From 2fe4fef779880bf7a2a495bc103aa022e5814b8f Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Sat, 3 May 2025 04:56:32 +0800
Subject: [PATCH] fix(oidc): enforce https redirection to prevent errors

---
 internal/auth/oidc.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/auth/oidc.go b/internal/auth/oidc.go
index c1068a59..0c750eb2 100644
--- a/internal/auth/oidc.go
+++ b/internal/auth/oidc.go
@@ -139,6 +139,10 @@ func (auth *OIDCProvider) getIdToken(ctx context.Context, oauthToken *oauth2.Tok
 }
 
 func (auth *OIDCProvider) HandleAuth(w http.ResponseWriter, r *http.Request) {
+	if r.TLS == nil && r.Header.Get("X-Forwarded-Proto") != "https" {
+		http.Redirect(w, r, "https://"+requestHost(r)+OIDCAuthInitPath, http.StatusFound)
+		return
+	}
 	switch r.URL.Path {
 	case OIDCAuthInitPath:
 		auth.LoginHandler(w, r)