From 9b683cefebcfd3ca3cfd896c1bf017fa63eb694d Mon Sep 17 00:00:00 2001
From: Tw93 <tw93@qq.com>
Date: Mon, 8 Dec 2025 11:46:35 +0800
Subject: [PATCH] Support multi-party login and use

---
 src-tauri/src/app/window.rs   | 42 ++++++++++++++++++++
 src-tauri/src/inject/event.js | 75 ++++++++++++++++++++++++++++++++++-
 src-tauri/tauri.conf.json     |  3 +-
 3 files changed, 118 insertions(+), 2 deletions(-)

diff --git a/src-tauri/src/app/window.rs b/src-tauri/src/app/window.rs
index 5333ad9..b621d84 100644
--- a/src-tauri/src/app/window.rs
+++ b/src-tauri/src/app/window.rs
@@ -193,5 +193,47 @@ pub fn set_window(app: &mut App, config: &PakeConfig, tauri_config: &Config) ->
         println!("Proxy configured: {}", config.proxy_url);
     }
 
+    // Allow navigation to OAuth/authentication domains
+    window_builder = window_builder.on_navigation(|url| {
+        let url_str = url.as_str();
+
+        // Always allow same-origin navigation
+        if url_str.starts_with("http://localhost") || url_str.starts_with("http://127.0.0.1") {
+            return true;
+        }
+
+        // Check for OAuth/authentication domains
+        let auth_patterns = [
+            "accounts.google.com",
+            "login.microsoftonline.com",
+            "github.com/login",
+            "appleid.apple.com",
+            "facebook.com",
+            "twitter.com",
+        ];
+
+        let auth_paths = ["/oauth/", "/auth/", "/authorize", "/login"];
+
+        // Allow if matches auth patterns
+        for pattern in &auth_patterns {
+            if url_str.contains(pattern) {
+                #[cfg(debug_assertions)]
+                println!("Allowing OAuth navigation to: {}", url_str);
+                return true;
+            }
+        }
+
+        for path in &auth_paths {
+            if url_str.contains(path) {
+                #[cfg(debug_assertions)]
+                println!("Allowing auth path navigation to: {}", url_str);
+                return true;
+            }
+        }
+
+        // Allow all other navigation by default
+        true
+    });
+
     window_builder.build().expect("Failed to build window")
 }
diff --git a/src-tauri/src/inject/event.js b/src-tauri/src/inject/event.js
index 313c9dd..cbace8e 100644
--- a/src-tauri/src/inject/event.js
+++ b/src-tauri/src/inject/event.js
@@ -394,6 +394,12 @@ document.addEventListener("DOMContentLoaded", () => {
       const absoluteUrl = hrefUrl.href;
       let filename = anchorElement.download || getFilenameFromUrl(absoluteUrl);
 
+      // Early check: Allow OAuth/authentication links to navigate naturally
+      if (isAuthLink(absoluteUrl)) {
+        console.log("[Pake] Allowing OAuth navigation to:", absoluteUrl);
+        return;
+      }
+
       // Handle _blank links: same domain navigates in-app, cross-domain opens new window
       if (target === "_blank") {
         if (forceInternalNavigation) {
@@ -474,10 +480,77 @@ document.addEventListener("DOMContentLoaded", () => {
   collectUrlToBlobs();
   detectDownloadByCreateAnchor();
 
+  // Check if URL matches OAuth/authentication patterns
+  function matchesAuthUrl(url, baseUrl = window.location.href) {
+    try {
+      const urlObj = new URL(url, baseUrl);
+      const hostname = urlObj.hostname.toLowerCase();
+      const pathname = urlObj.pathname.toLowerCase();
+      const fullUrl = urlObj.href.toLowerCase();
+
+      // Common OAuth providers and paths
+      const oauthPatterns = [
+        /accounts\.google\.com/,
+        /accounts\.google\.[a-z]+/,
+        /login\.microsoftonline\.com/,
+        /github\.com\/login/,
+        /facebook\.com\/.*\/dialog/,
+        /twitter\.com\/oauth/,
+        /appleid\.apple\.com/,
+        /\/oauth\//,
+        /\/auth\//,
+        /\/authorize/,
+        /\/login\/oauth/,
+        /\/signin/,
+        /\/login/,
+        /servicelogin/,
+        /\/o\/oauth2/,
+      ];
+
+      const isMatch = oauthPatterns.some(
+        (pattern) => pattern.test(hostname) || pattern.test(pathname) || pattern.test(fullUrl),
+      );
+
+      if (isMatch) {
+        console.log("[Pake] OAuth URL detected:", url);
+      }
+
+      return isMatch;
+    } catch (e) {
+      return false;
+    }
+  }
+
+  // Check if URL is an OAuth/authentication link
+  function isAuthLink(url) {
+    return matchesAuthUrl(url);
+  }
+
+  // Check if this is an OAuth/authentication popup
+  function isAuthPopup(url, name) {
+    // Check for known authentication window names
+    const authWindowNames = [
+      "AppleAuthentication",
+      "oauth2",
+      "oauth",
+      "google-auth",
+      "auth-popup",
+      "signin",
+      "login",
+    ];
+
+    if (authWindowNames.includes(name)) {
+      return true;
+    }
+
+    return matchesAuthUrl(url);
+  }
+
   // Rewrite the window.open function.
   const originalWindowOpen = window.open;
   window.open = function (url, name, specs) {
-    if (name === "AppleAuthentication") {
+    // Allow authentication popups to open normally
+    if (isAuthPopup(url, name)) {
       return originalWindowOpen.call(window, url, name, specs);
     }
 
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
index 9a98799..5c95e07 100644
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -10,7 +10,8 @@
       "id": "pake-tray"
     },
     "security": {
-      "headers": {}
+      "headers": {},
+      "csp": null
     }
   },
   "build": {