@microcosmmoney/auth-react 1.1.1 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/callback.js +13 -1
  2. package/dist/server/token-exchange.js +3 -9
  3. package/package.json +2 -2
package/dist/callback.js CHANGED
@@ -5,6 +5,17 @@ const jsx_runtime_1 = require("react/jsx-runtime");
5
5
  // AI-generated · AI-managed · AI-maintained
6
6
  const react_1 = require("react");
7
7
  const provider_1 = require("./provider");
8
+ function isSameOrigin(url) {
9
+ if (url.startsWith('/') && !url.startsWith('//'))
10
+ return true;
11
+ try {
12
+ const parsed = new URL(url, window.location.origin);
13
+ return parsed.origin === window.location.origin;
14
+ }
15
+ catch {
16
+ return false;
17
+ }
18
+ }
8
19
  function AuthCallback({ redirectTo = '/dashboard', onSuccess, onError, loadingComponent, errorComponent, }) {
9
20
  const { client } = (0, provider_1.useAuth)();
10
21
  const [error, setError] = (0, react_1.useState)(null);
@@ -16,7 +27,8 @@ function AuthCallback({ redirectTo = '/dashboard', onSuccess, onError, loadingCo
16
27
  if (cancelled)
17
28
  return;
18
29
  onSuccess?.(user);
19
- window.location.href = redirectTo;
30
+ const safeRedirect = isSameOrigin(redirectTo) ? redirectTo : '/dashboard';
31
+ window.location.href = safeRedirect;
20
32
  }
21
33
  catch (err) {
22
34
  if (cancelled)
package/dist/server/token-exchange.js CHANGED
@@ -45,10 +45,7 @@ function createTokenExchangeHandler(config) {
45
45
  if (!tokenResponse.ok) {
46
46
  const errorData = await safeJson(tokenResponse);
47
47
  console.error('[MicrocosmAuth] Token exchange failed:', errorData);
48
- return jsonResponse({
49
- error: errorData.error || 'token_error',
50
- error_description: errorData.error_description || 'Token exchange failed',
51
- }, tokenResponse.status);
48
+ return jsonResponse({ error: 'token_error', error_description: 'Token exchange failed' }, tokenResponse.status);
52
49
  }
53
50
  const tokenData = await tokenResponse.json();
54
51
  return jsonResponse({
@@ -60,10 +57,7 @@ function createTokenExchangeHandler(config) {
60
57
  }
61
58
  catch (error) {
62
59
  console.error('[MicrocosmAuth] Exchange error:', error);
63
- return jsonResponse({
64
- error: 'server_error',
65
- error_description: error instanceof Error ? error.message : 'Internal server error',
66
- }, 500);
60
+ return jsonResponse({ error: 'server_error', error_description: 'Internal server error' }, 500);
67
61
  }
68
62
  };
69
63
  }
@@ -94,7 +88,7 @@ function createProfileHandler(config) {
94
88
  }
95
89
  catch (error) {
96
90
  console.error('[MicrocosmAuth] Profile error:', error);
97
- return jsonResponse({ error: 'server_error', message: error instanceof Error ? error.message : 'Internal error' }, 500);
91
+ return jsonResponse({ error: 'server_error', message: 'Internal server error' }, 500);
98
92
  }
99
93
  };
100
94
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@microcosmmoney/auth-react",
3
- "version": "1.1.1",
3
+ "version": "1.2.1",
4
4
  "description": "Microcosm OAuth 2.0 React/Next.js adapter",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -24,7 +24,7 @@
24
24
  "react-dom": ">=18.0.0"
25
25
  },
26
26
  "dependencies": {
27
- "@microcosmmoney/auth-core": "^1.1.1"
27
+ "@microcosmmoney/auth-core": "^1.2.1"
28
28
  },
29
29
  "devDependencies": {
30
30
  "@types/react": "^18.0.0",