From c4beb611bfd91f6a05b362017573d376814911ab Mon Sep 17 00:00:00 2001
From: NextFire <git@yuru.moe>
Date: Tue, 9 Apr 2024 21:06:27 -0400
Subject: [PATCH] Revert "wildcard support"

This reverts commit 6a616f3eefaa2e763e5bbdd754b8a4913894f5b0.
---
 package-lock.json        | 16 +----------
 package.json             |  4 +--
 server/utils/provider.ts | 59 ----------------------------------------
 3 files changed, 2 insertions(+), 77 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 919f30c..e2ef58d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,9 +14,7 @@
         "ioredis": "5.3.2",
         "lodash-es": "4.17.21",
         "nitropack": "2.9.6",
-        "oidc-provider": "8.4.5",
-        "psl": "1.9.0",
-        "wildcard": "2.0.1"
+        "oidc-provider": "8.4.5"
       }
     },
     "node_modules/@cloudflare/kv-asset-handler": {
@@ -4926,12 +4924,6 @@
       "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
       "dev": true
     },
-    "node_modules/psl": {
-      "version": "1.9.0",
-      "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz",
-      "integrity": "sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==",
-      "dev": true
-    },
     "node_modules/queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -6126,12 +6118,6 @@
         "string-width": "^1.0.2 || 2 || 3 || 4"
       }
     },
-    "node_modules/wildcard": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/wildcard/-/wildcard-2.0.1.tgz",
-      "integrity": "sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ==",
-      "dev": true
-    },
     "node_modules/wrap-ansi": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
diff --git a/package.json b/package.json
index 60fd638..341b35d 100644
--- a/package.json
+++ b/package.json
@@ -20,8 +20,6 @@
     "ioredis": "5.3.2",
     "lodash-es": "4.17.21",
     "nitropack": "2.9.6",
-    "oidc-provider": "8.4.5",
-    "psl": "1.9.0",
-    "wildcard": "2.0.1"
+    "oidc-provider": "8.4.5"
   }
 }
diff --git a/server/utils/provider.ts b/server/utils/provider.ts
index cd12ed1..13aff39 100644
--- a/server/utils/provider.ts
+++ b/server/utils/provider.ts
@@ -1,10 +1,4 @@
 import Provider, { type Configuration } from "oidc-provider";
-import * as net from "node:net";
-import { URL } from "node:url";
-
-import wildcard from "wildcard";
-import psl from "psl";
-import { errors } from "oidc-provider";
 
 const config: Configuration = {
   adapter: RedisAdapter,
@@ -36,41 +30,6 @@ const config: Configuration = {
     keys: userConfig.oidc.cookies.keys,
   },
   expiresWithSession: () => false,
-  extraClientMetadata: {
-    // https://github.com/panva/node-oidc-provider/blob/87cd3c5c335cb30074612b405bd581c6bc76a98d/recipes/redirect_uri_wildcards.md
-    properties: ["redirect_uris"],
-    validator(ctx, key, value: string[], metadata) {
-      if (key === "redirect_uris") {
-        for (const redirectUri of value) {
-          if (redirectUri.includes("*")) {
-            const { hostname, href } = new URL(redirectUri);
-            if (href.split("*").length !== 2) {
-              throw new errors.InvalidClientMetadata(
-                "redirect_uris with a wildcard may only contain a single one"
-              );
-            }
-            if (!hostname.includes("*")) {
-              throw new errors.InvalidClientMetadata(
-                "redirect_uris may only have a wildcard in the hostname"
-              );
-            }
-            const test = hostname.replace("*", "test");
-            // checks that the wildcard is for a full subdomain e.g. *.panva.cz, not *suffix.panva.cz
-            if (!wildcard(hostname, test)) {
-              throw new errors.InvalidClientMetadata(
-                "redirect_uris with a wildcard must only match the whole subdomain"
-              );
-            }
-            if (!psl.get(hostname.split("*.")[1])) {
-              throw new errors.InvalidClientMetadata(
-                "redirect_uris with a wildcard must not match an eTLD+1 of a known public suffix domain"
-              );
-            }
-          }
-        }
-      }
-    },
-  },
   features: {
     devInteractions: { enabled: false },
   },
@@ -113,21 +72,3 @@ const config: Configuration = {
 
 export const provider = new Provider(userConfig.publicUrl, config);
 provider.proxy = true;
-
-// https://github.com/panva/node-oidc-provider/blob/87cd3c5c335cb30074612b405bd581c6bc76a98d/recipes/redirect_uri_wildcards.md
-// redirectUriAllowed on a client prototype checks whether a redirect_uri is allowed or not
-const { redirectUriAllowed } = provider.Client.prototype;
-const hasWildcardHost = (redirectUri) => {
-  const { hostname } = new URL(redirectUri);
-  return hostname.includes("*");
-};
-const wildcardMatches = (redirectUri, wildcardUri) =>
-  !!wildcard(wildcardUri, redirectUri);
-provider.Client.prototype.redirectUriAllowed =
-  function wildcardRedirectUriAllowed(redirectUri) {
-    if (!redirectUri.includes("*")) {
-      return redirectUriAllowed.call(this, redirectUri);
-    }
-    const wildcardUris = this.redirectUris.filter(hasWildcardHost);
-    return wildcardUris.some(wildcardMatches.bind(undefined, redirectUri));
-  };