die tenant admin oauth authentifizierung wurde implementiert und funktioniert jetzt. Zudem wurde das marketing frontend dashboard implementiert.

2025-11-04 16:14:17 +01:00
parent 92e64c361a
commit fe380689fb
63 changed files with 4239 additions and 1142 deletions
--- a/app/Http/Controllers/Auth/AuthenticatedSessionController.php
+++ b/app/Http/Controllers/Auth/AuthenticatedSessionController.php
@@ -9,8 +9,10 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Str;
 use Inertia\Inertia;
 use Inertia\Response;
+use Symfony\Component\HttpFoundation\Response as SymfonyResponse;

 class AuthenticatedSessionController extends Controller
 {
@@ -28,12 +30,13 @@ class AuthenticatedSessionController extends Controller
    /**
     * Handle an incoming authentication request.
     */
-    public function store(LoginRequest $request): RedirectResponse
+    public function store(LoginRequest $request): SymfonyResponse
    {
        try {
            $request->authenticate();
        } catch (\Illuminate\Validation\ValidationException $e) {
            $request->session()->flash('error', __('auth.login_failed'));
+
            return redirect()->route('login')->withErrors($e->errors());
        }

@@ -47,7 +50,12 @@ class AuthenticatedSessionController extends Controller
            return Inertia::location(route('verification.notice'));
        }

-        return Inertia::location(route('dashboard', absolute: false));
+        $returnTo = $this->resolveReturnTo($request);
+        if ($returnTo !== null) {
+            return Inertia::location($returnTo);
+        }
+
+        return Inertia::location($this->defaultAdminPath());
    }

    /**
@@ -62,4 +70,71 @@ class AuthenticatedSessionController extends Controller

        return redirect('/');
    }
+
+    private function resolveReturnTo(Request $request): ?string
+    {
+        $encoded = $request->string('return_to')->trim();
+
+        if ($encoded === '') {
+            return null;
+        }
+
+        return $this->decodeReturnTo($encoded, $request);
+    }
+
+    private function decodeReturnTo(string $value, Request $request): ?string
+    {
+        $candidate = $this->decodeBase64Url($value) ?? $value;
+        $candidate = trim($candidate);
+
+        if ($candidate === '') {
+            return null;
+        }
+
+        if (str_starts_with($candidate, '/')) {
+            return $candidate;
+        }
+
+        $targetHost = parse_url($candidate, PHP_URL_HOST);
+        $scheme = parse_url($candidate, PHP_URL_SCHEME);
+
+        if (! $scheme || ! $targetHost) {
+            return null;
+        }
+
+        $appHost = parse_url($request->getSchemeAndHttpHost(), PHP_URL_HOST);
+
+        if ($appHost && ! Str::endsWith($targetHost, $appHost)) {
+            return null;
+        }
+
+        return $candidate;
+    }
+
+    private function defaultAdminPath(): string
+    {
+        $base = rtrim(route('tenant.admin.app', absolute: false), '/');
+        if ($base === '') {
+            $base = '/event-admin';
+        }
+
+        return $base.'/events';
+    }
+
+    private function decodeBase64Url(string $value): ?string
+    {
+        if ($value === '') {
+            return null;
+        }
+
+        $padded = str_pad($value, strlen($value) + ((4 - (strlen($value) % 4)) % 4), '=');
+        $normalized = strtr($padded, '-_', '+/');
+        $decoded = base64_decode($normalized, true);
+
+        if ($decoded === false) {
+            return null;
+        }
+
+        return $decoded;
+    }
 }