# 基于 state 参数端口分发的 OAuth2 回调配置

# # 1. 端口白名单映射（只允许指定端口）
# map $arg_state $target_port {
#     default "";
#     ~^login(51703)_ 51703;
#     ~^login(51704)_ 51704;
#     ~^login(51705)_ 51705;
#     ~^login(51706)_ 51706;
#     ~^login(51707)_ 51707;
#     ~^login(51708)_ 51708;
# }

# # 2. 统一回调入口，根据 state 分发到对应端口
# server {
#     listen 80;
#     server_name 10.79.97.17;

#     location /callback {
#         # 未匹配到允许端口直接返回 400
#         if ($target_port = "") {
#             return 400 "Invalid or unsupported state/port";
#         }

#         # 反向代理到本地对应端口的 /callback
#         proxy_pass http://10.79.97.17:$target_port/callback$is_args$args;
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header X-Forwarded-Proto $scheme;
#     }
# }