refactor: extract validateCallbackUrl to shared util, evict stale MX cache entries on lookup

waleedlatif1 · waleedlatif1 · commit 730c9ae34ef1 · 2026-03-19T13:41:48.000-07:00
diff --git a/apps/sim/app/(auth)/login/login-form.tsx b/apps/sim/app/(auth)/login/login-form.tsx
@@ -15,6 +15,7 @@ import {
   ModalHeader,
 } from '@/components/emcn'
 import { client } from '@/lib/auth/auth-client'
+import { validateCallbackUrl } from '@/lib/auth/validate-callback-url'
 import { getEnv, isFalsy, isTruthy } from '@/lib/core/config/env'
 import { cn } from '@/lib/core/utils/cn'
 import { getBaseUrl } from '@/lib/core/utils/urls'
@@ -53,24 +54,6 @@ const PASSWORD_VALIDATIONS = {
   },
 }
 
-const validateCallbackUrl = (url: string): boolean => {
-  try {
-    if (url.startsWith('/')) {
-      return true
-    }
-
-    const currentOrigin = typeof window !== 'undefined' ? window.location.origin : ''
-    if (url.startsWith(currentOrigin)) {
-      return true
-    }
-
-    return false
-  } catch (error) {
-    logger.error('Error validating callback URL:', { error, url })
-    return false
-  }
-}
-
 const validatePassword = (passwordValue: string): string[] => {
   const errors: string[] = []
 
diff --git a/apps/sim/ee/sso/components/sso-form.tsx b/apps/sim/ee/sso/components/sso-form.tsx
@@ -6,6 +6,7 @@ import Link from 'next/link'
 import { useRouter, useSearchParams } from 'next/navigation'
 import { Button, Input, Label } from '@/components/emcn'
 import { client } from '@/lib/auth/auth-client'
+import { validateCallbackUrl } from '@/lib/auth/validate-callback-url'
 import { env, isFalsy } from '@/lib/core/config/env'
 import { cn } from '@/lib/core/utils/cn'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
@@ -29,24 +30,6 @@ const validateEmailField = (emailValue: string): string[] => {
   return errors
 }
 
-const validateCallbackUrl = (url: string): boolean => {
-  try {
-    if (url.startsWith('/')) {
-      return true
-    }
-
-    const currentOrigin = typeof window !== 'undefined' ? window.location.origin : ''
-    if (url.startsWith(currentOrigin)) {
-      return true
-    }
-
-    return false
-  } catch (error) {
-    logger.error('Error validating callback URL:', { error, url })
-    return false
-  }
-}
-
 export default function SSOForm() {
   const router = useRouter()
   const searchParams = useSearchParams()
diff --git a/apps/sim/lib/auth/validate-callback-url.ts b/apps/sim/lib/auth/validate-callback-url.ts
@@ -0,0 +1,21 @@
+import { createLogger } from '@sim/logger'
+
+const logger = createLogger('ValidateCallbackUrl')
+
+/**
+ * Returns true if the URL is safe to redirect to after authentication.
+ * Accepts relative paths and absolute URLs matching the current origin.
+ */
+export function validateCallbackUrl(url: string): boolean {
+  try {
+    if (url.startsWith('/')) return true
+
+    const currentOrigin = typeof window !== 'undefined' ? window.location.origin : ''
+    if (url.startsWith(currentOrigin)) return true
+
+    return false
+  } catch (error) {
+    logger.error('Error validating callback URL:', { error, url })
+    return false
+  }
+}
diff --git a/apps/sim/lib/messaging/email/validation.ts b/apps/sim/lib/messaging/email/validation.ts
@@ -132,7 +132,10 @@ export async function isDisposableMxBackend(email: string): Promise<boolean> {
 
   const now = Date.now()
   const cached = mxCache.get(domain)
-  if (cached && cached.expires > now) return cached.result
+  if (cached) {
+    if (cached.expires > now) return cached.result
+    mxCache.delete(domain)
+  }
 
   let timeoutId: ReturnType<typeof setTimeout> | undefined
   try {
