From 3b47daccee0300956967d93b117cffd05ac14162 Mon Sep 17 00:00:00 2001
From: wood chen <wood@czl.net>
Date: Fri, 21 Feb 2025 17:12:53 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D:=20=E5=8D=B3=E4=BD=BF?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=B2=A1=E6=9C=89=E6=8F=90=E5=89=8D=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95=E6=9C=AC=E7=B3=BB=E7=BB=9F=EF=BC=8C=E4=BB=8E=E7=AC=AC?=
 =?UTF-8?q?=E4=B8=89=E6=96=B9=E5=BA=94=E7=94=A8=E5=8F=91=E8=B5=B7=E6=8E=88?=
 =?UTF-8?q?=E6=9D=83=E8=AF=B7=E6=B1=82=E6=97=B6=E4=B9=9F=E8=83=BD=E6=AD=A3?=
 =?UTF-8?q?=E7=A1=AE=E5=AE=8C=E6=88=90=E6=95=B4=E4=B8=AA=E8=AE=A4=E8=AF=81?=
 =?UTF-8?q?=E6=B5=81=E7=A8=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                     |  2 +-
 src/app/api/auth/q58/route.ts | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 7b5279a..c69ccf1 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ Q58论坛网址: https://q58.club
 2. 未登录本系统, 未登录q58论坛, 检查: 用户在接入应用中登录, 然后登录本系统, 然后登录q58论坛, 正常一直回调到用户应用
 3. 未登录本系统, 登录了q58论坛, 检查: 用户在接入应用中登录, 然后登录本系统, 正常回调到用户应用
 
-## 用户接入本系统oauth2.0认证的方式:
+## 用户应用接入本系统oauth2.0认证的方式:
 
 1. 发起授权请求
    将用户重定向到授权页面
diff --git a/src/app/api/auth/q58/route.ts b/src/app/api/auth/q58/route.ts
index 07eb483..670bb33 100644
--- a/src/app/api/auth/q58/route.ts
+++ b/src/app/api/auth/q58/route.ts
@@ -1,4 +1,4 @@
-import { cookies } from "next/headers";
+import { cookies, headers } from "next/headers";
 import Hex from "crypto-js/enc-hex";
 import hmacSHA256 from "crypto-js/hmac-sha256";
 import WordArray from "crypto-js/lib-typedarrays";
@@ -9,9 +9,17 @@ const hostUrl = process.env.NEXT_PUBLIC_HOST_URL as string;
 const discourseHost = process.env.DISCOURSE_HOST as string;
 const clientSecret = process.env.DISCOURSE_SECRET as string;
 
-export async function POST(_req: Request) {
+export async function POST(req: Request) {
   const nonce = WordArray.random(16).toString();
-  const return_url = `${hostUrl}/authorize`;
+  const referer = headers().get("referer") || "";
+  const url = new URL(referer);
+  const searchParams = url.searchParams.toString();
+
+  // 如果是从OAuth授权页面来的，保留OAuth参数
+  const return_url = searchParams
+    ? `${hostUrl}/q58/callback?oauth=${btoa(searchParams)}`
+    : `${hostUrl}/authorize`;
+
   const sso = btoa(`nonce=${nonce}&return_sso_url=${return_url}`);
   const sig = hmacSHA256(sso, clientSecret).toString(Hex);