paulmataruso/DumbDrop
1
0
Fork 0
mirror of https://github.com/DumbWareio/DumbDrop.git synced 2025-10-23 07:41:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent open redirect vulnerability in auth routes by validating redirect URLs

Browse Source
This commit is contained in:
abiteman
2025-06-19 21:55:11 -05:00
parent 65a0f51ea7
commit 2bd8a322f9
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/routes/auth.js
View File

@@ -12,6 +12,25 @@ const {
LOCKOUT_DURATION
} = require('../utils/security');
/**
* Validate redirect URL to prevent open redirect attacks
* Only allows relative URLs starting with '/' and rejects external URLs
*/
function validateRedirectUrl(url) {
if (!url || typeof url !== 'string') {
return '/';
}
// Only allow relative URLs that start with '/'
// This prevents external URLs like 'https://evil.com' or protocol-relative URLs like '//evil.com'
if (url.startsWith('/') && !url.startsWith('//')) {
return url;
}
// Default to root path for any suspicious URLs
return '/';
}
/**
* Verify PIN
*/
@@ -28,7 +47,7 @@ router.post('/verify-pin', (req, res) => {
sameSite: 'strict',
path: '/'
});
const redirectUrl = req.query.redirect || '/';
const redirectUrl = validateRedirectUrl(req.query.redirect);
return res.json({
success: true,
error: null,
@@ -76,7 +95,7 @@ router.post('/verify-pin', (req, res) => {
logger.info(`Successful PIN verification from IP: ${ip}`);
// Return success with redirect URL controlled by server
const redirectUrl = req.query.redirect || '/';
const redirectUrl = validateRedirectUrl(req.query.redirect);
res.json({
success: true,
error: null,