freeCodeCamp/api-server/server/utils/get-return-to.js

const jwt = require('jsonwebtoken');
const { allowedOrigins } = require('../../../config/cors-settings');
const { homeLocation } = require('../../../config/env.json');

function getReturnTo(encryptedReturnTo, secret) {
  let returnTo;
  let success = false;
  try {
    returnTo = jwt.verify(encryptedReturnTo, secret).returnTo;
    // we add the '/' to prevent returns to
    // www.freecodecamp.org.somewhere.else.com
    if (!allowedOrigins.some(origin => returnTo.startsWith(origin + '/'))) {
      throw Error();
    }
    success = true;
  } catch {
    returnTo = `${homeLocation}/learn`;
  }

  return { returnTo, success };
}

module.exports = getReturnTo;
feat(api): allow redirects with a returnTo param (#40161) 2020-11-07 09:05:25 +01:00			`const jwt = require('jsonwebtoken');`
			`const { allowedOrigins } = require('../../../config/cors-settings');`
			`const { homeLocation } = require('../../../config/env.json');`

			`function getReturnTo(encryptedReturnTo, secret) {`
			`let returnTo;`
			`let success = false;`
			`try {`
			`returnTo = jwt.verify(encryptedReturnTo, secret).returnTo;`
			`// we add the '/' to prevent returns to`
			`// www.freecodecamp.org.somewhere.else.com`
			`if (!allowedOrigins.some(origin => returnTo.startsWith(origin + '/'))) {`
			`throw Error();`
			`}`
			`success = true;`
			`} catch {`
			returnTo = `${homeLocation}/learn`;
			`}`

			`return { returnTo, success };`
			`}`

			`module.exports = getReturnTo;`