core: fix oauth login redirect url

packages/hydrooj/src/handler/user.ts

@@ -46,9 +46,11 @@ async function successfulAuth(this: Handler, udoc: User) {
 class UserLoginHandler extends Handler {
     noCheckPermView = true;
 
-    async get() {
+    @param('redirect', Types.String, true)
+    async get(domainId: string, redirect: string = '') {
         this.response.template = 'user_login.html';
         this.response.body = {
+            redirect,
             builtInLogin: system.get('server.login'),
             loginMethods: this.loginMethods,
         };
@@ -458,7 +460,9 @@ class OauthHandler extends Handler {
     noCheckPermView = true;
 
     @param('type', Types.Key)
-    async get(domainId: string, type: string) {
+    @param('redirect', Types.String, true)
+    async get(domainId: string, type: string, redirect = '') {
+        this.session.oauthRedirect = redirect;
         await this.ctx.oauth.providers[type]?.get.call(this);
     }
 }
@@ -478,22 +482,24 @@ class OauthCallbackHandler extends Handler {
             if (existing.some((id) => id && id !== this.user._id)) {
                 throw new BadRequestError('Already binded to another account');
             }
-            this.response.redirect = '/home/security';
+            this.response.redirect = this.session.oauthRedirect || this.url('home_security');
+            delete this.session.oauthRedirect;
             await Promise.all(ids.map((i) => this.ctx.oauth.set(args.type, i, this.user._id)));
             return;
         }
         const effective = existing.find((i) => i);
-
         if (effective) {
             await successfulAuth.call(this, await user.getById('system', effective));
-            this.response.redirect = '/';
+            this.response.redirect = this.session.oauthRedirect || this.url('homepage');
+            delete this.session.oauthRedirect;
             return;
         }
         const udoc = await user.getByEmail('system', r.email);
         if (udoc) {
             await Promise.all(ids.map((i) => this.ctx.oauth.set(args.type, i, udoc._id)));
             await successfulAuth.call(this, udoc);
-            this.response.redirect = '/';
+            this.response.redirect = this.session.oauthRedirect || this.url('homepage');
+            delete this.session.oauthRedirect;
             return;
         }
         if (!provider.canRegister) throw new ForbiddenError('No binded account found');

packages/ui-default/templates/partials/login_dialog.html

@@ -42,7 +42,7 @@ <h1 class="dialog--signin__title">{{ _('SIGN IN') }}</h1>
         {% endif %}
         {%- for v in loginMethods -%}
         <div class="row"><div class="columns">
-          <a href="{{ url('user_oauth', type=v.id) }}" class="expanded rounded button">{{ _(v.text) }}</a>
+          <a href="{{ url('user_oauth', type=v.id, query={redirect: handler.request.url}) }}" class="expanded rounded button">{{ _(v.text) }}</a>
         </div></div>
         {%- endfor -%}
         <div class="row"><div class="columns">

packages/ui-default/templates/user_login.html

@@ -32,7 +32,7 @@ <h1>{{ _('Login') }}</h1>
       {% endif %}
       {%- for v in loginMethods -%}
         <div class="row"><div class="columns">
-          <a href="{{ url('user_oauth', type=v.id) }}" class="expanded rounded button inverse">{{ _(v.text) }}</a>
+          <a href="{{ url('user_oauth', type=v.id, query={redirect: redirect}) }}" class="expanded rounded button inverse">{{ _(v.text) }}</a>
         </div></div>
       {%- endfor -%}
       <div class="row"><div class="columns">