🛂 feat(oauth): add domain restriction on social login (#2512)

2025-12-17 08:50:15 +01:00 · 2024-04-24 18:14:27 +02:00 · 2024-04-24 18:14:27 +02:00 · 75da75be08
commit 75da75be08
parent cdab1e9cda
3 changed files with 29 additions and 1 deletions
--- a/api/server/routes/oauth.js
+++ b/api/server/routes/oauth.js
@ -4,7 +4,7 @@ const passport = require('passport');
 const express = require('express');
 const router = express.Router();
 const { setAuthTokens } = require('~/server/services/AuthService');
-const { loginLimiter, checkBan } = require('~/server/middleware');
+const { loginLimiter, checkBan, checkDomainAllowed } = require('~/server/middleware');
 const { logger } = require('~/config');

 const domains = {
@ -16,6 +16,7 @@ router.use(loginLimiter);

 const oauthHandler = async (req, res) => {
  try {
+    await checkDomainAllowed(req, res);
    await checkBan(req, res);
    if (req.banned) {
      return;