| 66 | """ |
| 67 | |
| 68 | def do_POST(self) -> None: |
| 69 | parsed = urllib.parse.urlparse(self.path) |
| 70 | if parsed.path != "/callback": |
| 71 | self.send_error(404) |
| 72 | return |
| 73 | |
| 74 | content_length = int(self.headers.get("Content-Length", 0)) |
| 75 | body = self.rfile.read(content_length).decode("utf-8") |
| 76 | data = urllib.parse.parse_qs(body) |
| 77 | |
| 78 | # Validate state nonce to prevent CSRF |
| 79 | expected_state = getattr(self.server, "expected_state", None) |
| 80 | state_values = data.get("state", []) |
| 81 | if not state_values or state_values[0] != expected_state: |
| 82 | self.send_error(403, "Invalid state parameter") |
| 83 | return |
| 84 | |
| 85 | api_key_values = data.get("api_key", []) |
| 86 | if not api_key_values or not api_key_values[0]: |
| 87 | self.send_error(400, "Missing api_key") |
| 88 | return |
| 89 | |
| 90 | org_id_values = data.get("organization_id", []) |
| 91 | email_values = data.get("email", []) |
| 92 | |
| 93 | self.server.auth_result = { # type: ignore[attr-defined] |
| 94 | "api_key": api_key_values[0], |
| 95 | "organization_id": org_id_values[0] if org_id_values else None, |
| 96 | "email": email_values[0] if email_values else None, |
| 97 | } |
| 98 | |
| 99 | self.send_response(200) |
| 100 | self.send_header("Content-Type", "text/html") |
| 101 | self.end_headers() |
| 102 | self.wfile.write(_SUCCESS_HTML.encode()) |
| 103 | |
| 104 | self.server.received_event.set() # type: ignore[attr-defined] |
| 105 | |
| 106 | def log_message(self, format: str, *args: object) -> None: |
| 107 | pass # suppress default HTTP server logs |