From 738502f0518126aa61424b45248e85bbeb49b6af Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Sun, 3 Sep 2023 02:47:28 +0200
Subject: [PATCH] [mastodon-client] Correctly implement multiple callback URIs
 for OAuth, resolves #150

---
 packages/client/src/pages/auth.vue | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/client/src/pages/auth.vue b/packages/client/src/pages/auth.vue
index 76a13ce6e..c1996553c 100644
--- a/packages/client/src/pages/auth.vue
+++ b/packages/client/src/pages/auth.vue
@@ -111,7 +111,13 @@ export default defineComponent({
 					}, {});
 			const isMastodon = !!getUrlParams().mastodon;
 			if (this.session.app.callbackUrl && isMastodon) {
-				const callbackUrl = new URL(this.session.app.callbackUrl);
+				const redirectUri = decodeURIComponent(getUrlParams().redirect_uri);
+				if (!this.session.app.callbackUrl.split('\n').some(p => p === redirectUri)){
+					this.state = "fetch-session-error";
+					this.fetching = false;
+					throw new Error("callback uri doesn't match registered app");
+				}
+				const callbackUrl = new URL(redirectUri)
 				callbackUrl.searchParams.append("code", this.session.token);
 				if (getUrlParams().state)
 					callbackUrl.searchParams.append(