feat: add utility for getting internal next url

middlewares/authRequired.ts

@@ -2,7 +2,7 @@ import { NextResponse } from "next/server"
 
 import { authRequired, mfaRequired } from "@/constants/routes/authRequired"
 import { login } from "@/constants/routes/handleAuth"
-import { getPublicNextURL } from "@/server/utils"
+import { getInternalNextURL, getPublicNextURL } from "@/server/utils"
 
 import { auth } from "@/auth"
 import { findLang } from "@/utils/languages"
@@ -37,12 +37,15 @@ import type { MiddlewareMatcher } from "@/types/middleware"
  * https://authjs.dev/reference/nextjs
  */
 export const middleware = auth(async (request) => {
-  const { nextUrl } = request
-  const lang = findLang(nextUrl.pathname)!
+  const lang = findLang(request.nextUrl.pathname)!
 
   const isLoggedIn = !!request.auth
   const hasError = request.auth?.error
 
+  // Inside auth() we need an internal request for rewrites.
+  // @see getInternalNextURL()
+  const nextUrlInternal = getInternalNextURL(request)
+
   const nextUrlPublic = getPublicNextURL(request)
 
   /**
@@ -55,13 +58,13 @@ export const middleware = auth(async (request) => {
       : false
     return !(request.auth?.token.mfa_scope && isMFATokenValid)
   }
-  const isMFAPath = mfaRequired.includes(nextUrl.pathname)
+  const isMFAPath = mfaRequired.includes(request.nextUrl.pathname)
 
   if (isLoggedIn && isMFAPath && isMFAInvalid()) {
     const headers = new Headers(request.headers)
     headers.set("x-returnurl", nextUrlPublic.href)
     headers.set("x-login-source", "mfa")
-    return NextResponse.rewrite(new URL(`/${lang}/login`, request.nextUrl), {
+    return NextResponse.rewrite(new URL(`/${lang}/login`, nextUrlInternal), {
       request: {
         headers,
       },