getBaseURL returns the base URL to use for OAuth2 endpoints. It uses externalURL from profile/setting if configured, otherwise derives from the request.
(c *echo.Context)
| 36 | // getBaseURL returns the base URL to use for OAuth2 endpoints. |
| 37 | // It uses externalURL from profile/setting if configured, otherwise derives from the request. |
| 38 | func (s *Service) getBaseURL(c *echo.Context) string { |
| 39 | ctx := c.Request().Context() |
| 40 | |
| 41 | // The --external-url CLI flag (profile.ExternalURL) short-circuits the |
| 42 | // lookup. Otherwise on self-hosted we resolve the singleton workspace ID |
| 43 | // first so GetEffectiveExternalURL can find the DB-backed |
| 44 | // workspace_profile.external_url setting. On SaaS there is no singleton |
| 45 | // — the CLI flag is required. |
| 46 | if s.profile.ExternalURL != "" { |
| 47 | return strings.TrimSuffix(s.profile.ExternalURL, "/") |
| 48 | } |
| 49 | workspaceID := "" |
| 50 | if !s.profile.SaaS { |
| 51 | if ws, err := s.store.GetWorkspaceID(ctx); err == nil { |
| 52 | workspaceID = ws |
| 53 | } |
| 54 | } |
| 55 | externalURL, err := utils.GetEffectiveExternalURL(ctx, s.store, s.profile, workspaceID) |
| 56 | if err != nil { |
| 57 | slog.Warn("failed to get external url for OAuth2", log.BBError(err)) |
| 58 | } |
| 59 | if externalURL != "" { |
| 60 | return strings.TrimSuffix(externalURL, "/") |
| 61 | } |
| 62 | |
| 63 | // Derive from request as fallback |
| 64 | req := c.Request() |
| 65 | scheme := "https" |
| 66 | if req.TLS == nil { |
| 67 | scheme = "http" |
| 68 | } |
| 69 | // Check X-Forwarded-Proto header for reverse proxy setups |
| 70 | if proto := req.Header.Get("X-Forwarded-Proto"); proto != "" { |
| 71 | scheme = proto |
| 72 | } |
| 73 | return fmt.Sprintf("%s://%s", scheme, req.Host) |
| 74 | } |
| 75 | |
| 76 | func (s *Service) handleDiscovery(c *echo.Context) error { |
| 77 | baseURL := s.getBaseURL(c) |
no test coverage detected