From 22098465256a83c693eb5958500bc5dfcfa84024 Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Sat, 7 Jun 2025 19:16:28 +0200
Subject: [PATCH] feat: check for redirect uris allowed

---
 internal/oauth/authorize.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/internal/oauth/authorize.go b/internal/oauth/authorize.go
index b42fd3c..a2fe10e 100644
--- a/internal/oauth/authorize.go
+++ b/internal/oauth/authorize.go
@@ -61,5 +61,14 @@ func (h *OAuthHandler) AuthorizeClient(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	if !slices.Contains(client.RedirectUris, redirectUri) {
+		uri := fmt.Sprintf("%s?error=invalid_request&error_description=Redirect+URI+is+not+allowed", redirectUri)
+		if state != "" {
+			uri += "&state=" + state
+		}
+		http.Redirect(w, r, uri, http.StatusFound)
+		return
+	}
+
 	http.Redirect(w, r, fmt.Sprintf("/auth?%s", r.URL.Query().Encode()), http.StatusFound)
 }