feat(WEB-132): add middlewares, support for seamless login and improve lang based routes

auth.ts

@@ -19,6 +19,12 @@ const customProvider = {
     url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
     params: {
       scope: ["openid"],
+      /**
+       * The `acr_values` param is used to make Curity display the proper login
+       * page for Scandic. Without the parameter Curity presents some choices
+       * to the user which we do not want.
+       */
+      acr_values: "acr",
     },
   },
   token: {
@@ -39,10 +45,6 @@ const customProvider = {
 } satisfies OIDCConfig<User>
 
 export const config = {
-  // basePath: "/api/auth",
-  // pages: {
-  //   signIn: "/auth/login",
-  // },
   providers: [customProvider],
   redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL,
   trustHost: true,
@@ -72,19 +74,27 @@ export const config = {
           },
         }
       }
+
       return session
     },
     async redirect({ baseUrl, url }) {
-      console.log("****** REDIRECT *******")
-      console.log({ baseUrl })
-      console.log({ url })
-      console.log("****** END - REDIRECT *******")
-      // Allows relative callback URLs
       if (url.startsWith("/")) {
+        // Allows relative callback URLs
         return `${baseUrl}${url}`
-      } else if (new URL(url).origin === baseUrl) {
-        // Allows callback URLs on the same origin
-        return url
+      } else {
+        // Assume absolute URL
+        try {
+          const parsedUrl = new URL(url)
+          if (parsedUrl.hostname.endsWith(".scandichotels.com")) {
+            // Allows **.scandichotels.com
+            return url
+          } else if (parsedUrl.origin === baseUrl) {
+            // Allows callback URLs on the same origin
+            return url
+          }
+        } catch (e) {
+          console.error(e)
+        }
       }
       return baseUrl
     },