Skip to content

Commit a1850cd

Browse files
committed
Fix auth redirects to route users into app
1 parent 07816b9 commit a1850cd

5 files changed

Lines changed: 8 additions & 29 deletions

File tree

src/app/api/auth/magic-link/route.ts

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
import { NextRequest, NextResponse } from 'next/server';
22
import { createServerClient as createSSRServerClient } from '@supabase/ssr';
33
import { checkRateLimit, AUTH_RATE_LIMITS } from '@/lib/rate-limit';
4-
import { getSiteUrlOrThrow } from '@/lib/site-url';
54

65
function getClientIP(request: NextRequest): string {
76
return (
@@ -64,17 +63,11 @@ export async function POST(request: NextRequest) {
6463
},
6564
);
6665

67-
let siteUrl: string;
68-
try {
69-
siteUrl = getSiteUrlOrThrow();
70-
} catch (error) {
71-
console.error('[magic-link] Invalid NEXT_PUBLIC_SITE_URL:', error);
72-
return NextResponse.json({ error: 'Server configuration error.' }, { status: 500 });
73-
}
66+
const siteUrl = request.nextUrl.origin;
7467

7568
const { error } = await supabase.auth.signInWithOtp({
7669
email,
77-
options: { emailRedirectTo: `${siteUrl}/auth/callback` },
70+
options: { emailRedirectTo: `${siteUrl}/auth/callback?next=/app/today` },
7871
});
7972

8073
if (error) {

src/app/api/auth/signup/route.ts

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
import { NextRequest, NextResponse } from 'next/server';
22
import { createServerClient as createSSRServerClient } from '@supabase/ssr';
33
import { checkRateLimit, AUTH_RATE_LIMITS } from '@/lib/rate-limit';
4-
import { getSiteUrlOrThrow } from '@/lib/site-url';
54

65
function getClientIP(request: NextRequest): string {
76
return (
@@ -70,13 +69,7 @@ export async function POST(request: NextRequest) {
7069
},
7170
);
7271

73-
let siteUrl: string;
74-
try {
75-
siteUrl = getSiteUrlOrThrow();
76-
} catch (error) {
77-
console.error('[signup] Invalid NEXT_PUBLIC_SITE_URL:', error);
78-
return NextResponse.json({ error: 'Server configuration error.' }, { status: 500 });
79-
}
72+
const siteUrl = request.nextUrl.origin;
8073

8174
const { error } = await supabase.auth.signUp({
8275
email,

src/app/auth/callback/route.ts

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
import { NextRequest, NextResponse } from 'next/server';
22
import { createServerClient } from '@supabase/ssr';
33
import type { CookieOptions } from '@supabase/ssr';
4-
import { getSiteUrlOrThrow } from '@/lib/site-url';
54

65
/**
76
* Validate the `next` param to prevent open-redirect attacks.
@@ -29,13 +28,7 @@ function sanitizeRedirectPath(raw: string | null, origin: string): string {
2928
export async function GET(request: NextRequest) {
3029
const { searchParams } = new URL(request.url);
3130
const code = searchParams.get('code');
32-
let siteUrl: string;
33-
try {
34-
siteUrl = getSiteUrlOrThrow();
35-
} catch (error) {
36-
console.error('[auth/callback] Invalid NEXT_PUBLIC_SITE_URL:', error);
37-
return NextResponse.json({ error: 'Server configuration error.' }, { status: 500 });
38-
}
31+
const siteUrl = request.nextUrl.origin;
3932
const next = sanitizeRedirectPath(searchParams.get('next'), siteUrl);
4033

4134
if (code) {

src/app/login/page.tsx

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -110,10 +110,10 @@ function LoginForm() {
110110
async function handleGoogleLogin() {
111111
setError('');
112112
setGoogleLoading(true);
113-
const siteUrl = process.env.NEXT_PUBLIC_SITE_URL || window.location.origin;
113+
const redirectTo = new URL('/auth/callback?next=/app/today', window.location.origin).toString();
114114
const { error } = await supabase.auth.signInWithOAuth({
115115
provider: 'google',
116-
options: { redirectTo: `${siteUrl}/auth/callback` },
116+
options: { redirectTo },
117117
});
118118
if (error) {
119119
setGoogleLoading(false);

src/app/signup/page.tsx

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -103,10 +103,10 @@ export default function SignupPage() {
103103
async function handleGoogleSignup() {
104104
setError('');
105105
setGoogleLoading(true);
106-
const siteUrl = process.env.NEXT_PUBLIC_SITE_URL || window.location.origin;
106+
const redirectTo = new URL('/auth/callback?next=/onboarding', window.location.origin).toString();
107107
const { error } = await supabase.auth.signInWithOAuth({
108108
provider: 'google',
109-
options: { redirectTo: `${siteUrl}/auth/callback?next=/onboarding` },
109+
options: { redirectTo },
110110
});
111111
if (error) {
112112
setGoogleLoading(false);

0 commit comments

Comments
 (0)