From 3bee9044f11f5a762b137228f347bf6b91b05666 Mon Sep 17 00:00:00 2001
From: Anbraten <anton@ju60.de>
Date: Mon, 13 Dec 2021 20:22:09 +0100
Subject: [PATCH] Add flag to set oauth redirect host in dev mode (#586)

---
 cmd/server/flags.go            | 20 ++++++++++++++------
 cmd/server/server.go           |  5 +++++
 server/config.go               |  1 +
 server/remote/gitea/gitea.go   |  2 +-
 server/remote/github/github.go |  4 ++--
 server/remote/gitlab/gitlab.go |  2 +-
 6 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/cmd/server/flags.go b/cmd/server/flags.go
index 27096a0b2..ab9982832 100644
--- a/cmd/server/flags.go
+++ b/cmd/server/flags.go
@@ -79,12 +79,6 @@ var flags = []cli.Flag{
 		Name:    "quic",
 		Usage:   "enable quic",
 	},
-	&cli.StringFlag{
-		EnvVars: []string{"WOODPECKER_WWW_PROXY"},
-		Name:    "www-proxy",
-		Usage:   "serve the website by using a proxy (used for development)",
-		Hidden:  true,
-	},
 	&cli.StringSliceFlag{
 		EnvVars: []string{"WOODPECKER_ADMIN"},
 		Name:    "admin",
@@ -512,4 +506,18 @@ var flags = []cli.Flag{
 		Name:    "keepalive-min-time",
 		Usage:   "server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping.",
 	},
+	// development flags
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_DEV_WWW_PROXY"},
+		Name:    "www-proxy",
+		Usage:   "serve the website by using a proxy (used for development)",
+		Hidden:  true,
+	},
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_DEV_OAUTH_HOST"},
+		Name:    "server-dev-oauth-host",
+		Usage:   "server fully qualified url (<scheme>://<host>) used for oauth redirect (used for development)",
+		Value:   "",
+		Hidden:  true,
+	},
 }
diff --git a/cmd/server/server.go b/cmd/server/server.go
index d7b7ec443..e9591d98f 100644
--- a/cmd/server/server.go
+++ b/cmd/server/server.go
@@ -290,6 +290,11 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
 	server.Config.Server.Key = c.String("server-key")
 	server.Config.Server.Pass = c.String("agent-secret")
 	server.Config.Server.Host = c.String("server-host")
+	if c.IsSet("server-dev-oauth-host") {
+		server.Config.Server.OAuthHost = c.String("server-dev-oauth-host")
+	} else {
+		server.Config.Server.OAuthHost = c.String("server-host")
+	}
 	server.Config.Server.Port = c.String("server-addr")
 	server.Config.Server.Docs = c.String("docs")
 	server.Config.Server.SessionExpires = c.Duration("session-expires")
diff --git a/server/config.go b/server/config.go
index ec88e4d46..91b9327f5 100644
--- a/server/config.go
+++ b/server/config.go
@@ -52,6 +52,7 @@ var Config = struct {
 	Server struct {
 		Key            string
 		Cert           string
+		OAuthHost      string
 		Host           string
 		Port           string
 		Pass           string
diff --git a/server/remote/gitea/gitea.go b/server/remote/gitea/gitea.go
index 58213e0a7..ea648d3c3 100644
--- a/server/remote/gitea/gitea.go
+++ b/server/remote/gitea/gitea.go
@@ -99,7 +99,7 @@ func (c *Gitea) Login(ctx context.Context, w http.ResponseWriter, req *http.Requ
 			AuthURL:  fmt.Sprintf(authorizeTokenURL, c.URL),
 			TokenURL: fmt.Sprintf(accessTokenURL, c.URL),
 		},
-		RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.Host),
+		RedirectURL: fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
 	}
 
 	// get the OAuth errors
diff --git a/server/remote/github/github.go b/server/remote/github/github.go
index f88114e24..0feea4acd 100644
--- a/server/remote/github/github.go
+++ b/server/remote/github/github.go
@@ -338,9 +338,9 @@ func (c *client) newConfig(req *http.Request) *oauth2.Config {
 
 	intendedURL := req.URL.Query()["url"]
 	if len(intendedURL) > 0 {
-		redirect = fmt.Sprintf("%s/authorize?url=%s", server.Config.Server.Host, intendedURL[0])
+		redirect = fmt.Sprintf("%s/authorize?url=%s", server.Config.Server.OAuthHost, intendedURL[0])
 	} else {
-		redirect = fmt.Sprintf("%s/authorize", server.Config.Server.Host)
+		redirect = fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost)
 	}
 
 	return &oauth2.Config{
diff --git a/server/remote/gitlab/gitlab.go b/server/remote/gitlab/gitlab.go
index c453b46c7..25fac278a 100644
--- a/server/remote/gitlab/gitlab.go
+++ b/server/remote/gitlab/gitlab.go
@@ -95,7 +95,7 @@ func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.R
 		Scope:        defaultScope,
 		AuthURL:      fmt.Sprintf("%s/oauth/authorize", g.URL),
 		TokenURL:     fmt.Sprintf("%s/oauth/token", g.URL),
-		RedirectURL:  fmt.Sprintf("%s/authorize", server.Config.Server.Host),
+		RedirectURL:  fmt.Sprintf("%s/authorize", server.Config.Server.OAuthHost),
 	}
 
 	// get the OAuth errors