Fix some bugs in Apple OAuth login path

2025-05-23 02:35:49 +08:00 · 2023-10-31 22:36:56 +08:00 · 2023-10-31 22:36:56 +08:00 · 140737b2f6
commit 140737b2f6
parent b285144a64
3 changed files with 8 additions and 3 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@ -147,7 +147,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information
--- a/object/check.go
+++ b/object/check.go
@ -351,8 +351,8 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 }
 func CheckLoginPermission(userId string, application *Application) (bool, error) {
-	var err error
+	owner, _ := util.GetOwnerAndNameFromId(userId)
-	if userId == "built-in/admin" {
+	if owner == "built-in" {
 		return true, nil
 	}
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@ -51,6 +51,11 @@ func CorsFilter(ctx *context.Context) {
 		return
 	}
 	if originHostname == "appleid.apple.com" {
 		setCorsHeaders(ctx, origin)
 		return
 	}
 	if ctx.Request.Method == "POST" && ctx.Request.RequestURI == "/api/login/oauth/access_token" {
 		setCorsHeaders(ctx, origin)
 		return