returnUrl: joinUrl()

in src/server/lib/middleware/login.ts [61:87]

• 18 lines of code
• 7 McCabe index (conditional complexity)

				returnUrl: joinUrl(profileUrl, req.path),
			}),
		);
	}

	// 1. Check if the reader has a valid access token and id token.
	// This does not mean that the current reader is definitely signed in, so we have to perform additional checks.
	const accessTokenCookie = getOAuthTokenCookie(req, 'GU_ACCESS_TOKEN');
	const idTokenCookie = getOAuthTokenCookie(req, 'GU_ID_TOKEN');

	if (accessTokenCookie && idTokenCookie) {
		trackMetric('LoginMiddlewareOAuth::HasOAuthTokens');
		const accessToken = await verifyAccessToken(accessTokenCookie);
		const idToken = await verifyIdToken(idTokenCookie);

		if (
			// check access token is valid
			accessToken &&
			// check that the id token is valid
			idToken &&
			// check that the access token is not expired
			!accessToken.isExpired() &&
			// check that the scopes are all the ones we expect
			accessToken.claims.scp?.every((scope) =>
				scopesForApplication.includes(scope as Scopes),
			)
		) {