From aa933df525f3073f17312b4a89fa2b4eaf1f58a0 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sun, 19 Nov 2023 14:00:39 -0600
Subject: [PATCH] Update oidc redirect_uri to check x-forwarded-proto header
 for proxies

---
 server/Auth.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/Auth.js b/server/Auth.js
index a0f791ca..76fbc66b 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -282,8 +282,9 @@ class Auth {
         // We need to call the client manually, because the strategy does not support forwarding the code challenge
         //    for API or mobile clients
         const oidcStrategy = passport._strategy('openid-client')
-        const protocol = req.secure ? 'https' : 'http'
+        const protocol = (req.secure || req.get('x-forwarded-proto') === 'https') ? 'https' : 'http'
         oidcStrategy._params.redirect_uri = new URL(`${protocol}://${req.get('host')}/auth/openid/callback`).toString()
+        Logger.debug(`[Auth] Set oidc redirect_uri=${oidcStrategy._params.redirect_uri}`)
         const client = oidcStrategy._client
         const sessionKey = oidcStrategy._key