Fix WebDAV discovery

Also fix stricter SSO providers which require the paths to match in `redirect_uri`.

Probably fixes #66

lib/models/oidc.ts

@@ -21,15 +21,15 @@ interface OidcJwtIdToken extends Record<string, string | undefined> {
   sub?: string;
 }
 
+const redirectUrlPath = '/oidc/callback';
+
 export class OidcModel {
   static async getSignInUrl(
     {
       requestPermissions,
-      redirectUrlPath = '/oidc/callback',
       extraState = {},
     }: {
       requestPermissions: string[];
-      redirectUrlPath?: string;
       extraState?: OidcExtraState;
     },
   ): Promise<string> {
@@ -154,7 +154,7 @@ export class OidcModel {
 
     const tokens = await openIdClient.authorizationCodeGrant(
       oidcConfig,
-      new URL(`${baseUrl}?${urlSearchParams.toString()}`),
+      new URL(`${baseUrl}${redirectUrlPath}?${urlSearchParams.toString()}`),
       {
         pkceCodeVerifier: expectedCodeVerifier,
         expectedState,

routes/_middleware.tsx

@@ -5,7 +5,9 @@ import { getDataFromRequest } from '/lib/auth.ts';
 
 export const handler = [
   async function handleCors(request: Request, context: FreshContext<FreshContextState>) {
-    if (request.method == 'OPTIONS') {
+    const path = new URL(request.url).pathname;
+
+    if (request.method == 'OPTIONS' && path !== '/dav' && !path.startsWith('/dav/')) {
       const response = new Response(null, {
         status: 204,
       });