fix: improve auth handling and logging

2024-08-22 13:39:06 +02:00
parent 71d93864dd
commit a33a69fb58
15 changed files with 174 additions and 84 deletions
--- a/app/[lang]/(live)/(public)/login/route.ts
+++ b/app/[lang]/(live)/(public)/login/route.ts
@@ -11,6 +11,10 @@ export async function GET(
  request: NextRequest,
  context: { params: { lang: Lang } }
 ) {
+  if (!env.PUBLIC_URL) {
+    throw internalServerError("No value for env.PUBLIC_URL")
+  }
+
  let redirectHeaders: Headers | undefined = undefined
  let redirectTo: string

@@ -20,10 +24,6 @@ export async function GET(
  const isSeamlessMagicLink =
    request.headers.get("x-login-source") === "seamless-magiclink"

-  if (!env.PUBLIC_URL) {
-    throw internalServerError("No value for env.PUBLIC_URL")
-  }
-
  console.log(
    `[login] source: ${request.headers.get("x-login-source") || "normal"}`
  )
@@ -32,6 +32,7 @@ export async function GET(
  const redirectToSearchParamValue =
    request.nextUrl.searchParams.get("redirectTo")
  const redirectToFallback = "/"
+
  console.log(`[login] redirectTo cookie value: ${redirectToCookieValue}`)
  console.log(
    `[login] redirectTo search param value: ${redirectToSearchParamValue}`
@@ -104,20 +105,16 @@ export async function GET(
      )
    } catch (e) {
      console.error(
-        "Unable to create URL for seamless login, proceeding without it."
+        "[login] unable to create URL for seamless login, proceeding without it.",
+        e
      )
-      console.error(e)
    }
  }

  try {
-    /**
-     * Passing `redirect: false` to `signIn` will return the URL instead of
-     * automatically redirecting to it inside of `signIn`.
-     * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
-     */
    console.log(`[login] final redirectUrl: ${redirectTo}`)
    console.log({ login_env: process.env })
+
    /** Record<string, any> is next-auth typings */
    const params: Record<string, any> = {
      ui_locales: context.params.lang,
@@ -152,6 +149,11 @@ export async function GET(
      params.acr_values = "abc"
    }
    params.scope = params.scope.join(" ")
+    /**
+     * Passing `redirect: false` to `signIn` will return the URL instead of
+     * automatically redirecting to it inside of `signIn`.
+     * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
+     */
    const redirectUrl = await signIn(
      "curity",
      {
@@ -162,9 +164,13 @@ export async function GET(
    )

    if (redirectUrl) {
-      return NextResponse.redirect(redirectUrl, {
+      const redirectOpts = {
        headers: redirectHeaders,
-      })
+      }
+      console.log(`[login] redirecting to: ${redirectUrl}`, redirectOpts)
+      return NextResponse.redirect(redirectUrl, redirectOpts)
+    } else {
+      console.error(`[login] missing redirectUrl reponse from signIn()`)
    }
  } catch (error) {
    if (error instanceof AuthError) {
--- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts
+++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts
@@ -12,39 +12,54 @@ export async function GET(
  request: NextRequest,
  context: { params: { lang: Lang } }
 ) {
-  let redirectTo: string
-
-  // Set redirect url from the magicLinkRedirect Cookie which is set when intiating login
-  redirectTo =
-    request.cookies.get("magicLinkRedirectTo")?.value ||
-    "/" + context.params.lang
-
  if (!env.PUBLIC_URL) {
    throw internalServerError("No value for env.PUBLIC_URL")
  }

+  const loginKey = request.nextUrl.searchParams.get("loginKey")
+  if (!loginKey) {
+    console.log(
+      `[verifymagiclink] missing required loginKey, aborting bad request`
+    )
+    return badRequest()
+  }
+
+  let redirectTo: string
+
+  console.log(`[verifymagiclink] verifying callback`)
+
+  const redirectToCookieValue = request.cookies.get(
+    "magicLinkRedirectTo"
+  )?.value // Set redirect url from the magicLinkRedirect Cookie which is set when intiating login
+  const redirectToFallback = "/"
+
+  console.log(
+    `[verifymagiclink] magicLinkRedirectTo cookie value: ${redirectToCookieValue}`
+  )
+
+  redirectTo = redirectToCookieValue || redirectToFallback
+
  // Make relative URL to absolute URL
  if (redirectTo.startsWith("/")) {
+    console.log(
+      `[verifymagiclink] make redirectTo absolute, from ${redirectTo}`
+    )
    redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
+    console.log(`[verifymagiclink] make redirectTo absolute, to ${redirectTo}`)
  }

  // Update Seamless login url as Magic link login has a different authenticator in Curity
  redirectTo = redirectTo.replace("updatelogin", "updateloginemail")

-  const loginKey = request.nextUrl.searchParams.get("loginKey")
-
-  if (!loginKey) {
-    return badRequest()
-  }
-
  try {
+    console.log(`[verifymagiclink] final redirectUrl: ${redirectTo}`)
+
    /**
     * Passing `redirect: false` to `signIn` will return the URL instead of
     * automatically redirecting to it inside of `signIn`.
     * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
     */
-    console.log({ login_redirectTo: redirectTo })
-    let redirectUrl = await signIn(
+    const redirectUrl = await signIn(
      "curity",
      {
        redirectTo,
@@ -61,7 +76,12 @@ export async function GET(
    )

    if (redirectUrl) {
+      console.log(`[verifymagiclink] redirecting to: ${redirectUrl}`)
      return NextResponse.redirect(redirectUrl)
+    } else {
+      console.error(
+        `[verifymagiclink] missing redirectUrl reponse from signIn()`
+      )
    }
  } catch (error) {
    if (error instanceof AuthError) {