From 3b8f8f8fe4fe8e41e91ece2fa284dc940278f6af Mon Sep 17 00:00:00 2001
From: mia <mia@mia.jetzt>
Date: Fri, 19 Jul 2024 17:46:50 -0700
Subject: properly redirect successful auth requests to the target uri

---
 nginx/handoff.html | 6 +++++-
 nginx/sync.py      | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/nginx/handoff.html b/nginx/handoff.html
index c160580..f012451 100644
--- a/nginx/handoff.html
+++ b/nginx/handoff.html
@@ -12,7 +12,11 @@
 						location = "https://dissociate.mia.jetzt/logout";
 					}
 					await fetch(`/.nginx/cookie?token=${data.token}&max_age=${data.expiresIn - 60}`);
-					location = "/";
+					if (location.hash) {
+						location = location.hash.slice(1);
+					} else {
+						location = "/";
+					}
 				} else {
 					console.log("not authenticated, redirecting");
 					location = "https://dissociate.mia.jetzt/login";
diff --git a/nginx/sync.py b/nginx/sync.py
index 9b02c45..9d81a39 100644
--- a/nginx/sync.py
+++ b/nginx/sync.py
@@ -12,7 +12,7 @@ handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff)
 handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}")
 
 auth_check = """if ($cookie___proxy_token = "") {
-            return 303 https://$host/.nginx/handoff.html;
+            return 303 https://$host/.nginx/handoff.html#$request_uri;
         }
         auth_request /.nginx/auth;"""
 
@@ -34,7 +34,7 @@ auth_locations = (
             }
 
             location /.nginx/cookie {
-                add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; secure";
+                add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; samesite=lax; secure";
                 return 200;
             }"""
 )
-- 
cgit 1.4.1