Reworked session handling at beginOAuth2Flow to handle original location, added original destination to url query param in redirectUnauthenticatd (client middleware)

Author: eozden-wq

client/src/middleware.ts

@@ -24,8 +24,9 @@ async function getUserProfile(request: NextRequest): Promise<User | null> {
   return userProfile?.data ?? null
 }
 
-function redirectUnauthenticated(_request: NextRequest) {
-  return NextResponse.redirect(new URL("/auth/keycloak/login", siteConfig.apiUrl))
+function redirectUnauthenticated(request: NextRequest) {
+  const loginUrl = new URL(`/auth/keycloak/login?destination=${request.url}`, siteConfig.apiUrl)
+  return NextResponse.redirect(loginUrl)
 }
 
 function redirectForbidden(request: NextRequest) {

server/src/routes/auth/keycloak/keycloak-handlers.ts

@@ -59,12 +59,20 @@ export class KeycloakHandlers {
     return codeVerifier
   }
 
+  private static rememberDestination(request: Request, response: Response, session: DurHackSession): void {
+    const destination = request.query.destination != null ? destinationUrlSchema.parse(request.query.destination) : null
+
+    if (session.redirectTo == null && destination?.href == null) return
+    if (session.redirectTo === destination?.href) return
+
+    session.redirectTo = destination?.href
+    response.sessionDirty = true
+  }
+
   beginOAuth2Flow(): Middleware {
     return async (request: Request, response: Response) => {
-      const destination =
-        request.query.destination != null ? destinationUrlSchema.parse(request.query.destination) : null
       const session = await getSession(request, response)
-      session.redirectTo = destination?.href
+      KeycloakHandlers.rememberDestination(request, response, session)
 
       this.lazyLogout(response, session)
       const codeVerifier = this.getOrGenerateCodeVerifier(response, session)