fix: send slack redirects to react host

Author: osolmaz

integrations/slack-gateway/channel_settings_handlers.go

@@ -12,7 +12,7 @@ func (g *slackGateway) handleChannelSettings(w http.ResponseWriter, r *http.Requ
 		return
 	}
 	if r.Method == http.MethodGet {
-		redirectToReactRoute(
+		g.redirectToReactRoute(
 			w,
 			r,
 			reactSlackChannelSettingsPath(g.relativeGatewayPath(r.URL.Path), r.URL.Query()),

integrations/slack-gateway/gateway_test.go

@@ -191,6 +191,9 @@ func TestOAuthCallbackAutoSelectsSingleInstallTargetAndUpsertsRegistry(t *testin
 	if err != nil {
 		t.Fatalf("parse result redirect: %v", err)
 	}
+	if resultLocation.Scheme != "https" || resultLocation.Host != "spritz.example.test" {
+		t.Fatalf("expected result redirect to use Spritz host, got %s", resultLocation.String())
+	}
 	if resultLocation.Path != "/settings/slack/install/result" {
 		t.Fatalf("expected React result route, got %q", resultLocation.Path)
 	}
@@ -281,6 +284,9 @@ func TestOAuthCallbackRendersInstallTargetPickerWhenMultipleTargetsAvailable(t *
 	if err != nil {
 		t.Fatalf("parse picker redirect: %v", err)
 	}
+	if redirectURL.Scheme != "https" || redirectURL.Host != "spritz.example.test" {
+		t.Fatalf("expected picker redirect to use Spritz host, got %s", redirectURL.String())
+	}
 	if redirectURL.Path != "/settings/slack/install/select" {
 		t.Fatalf("expected React picker route, got %q", redirectURL.Path)
 	}
@@ -7600,6 +7606,28 @@ func TestSpritzWebSocketURLPreservesBasePath(t *testing.T) {
 	}
 }
 
+func TestReactRouteURLUsesSpritzBaseURL(t *testing.T) {
+	gateway := newSlackGateway(
+		config{SpritzBaseURL: "https://spritz.example.test/app"},
+		slog.New(slog.NewTextHandler(io.Discard, nil)),
+	)
+
+	target := gateway.reactRouteURL("/settings/slack/workspaces/test?teamId=T_workspace_1")
+	parsed, err := url.Parse(target)
+	if err != nil {
+		t.Fatalf("parse react route url: %v", err)
+	}
+	if parsed.Scheme != "https" || parsed.Host != "spritz.example.test" {
+		t.Fatalf("expected Spritz host, got %s", target)
+	}
+	if parsed.Path != "/app/settings/slack/workspaces/test" {
+		t.Fatalf("expected Spritz base path to be preserved, got %q", parsed.Path)
+	}
+	if parsed.Query().Get("teamId") != "T_workspace_1" {
+		t.Fatalf("expected query to be preserved, got %q", parsed.RawQuery)
+	}
+}
+
 func signSlackRequest(header http.Header, signingSecret string, body []byte, now time.Time) {
 	timestamp := fmt.Sprintf("%d", now.Unix())
 	base := "v0:" + timestamp + ":" + string(body)

integrations/slack-gateway/install_result.go

@@ -422,7 +422,7 @@ func classifyInstallUpsertError(err error) installResultCode {
 
 func (g *slackGateway) handleInstallResult(w http.ResponseWriter, r *http.Request) {
 	target := url.URL{Path: reactSlackInstallResultPath(), RawQuery: r.URL.RawQuery}
-	redirectToReactRoute(w, r, target.String())
+	g.redirectToReactRoute(w, r, target.String())
 }
 
 func (g *slackGateway) renderInstallResultPage(w http.ResponseWriter, r *http.Request) {

integrations/slack-gateway/react_routes.go

@@ -45,6 +45,28 @@ func reactSlackChannelSettingsPath(relativeGatewayPath string, query url.Values)
 	return target.String()
 }
 
-func redirectToReactRoute(w http.ResponseWriter, r *http.Request, target string) {
-	http.Redirect(w, r, target, http.StatusSeeOther)
+func (g *slackGateway) reactRouteURL(target string) string {
+	route, err := url.Parse(strings.TrimSpace(target))
+	if err != nil {
+		return target
+	}
+	if route.IsAbs() {
+		return route.String()
+	}
+
+	base, err := url.Parse(strings.TrimRight(strings.TrimSpace(g.cfg.SpritzBaseURL), "/"))
+	if err != nil || base.Scheme == "" || base.Host == "" {
+		return route.String()
+	}
+	basePath := strings.TrimRight(base.Path, "/")
+	routePath := "/" + strings.TrimLeft(route.Path, "/")
+	base.RawPath = ""
+	base.Path = basePath + routePath
+	base.RawQuery = route.RawQuery
+	base.Fragment = route.Fragment
+	return base.String()
+}
+
+func (g *slackGateway) redirectToReactRoute(w http.ResponseWriter, r *http.Request, target string) {
+	http.Redirect(w, r, g.reactRouteURL(target), http.StatusSeeOther)
 }

integrations/slack-gateway/slack_oauth.go

@@ -216,7 +216,7 @@ func (g *slackGateway) handleOAuthCallback(w http.ResponseWriter, r *http.Reques
 			return
 		}
 		g.setPendingInstallCookie(w, r, requestID, pendingState)
-		redirectToReactRoute(w, r, reactSlackInstallSelectPath(requestID))
+		g.redirectToReactRoute(w, r, reactSlackInstallSelectPath(requestID))
 		return
 	}
 	if err := g.upsertInstallation(r.Context(), &installation, requestID, targets[0].PresetInputs); err != nil {

integrations/slack-gateway/workspace_handlers.go

@@ -10,7 +10,7 @@ func (g *slackGateway) handleWorkspaceManagement(w http.ResponseWriter, r *http.
 	if !ok {
 		return
 	}
-	redirectToReactRoute(w, r, reactSlackWorkspacesPath(r.URL.Query()))
+	g.redirectToReactRoute(w, r, reactSlackWorkspacesPath(r.URL.Query()))
 	_ = principal
 }
 
@@ -51,7 +51,7 @@ func (g *slackGateway) handleWorkspaceTargetPicker(w http.ResponseWriter, r *htt
 	if !ok {
 		return
 	}
-	redirectToReactRoute(w, r, reactSlackWorkspaceTargetPath(r.URL.Query()))
+	g.redirectToReactRoute(w, r, reactSlackWorkspaceTargetPath(r.URL.Query()))
 	_ = principal
 }
 

integrations/slack-gateway/workspace_test_messages.go

@@ -291,7 +291,7 @@ func (g *slackGateway) handleWorkspaceTestForm(w http.ResponseWriter, r *http.Re
 	if !ok {
 		return
 	}
-	redirectToReactRoute(w, r, reactSlackWorkspaceTestPath(r.URL.Query()))
+	g.redirectToReactRoute(w, r, reactSlackWorkspaceTestPath(r.URL.Query()))
 	_ = principal
 }
 

ui/src/pages/settings.test.tsx

@@ -282,4 +282,28 @@ describe('SettingsPage', () => {
     expect(await screen.findByText('identity.unresolved')).toBeTruthy();
     expect(await screen.findByText('Request ID: install-request-1')).toBeTruthy();
   });
+
+  it('does not render query-provided install result action links', async () => {
+    requestMock.mockImplementation((path: string) => {
+      if (path.startsWith('/api/slack/install/result?')) {
+        return Promise.reject(new Error('gateway unavailable'));
+      }
+      return Promise.reject(new Error(`unexpected request: ${path}`));
+    });
+
+    render(
+      <MemoryRouter
+        initialEntries={[
+          '/settings/slack/install/result?status=error&code=internal.error&actionLabel=Continue&actionHref=javascript:alert(1)',
+        ]}
+      >
+        <Routes>
+          <Route path="settings/*" element={<SettingsPage />} />
+        </Routes>
+      </MemoryRouter>,
+    );
+
+    expect(await screen.findByText('Slack install needs attention')).toBeTruthy();
+    expect(screen.queryByRole('link', { name: 'Continue' })).toBeNull();
+  });
 });

ui/src/pages/settings.tsx

@@ -852,8 +852,8 @@ function installResultFromQuery(params: URLSearchParams): SlackInstallResult | n
         ? 'The Slack workspace is connected.'
         : 'The Slack install flow finished without a detailed result message.'
     ),
-    actionLabel: params.get('actionLabel') || undefined,
-    actionHref: params.get('actionHref') || undefined,
+    actionLabel: undefined,
+    actionHref: undefined,
   };
 }