Merge branch 'main' into feature/csrf

2025-05-31 11:41:54 +09:00 · 2025-05-31 11:41:54 +09:00 · dcb91d141f
commit dcb91d141f
parent ef1d8f40b3 19b6cb788c
10 changed files with 265 additions and 32 deletions
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@ -6,8 +6,11 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";

 export type API = DefineAPI<{}>;
+
 const csrfCheck = new CsrfCheck();
-const pkceCheck = new PKCECheck();
+const implicitGrantController = new ImplicitGrantController();
+const authZCodeGrantController = new AuthZCodeGrantController();
+const pkceCheckController = new PKCECheck();

 export function init(sdk: SDK<API>) {
  // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
@ -26,7 +29,20 @@ export function init(sdk: SDK<API>) {
  sdk.events.onInterceptResponse(
    async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
      await csrfCheck.checker(sdk, req, resp);
-      await pkceCheck.test(sdk, req);
+  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+    const result =
+      authZCodeGrantController.testReq(req) ||
+      implicitGrantController.testReq(req);
+
+    if (result) {
+      await pkceCheckController.test(sdk, req);
+
+      await sdk.findings.create({
+        title: "Possible SSO Request Detected",
+        description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+        request: req,
+        reporter: "",
+      });
    }
  );
 }