From 9b5627d25c77b47db2f9d54305f10bbcbacab1ef Mon Sep 17 00:00:00 2001
From: david-loe <56305409+david-loe@users.noreply.github.com>
Date: Sat, 5 Oct 2024 13:58:09 +0200
Subject: [PATCH] minor improvements

---
 backend/authStrategies/magiclogin.ts |  4 ++--
 backend/controller/authController.ts |  5 ++++-
 backend/mail/mail.ts                 | 19 ++++++++++---------
 backend/templates/mail.ejs           |  2 +-
 4 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/backend/authStrategies/magiclogin.ts b/backend/authStrategies/magiclogin.ts
index 80a0dac7..213c05d7 100644
--- a/backend/authStrategies/magiclogin.ts
+++ b/backend/authStrategies/magiclogin.ts
@@ -1,5 +1,5 @@
 import jwt from 'jsonwebtoken'
-import { default as MagicLoginStrategy } from 'passport-magic-login'
+import MagicLoginStrategy from 'passport-magic-login'
 import { escapeRegExp } from '../../common/scripts.js'
 import { NotAllowedError } from '../controller/error.js'
 import i18n from '../i18n.js'
@@ -9,7 +9,7 @@ import User from '../models/user.js'
 const secret = process.env.MAGIC_LOGIN_SECRET
 const callbackUrl = process.env.VITE_BACKEND_URL + '/auth/magiclogin/callback'
 const jwtOptions = {
-  expiresIn: 1000 * 60 * 120 // 120min
+  expiresIn: 60 * 120 // in seconds -> 120min
 }
 
 export default new MagicLoginStrategy.default({
diff --git a/backend/controller/authController.ts b/backend/controller/authController.ts
index 1404d4e0..d7dbfdf0 100644
--- a/backend/controller/authController.ts
+++ b/backend/controller/authController.ts
@@ -44,7 +44,10 @@ const magicloginCallbackHandler = useMagicLogin
       let redirect: any
       if (req.query.token) {
         const token = jwt.decode(req.query.token as string) as jwt.JwtPayload
-        redirect = token.redirect
+        const redirectPath = token.redirect
+        if (redirectPath && typeof redirectPath === 'string' && redirectPath.startsWith('/')) {
+          redirect = redirectPath
+        }
       }
       passport.authenticate('magiclogin', {
         failureRedirect: process.env.VITE_FRONTEND_URL + '/login' + (redirect ? '?redirect=' + redirect : '')
diff --git a/backend/mail/mail.ts b/backend/mail/mail.ts
index 9f7155ff..1143eeb6 100644
--- a/backend/mail/mail.ts
+++ b/backend/mail/mail.ts
@@ -18,33 +18,34 @@ import mailClient from './client.js'
 export async function sendMail(
   recipients: IUser[],
   subject: string,
-  paragaph: string,
+  paragraph: string,
   button: { text: string; link: string },
   lastParagraph: string,
   authenticateLink = true
 ) {
   for (let i = 0; i < recipients.length; i++) {
     const language = recipients[i].settings.language
-    if (authenticateLink && recipients[i].fk.magiclogin && button.link.startsWith(process.env.VITE_FRONTEND_URL)) {
-      button.link = await genAuthenticatedLink({
+    const recipientButton = { ...button }
+    if (authenticateLink && recipients[i].fk.magiclogin && recipientButton.link.startsWith(process.env.VITE_FRONTEND_URL)) {
+      recipientButton.link = await genAuthenticatedLink({
         destination: recipients[i].fk.magiclogin!,
-        redirect: button.link.substring(process.env.VITE_FRONTEND_URL.length)
+        redirect: recipientButton.link.substring(process.env.VITE_FRONTEND_URL.length)
       })
     }
-    _sendMail(recipients[i], subject, paragaph, button, lastParagraph, language)
+    _sendMail(recipients[i], subject, paragraph, recipientButton, lastParagraph, language)
   }
 }
 
 function _sendMail(
   recipient: IUser,
   subject: string,
-  paragaph: string,
+  paragraph: string,
   button: { text: string; link: string },
   lastParagraph: string,
   language: Locale
 ) {
   if (mailClient == undefined) {
-    return false
+    return
   }
   const salutation = i18n.t('mail.hiX', { lng: language, X: recipient.name.givenName })
   const regards = i18n.t('mail.regards', { lng: language })
@@ -56,7 +57,7 @@ function _sendMail(
   const template = fs.readFileSync('./templates/mail.ejs', { encoding: 'utf-8' })
   const renderedHTML = ejs.render(template, {
     salutation,
-    paragaph,
+    paragraph,
     button,
     lastParagraph,
     regards,
@@ -65,7 +66,7 @@ function _sendMail(
   const plainText =
     salutation +
     '\n\n' +
-    paragaph +
+    paragraph +
     '\n\n' +
     button.text +
     ': ' +
diff --git a/backend/templates/mail.ejs b/backend/templates/mail.ejs
index 0463eac1..06ddc8c6 100644
--- a/backend/templates/mail.ejs
+++ b/backend/templates/mail.ejs
@@ -349,7 +349,7 @@
                     <tr>
                       <td>
                         <p><%= salutation %></p>
-                        <p><%= paragaph %></p>
+                        <p><%= paragraph %></p>
                         <table role="presentation" border="0" cellpadding="0" cellspacing="0" class="btn btn-primary">
                           <tbody>
                             <tr>