diff options
| author | mat <github@matdoes.dev> | 2022-03-17 13:14:19 -0500 |
|---|---|---|
| committer | mat <github@matdoes.dev> | 2022-03-17 13:14:19 -0500 |
| commit | 7158526469c2c8491e698545fdd3d6dfc2c62fb8 (patch) | |
| tree | 6637539ccd1c0d00e7a22068ea46c1743a06217f /src/index.ts | |
| parent | dedb4b531fe6870330be1549a4f57ab71e3de8c4 (diff) | |
| download | skyblock-api-7158526469c2c8491e698545fdd3d6dfc2c62fb8.tar.gz skyblock-api-7158526469c2c8491e698545fdd3d6dfc2c62fb8.tar.bz2 skyblock-api-7158526469c2c8491e698545fdd3d6dfc2c62fb8.zip | |
allow passing redirect uri as a parameter
i sure hope this doesn't result in any security vulnerabilities!
Diffstat (limited to 'src/index.ts')
| -rw-r--r-- | src/index.ts | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/index.ts b/src/index.ts index 3e73ad3..6608188 100644 --- a/src/index.ts +++ b/src/index.ts @@ -156,7 +156,9 @@ app.get('/election', async (req, res) => { app.post('/accounts/createsession', async (req, res) => { try { const { code } = req.body - const codeExchange = await discord.exchangeCode(`${mainSiteUrl}/loggedin`, code) + const redirectUri = req.body.redirectUri ?? `${mainSiteUrl}/loggedin` + + const codeExchange = await discord.exchangeCode(redirectUri, code) if (!codeExchange) { res.json({ ok: false, error: 'discord_client_secret isn\'t in env' }) return |