diff --git a/packages/backend/src/server/api/mastodon/endpoints/auth.ts b/packages/backend/src/server/api/mastodon/endpoints/auth.ts index 267128a6a..98e2ad9e8 100644 --- a/packages/backend/src/server/api/mastodon/endpoints/auth.ts +++ b/packages/backend/src/server/api/mastodon/endpoints/auth.ts @@ -4,6 +4,7 @@ import { convertId, IdType } from "@/misc/convert-id.js"; import { AuthConverter } from "@/server/api/mastodon/converters/auth.js"; import { v4 as uuid } from "uuid"; import { MastoApiError } from "@/server/api/mastodon/middleware/catch-errors.js"; +import { toSingleLast } from "@/prelude/array.js"; export function setupEndpointsAuth(router: Router): void { router.post("/v1/apps", async (ctx) => { @@ -29,7 +30,8 @@ export function setupEndpointsAuthRoot(router: Router): void { const { client_id, state, redirect_uri } = ctx.request.query; let param = "mastodon=true"; if (state) param += `&state=${state}`; - if (redirect_uri) param += `&redirect_uri=${redirect_uri}`; + const final_redirect_uri = toSingleLast(redirect_uri); + if (final_redirect_uri) param += `&redirect_uri=${encodeURIComponent(final_redirect_uri)}`; const client = client_id ? client_id : ""; ctx.redirect(`${Buffer.from(client.toString(), "base64").toString()}?${param}`); }); diff --git a/packages/client/src/pages/auth.vue b/packages/client/src/pages/auth.vue index a090776e0..26b1e2dfc 100644 --- a/packages/client/src/pages/auth.vue +++ b/packages/client/src/pages/auth.vue @@ -106,15 +106,17 @@ export default defineComponent({ .split("&") .reduce((result, query) => { const [k, v] = query.split("="); - result[k] = decodeURI(v); + result[k] = decodeURIComponent(v); return result; }, {}); const isMastodon = !!getUrlParams().mastodon; if (this.session.app.callbackUrl && isMastodon) { - const redirectUri = decodeURIComponent(getUrlParams().redirect_uri); + const redirectUri = getUrlParams().redirect_uri; if (!this.session.app.callbackUrl.split('\n').some(p => p === redirectUri)){ this.state = "fetch-session-error"; this.fetching = false; + console.log(`redirect uri: ${redirectUri}`); + console.log(`reg_app uris: ${this.session.app.callbackUrl.split('\n').join(',')}`); throw new Error("callback uri doesn't match registered app"); } const callbackUrl = new URL(redirectUri)