/actions/service.ts b/packages/plugins/@nocobase/plugin-cas/src/server/actions/service.ts
index 28db05de41..ae811ddb91 100644
--- a/packages/plugins/@nocobase/plugin-cas/src/server/actions/service.ts
+++ b/packages/plugins/@nocobase/plugin-cas/src/server/actions/service.ts
@@ -3,20 +3,25 @@ import { AppSupervisor } from '@nocobase/server';
 import { CASAuth } from '../auth';
 
 export const service = async (ctx: Context, next: Next) => {
-  const { authenticator, __appName: appName, redirect = '/admin' } = ctx.action.params;
+  const { authenticator, __appName: appName, redirect } = ctx.action.params;
 
-  let prefix = '';
+  let prefix = process.env.APP_PUBLIC_PATH || '';
   if (appName && appName !== 'main') {
     const appSupervisor = AppSupervisor.getInstance();
     if (appSupervisor?.runningMode !== 'single') {
-      prefix = process.env.APP_PUBLIC_PATH + `apps/${appName}`;
+      prefix += `apps/${appName}`;
     }
   }
 
   const auth = (await ctx.app.authManager.get(authenticator, ctx)) as CASAuth;
+
+  if (prefix.endsWith('/')) {
+    prefix = prefix.slice(0, -1);
+  }
+
   try {
     const { token } = await auth.signIn();
-    ctx.redirect(`${prefix}${redirect}?authenticator=${authenticator}&token=${token}`);
+    ctx.redirect(`${prefix}${redirect || '/admin'}?authenticator=${authenticator}&token=${token}`);
   } catch (error) {
     ctx.redirect(`${prefix}/signin?authenticator=${authenticator}&error=${error.message}&redirect=${redirect}`);
   }
diff --git a/packages/plugins/@nocobase/plugin-oidc/src/server/actions/redirect.ts b/packages/plugins/@nocobase/plugin-oidc/src/server/actions/redirect.ts
index 7cdadd8392..40eb787671 100644
--- a/packages/plugins/@nocobase/plugin-oidc/src/server/actions/redirect.ts
+++ b/packages/plugins/@nocobase/plugin-oidc/src/server/actions/redirect.ts
@@ -10,14 +10,17 @@ export const redirect = async (ctx: Context, next: Next) => {
   const authenticator = search.get('name');
   const appName = search.get('app');
   const redirect = search.get('redirect') || '/admin';
-  let prefix = '';
+  let prefix = process.env.APP_PUBLIC_PATH || '';
   if (appName && appName !== 'main') {
     const appSupervisor = AppSupervisor.getInstance();
     if (appSupervisor?.runningMode !== 'single') {
-      prefix = process.env.APP_PUBLIC_PATH + `apps/${appName}`;
+      prefix += `apps/${appName}`;
     }
   }
   const auth = (await ctx.app.authManager.get(authenticator, ctx)) as OIDCAuth;
+  if (prefix.endsWith('/')) {
+    prefix = prefix.slice(0, -1);
+  }
   try {
     const { token } = await auth.signIn();
     ctx.redirect(`${prefix}${redirect}?authenticator=${authenticator}&token=${token}`);
diff --git a/packages/plugins/@nocobase/plugin-saml/src/server/actions/redirect.ts b/packages/plugins/@nocobase/plugin-saml/src/server/actions/redirect.ts
index 21f225947c..8a1573b15e 100644
--- a/packages/plugins/@nocobase/plugin-saml/src/server/actions/redirect.ts
+++ b/packages/plugins/@nocobase/plugin-saml/src/server/actions/redirect.ts
@@ -4,18 +4,21 @@ import { SAMLAuth } from '../saml-auth';
 
 export const redirect = async (ctx: Context, next: Next) => {
   const { authenticator, __appName: appName } = ctx.action.params || {};
-  const { RelayState: redirect = '/admin' } = ctx.action.params.values || {};
-  let prefix = '';
+  const { RelayState: redirect } = ctx.action.params.values || {};
+  let prefix = process.env.APP_PUBLIC_PATH || '';
   if (appName && appName !== 'main') {
     const appSupervisor = AppSupervisor.getInstance();
     if (appSupervisor?.runningMode !== 'single') {
-      prefix = process.env.APP_PUBLIC_PATH + `apps/${appName}`;
+      prefix += `/apps/${appName}`;
     }
   }
   const auth = (await ctx.app.authManager.get(authenticator, ctx)) as SAMLAuth;
+  if (prefix.endsWith('/')) {
+    prefix = prefix.slice(0, -1);
+  }
   try {
     const { token } = await auth.signIn();
-    ctx.redirect(`${prefix}${redirect}?authenticator=${authenticator}&token=${token}`);
+    ctx.redirect(`${prefix}${redirect || '/admin'}?authenticator=${authenticator}&token=${token}`);
   } catch (error) {
     ctx.redirect(`${prefix}/signin?authenticator=${authenticator}&error=${error.message}&redirect=${redirect}`);
   }