feat: add redirect_proxy url to handle auth in stage, test

.env.local.example

@@ -1,14 +1,18 @@
+ADOBE_SCRIPT_SRC=""
 CMS_ACCESS_TOKEN=""
 CMS_API_KEY=""
 CMS_ENVIRONMENT="development"
-CMS_URL="https://eu-graphql.contentstack.com/stacks/${CMS_API_KEY}?environment=${CMS_ENVIRONMENT}"
-CMS_PREVIEW_URL="https://graphql-preview.contentstack.com/stacks/${CMS_API_KEY}?environment=${CMS_ENVIRONMENT}"
 CMS_PREVIEW_TOKEN=""
-ADOBE_SCRIPT_SRC=""
+CMS_PREVIEW_URL=""
-REVALIDATE_SECRET=""
+CMS_URL="https://eu-graphql.contentstack.com/stacks/${CMS_API_KEY}?environment=${CMS_ENVIRONMENT}"
-DESIGN_SYSTEM_ACCESS_TOKEN=""
+CURITY_CLIENT_ID_SERVICE=""
+CURITY_CLIENT_SECRET_SERVICE=""
 CURITY_CLIENT_ID_USER=""
 CURITY_CLIENT_SECRET_USER=""
 CURITY_ISSUER_USER="https://testlogin.scandichotels.com"
+CYPRESS_BASE_URL="http://localhost:3000"
+DESIGN_SYSTEM_ACCESS_TOKEN=""
+NEXTAUTH_REDIRECT_PROXY_URL="http://localhost:3000/api/auth"
+NEXTAUTH_SECRET=""
 NEXTAUTH_URL="http://localhost:3000/api/auth"
-NEXTAUTH_SECRET="secret"
+REVALIDATE_SECRET=""

auth.ts

@@ -2,48 +2,51 @@ import NextAuth from "next-auth"
 
 import { env } from "@/env/server"
 
-import type { NextAuthConfig } from "next-auth"
+import type { NextAuthConfig, User } from "next-auth"
+import type { OIDCConfig } from "next-auth/providers"
+
+const customProvider = {
+  clientId: env.CURITY_CLIENT_ID_USER,
+  clientSecret: env.CURITY_CLIENT_SECRET_USER,
+  id: "curity",
+  name: "Curity",
+  type: "oidc",
+  // FIXME: This is incorrect. We should not hard code this.
+  //        It should be ${env.CURITY_ISSUER_USER}.
+  //        This change requires sync between Curity deploy and CurrentWeb and NewWeb.
+  issuer: "https://scandichotels.com",
+  authorization: {
+    url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
+    params: {
+      scope: ["openid"],
+    },
+  },
+  token: {
+    url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
+  },
+  userinfo: {
+    url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`,
+  },
+
+  profile(profile) {
+    console.log({ profile })
+    return {
+      id: profile.id,
+      sub: profile.sub,
+      given_name: profile.given_name,
+    }
+  },
+} satisfies OIDCConfig<User>
 
 export const config = {
-  providers: [
+  // basePath: "/api/auth",
-    {
-      id: "curity",
-      type: "oidc",
-      name: "Curity",
-      // FIXME: This is incorrect. We should not hard code this.
-      //        It should be ${env.CURITY_ISSUER_USER}.
-      //        This change requires sync between Curity deploy and CurrentWeb and NewWeb.
-      issuer: "https://scandichotels.com",
-      token: {
-        url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
-      },
-      userinfo: {
-        url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`,
-      },
-      authorization: {
-        url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
-        params: {
-          scope: ["openid"],
-        },
-      },
-      clientId: env.CURITY_CLIENT_ID_USER,
-      clientSecret: env.CURITY_CLIENT_SECRET_USER,
-
-      profile(profile: { id: string; sub: string; given_name: string }) {
-        console.log({ profile })
-        return {
-          id: profile.id,
-          sub: profile.sub,
-          given_name: profile.given_name,
-        }
-      },
-    },
-  ],
-  trustHost: true,
   // pages: {
   //   signIn: "/auth/login",
   // },
-  // basePath: "/api/auth",
+  providers: [customProvider],
+  redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL,
+  trustHost: true,
+
   session: {
     strategy: "jwt",
   },

env/server.ts

@@ -8,17 +8,20 @@ export const env = createEnv({
     CMS_ACCESS_TOKEN: z.string(),
     CMS_API_KEY: z.string(),
     CMS_ENVIRONMENT: z.enum(["development", "production", "staging", "test"]),
-    CMS_URL: z.string(),
-    CMS_PREVIEW_URL: z.string(),
     CMS_PREVIEW_TOKEN: z.string(),
-    CYPRESS_BASE_URL: z.string().default("http://127.0.0.1:3000"),
+    CMS_PREVIEW_URL: z.string(),
-    NODE_ENV: z.enum(["development", "test", "production"]),
+    CMS_URL: z.string(),
-    PRINT_QUERY: z.boolean().default(false),
-    REVALIDATE_SECRET: z.string(),
-    DESIGN_SYSTEM_ACCESS_TOKEN: z.string(),
     CURITY_CLIENT_ID_USER: z.string(),
     CURITY_CLIENT_SECRET_USER: z.string(),
     CURITY_ISSUER_USER: z.string(),
+    CYPRESS_BASE_URL: z.string().default("http://127.0.0.1:3000"),
+    DESIGN_SYSTEM_ACCESS_TOKEN: z.string(),
+    NEXTAUTH_REDIRECT_PROXY_URL: z.string().optional(),
+    NEXTAUTH_SECRET: z.string(),
+    NEXTAUTH_URL: z.string(),
+    NODE_ENV: z.enum(["development", "test", "production"]),
+    PRINT_QUERY: z.boolean().default(false),
+    REVALIDATE_SECRET: z.string(),
   },
   emptyStringAsUndefined: true,
   runtimeEnv: {
@@ -27,16 +30,19 @@ export const env = createEnv({
     CMS_ACCESS_TOKEN: process.env.CMS_ACCESS_TOKEN,
     CMS_API_KEY: process.env.CMS_API_KEY,
     CMS_ENVIRONMENT: process.env.CMS_ENVIRONMENT,
-    CMS_URL: process.env.CMS_URL,
-    CMS_PREVIEW_URL: process.env.CMS_PREVIEW_URL,
     CMS_PREVIEW_TOKEN: process.env.CMS_PREVIEW_TOKEN,
-    CYPRESS_BASE_URL: process.env.CYPRESS_TEST_URL,
+    CMS_PREVIEW_URL: process.env.CMS_PREVIEW_URL,
-    NODE_ENV: process.env.NODE_ENV,
+    CMS_URL: process.env.CMS_URL,
-    PRINT_QUERY: process.env.PRINT_QUERY,
-    REVALIDATE_SECRET: process.env.REVALIDATE_SECRET,
-    DESIGN_SYSTEM_ACCESS_TOKEN: process.env.DESIGN_SYSTEM_ACCESS_TOKEN,
     CURITY_CLIENT_ID_USER: process.env.CURITY_CLIENT_ID_USER,
     CURITY_CLIENT_SECRET_USER: process.env.CURITY_CLIENT_SECRET_USER,
     CURITY_ISSUER_USER: process.env.CURITY_ISSUER_USER,
+    CYPRESS_BASE_URL: process.env.CYPRESS_TEST_URL,
+    DESIGN_SYSTEM_ACCESS_TOKEN: process.env.DESIGN_SYSTEM_ACCESS_TOKEN,
+    NEXTAUTH_REDIRECT_PROXY_URL: process.env.NEXTAUTH_REDIRECT_PROXY_URL,
+    NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
+    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
+    NODE_ENV: process.env.NODE_ENV,
+    PRINT_QUERY: process.env.PRINT_QUERY,
+    REVALIDATE_SECRET: process.env.REVALIDATE_SECRET,
   },
 })

types/auth.d.ts

@@ -0,0 +1,29 @@
+import "next-auth"
+
+// Module augmentation
+// https://authjs.dev/getting-started/typescript#popular-interfaces-to-augment
+declare module "next-auth" {
+  /**
+   * The shape of the user object returned in the OAuth providers' `profile` callback,
+   * or the second parameter of the `session` callback, when using a database.
+   */
+  interface User {
+    given_name: string
+    sub: string
+  }
+  /**
+   * The shape of the account object returned in the OAuth providers' `account` callback,
+   * Usually contains information about the provider being used, like OAuth tokens (`access_token`, etc).
+   */
+  interface Account {}
+
+  /**
+   * Returned by `useSession`, `auth`, contains information about the active session.
+   */
+  interface Session {}
+}
+
+declare module "next-auth/jwt" {
+  /** Returned by the `jwt` callback and `auth`, when using JWT sessions */
+  interface JWT {}
+}