fix: prevent infinite redirection

leancloud · Oct 26, 2023 · dc20a6f · dc20a6f
1 parent b473de5
commit dc20a6f
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/next/api/src/controller/user.ts b/next/api/src/controller/user.ts
@@ -118,7 +118,7 @@ export class UserController {
   @Get(':id')
   @UseMiddlewares(auth, staffOnly)
   @ResponseBody(UserResponse)
-  findOne(@Param('id', new FindModelPipe(User, {useMasterKey: true})) user: User) {
+  findOne(@Param('id', new FindModelPipe(User, { useMasterKey: true })) user: User) {
     return user;
   }
 
@@ -214,7 +214,10 @@ export class UserController {
   }
 
   @Post('tds/token')
-  async exchangeJwt(@Ctx() ctx: Context, @Body(new ZodValidationPipe(exchangeSchema)) data: ExchangeData) {
+  async exchangeJwt(
+    @Ctx() ctx: Context,
+    @Body(new ZodValidationPipe(exchangeSchema)) data: ExchangeData
+  ) {
     const { jwt } = data;
     const { appId, sub } = transformToHttpError(() =>
       getVerifiedPayloadWithSubRequired(
@@ -228,9 +231,9 @@ export class UserController {
       )
     );
 
-    if (appId === 'nxfahljt0g0tzsjwrw') {
-      const url = new URL(ctx.url, 'https://support.xd.com')
-      ctx.response.status = 307; 
+    if (ctx.hostname !== 'support.xd.com' && appId === 'nxfahljt0g0tzsjwrw') {
+      const url = new URL(ctx.url, 'https://support.xd.com');
+      ctx.response.status = 307;
       ctx.response.set('Location', url.toString());
       ctx.response.body = '';
       ctx.res.end();