2023-03-28 22:04:56 +02:00
|
|
|
using AutheliaMultiDomainProxy.Backend;
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
|
|
|
|
namespace AutheliaMultiDomainProxy.Controllers;
|
|
|
|
|
|
|
|
|
|
[Controller]
|
|
|
|
|
public class LogoutController : Controller {
|
|
|
|
|
[HttpPost]
|
|
|
|
|
[Route("/api/logout")]
|
|
|
|
|
[Produces("text/html")]
|
|
|
|
|
public ActionResult Post([FromQuery] string rd) {
|
2023-03-28 23:12:09 +02:00
|
|
|
// Check if we are on an allowed domain
|
2023-03-28 23:46:47 +02:00
|
|
|
if (Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
|
2023-03-28 23:12:09 +02:00
|
|
|
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
|
|
|
|
|
2023-03-28 22:04:56 +02:00
|
|
|
if (string.IsNullOrWhiteSpace(rd))
|
|
|
|
|
rd = "/";
|
|
|
|
|
|
2023-03-28 23:46:47 +02:00
|
|
|
Response.Cookies.Delete(Vars.CookieName, new CookieOptions { Secure = true, SameSite = SameSiteMode.Lax, HttpOnly = true, Domain = Request.Host.Host.Replace($"{Vars.AuthProxySubdomain}.", "")});
|
2023-03-28 22:04:56 +02:00
|
|
|
Response.ContentType = "text/html";
|
|
|
|
|
Response.Redirect(rd);
|
|
|
|
|
return Content($"Cookie cleared. Redirecting... <a href=\"{rd}\">Click here if you are not redirected automatically</a>", "text/html");
|
|
|
|
|
}
|
|
|
|
|
}
|
