From be5f6a55c5c72ffa8ff48327b5eadd798cd1bb2c Mon Sep 17 00:00:00 2001
From: le king fu <lekingfu@protonmail.com>
Date: Fri, 10 Apr 2026 14:43:18 -0400
Subject: [PATCH] fix: URL-decode auth code + replace Mutex unwrap with map_err

- extract_auth_code now URL-decodes the code parameter to handle
  percent-encoded characters from the OAuth provider
- Replace Mutex::lock().unwrap() with .lock().map_err() in start_oauth
  and handle_auth_callback to avoid panics on poisoned mutex

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src-tauri/src/commands/auth_commands.rs | 4 ++--
 src-tauri/src/lib.rs                    | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src-tauri/src/commands/auth_commands.rs b/src-tauri/src/commands/auth_commands.rs
index e9cabcf..67c1152 100644
--- a/src-tauri/src/commands/auth_commands.rs
+++ b/src-tauri/src/commands/auth_commands.rs
@@ -136,7 +136,7 @@ pub fn start_oauth(app: tauri::AppHandle) -> Result<String, String> {
 
     // Store verifier in managed state
     let state = app.state::<OAuthState>();
-    *state.code_verifier.lock().unwrap() = Some(verifier);
+    *state.code_verifier.lock().map_err(|e| format!("Mutex poisoned: {}", e))? = Some(verifier);
 
     let endpoint = logto_endpoint();
     let client_id = logto_app_id();
@@ -157,7 +157,7 @@ pub fn start_oauth(app: tauri::AppHandle) -> Result<String, String> {
 pub async fn handle_auth_callback(app: tauri::AppHandle, code: String) -> Result<AccountInfo, String> {
     let verifier = {
         let state = app.state::<OAuthState>();
-        let verifier = state.code_verifier.lock().unwrap().take();
+        let verifier = state.code_verifier.lock().map_err(|e| format!("Mutex poisoned: {}", e))?.take();
         verifier.ok_or("No pending OAuth flow (verifier missing)")?
     };
 
diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs
index ec58338..e433c47 100644
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -178,7 +178,9 @@ fn extract_auth_code(url: &str) -> Option<String> {
     for pair in query.split('&') {
         let mut kv = pair.splitn(2, '=');
         if kv.next()? == "code" {
-            return kv.next().map(|v| v.to_string());
+            return kv.next().map(|v| {
+                urlencoding::decode(v).map(|s| s.into_owned()).unwrap_or_else(|_| v.to_string())
+            });
         }
     }
     None