import { NextRequest, NextResponse } from "next/server" import { AuthError } from "next-auth" import { Lang } from "@/constants/languages" import { env } from "@/env/server" import { internalServerError } from "@/server/errors/next" import { signIn } from "@/auth" export async function GET( request: NextRequest, context: { params: { lang: Lang } } ) { let redirectHeaders: Headers | undefined = undefined let redirectTo: string const returnUrl = request.headers.get("x-returnurl") const isMFA = request.headers.get("x-mfa-login") if (returnUrl) { // Seamless login request from Current web redirectTo = returnUrl } else { // Normal login request from New web redirectTo = request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware request.nextUrl.searchParams.get("redirectTo") || "/" // Make relative URL to absolute URL if (redirectTo.startsWith("/")) { if (!env.PUBLIC_URL) { throw internalServerError("No value for env.PUBLIC_URL") } redirectTo = new URL(redirectTo, env.PUBLIC_URL).href } // Clean up cookie from authRequired middleware redirectHeaders = new Headers() redirectHeaders.append( "set-cookie", "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax" ) try { // Initiate the seamless login flow let redirectUrlValue switch (context.params.lang) { case Lang.da: redirectUrlValue = env.SEAMLESS_LOGIN_DA break case Lang.de: redirectUrlValue = env.SEAMLESS_LOGIN_DE break case Lang.en: redirectUrlValue = env.SEAMLESS_LOGIN_EN break case Lang.fi: redirectUrlValue = env.SEAMLESS_LOGIN_FI break case Lang.no: redirectUrlValue = env.SEAMLESS_LOGIN_NO break case Lang.sv: redirectUrlValue = env.SEAMLESS_LOGIN_SV break } const redirectUrl = new URL(redirectUrlValue) redirectUrl.searchParams.set("returnurl", redirectTo) redirectTo = redirectUrl.toString() } catch (e) { console.error( "Unable to create URL for seamless login, proceeding without it." ) console.error(e) } } try { /** * Passing `redirect: false` to `signIn` will return the URL instead of * automatically redirecting to it inside of `signIn`. * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76 */ console.log({ login_NEXTAUTH_URL: process.env.NEXTAUTH_URL }) console.log({ login_env: process.env }) console.log({ login_redirectTo: redirectTo }) const params = isMFA ? { ui_locales: context.params.lang, scope: ["profile_update", "openid", "profile"].join(" "), /** * The below acr value is required as for New Web same Curity Client is used for MFA * while in current web it is being setup using different Curity Client */ acr_values: "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web", for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "", } : { ui_locales: context.params.lang, scope: ["openid", "profile"].join(" "), /** * The `acr_values` param is used to make Curity display the proper login * page for Scandic. Without the parameter Curity presents some choices * to the user which we do not want. */ acr_values: "acr", /** * The `for_origin` param is used to make Curity email login functionality working. * Without the parameter Curity gives Internal Error issue for login with Email link. */ for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "", } const redirectUrl = await signIn( "curity", { redirectTo, redirect: false, }, params ) if (redirectUrl) { // Remove nonce for User to be able to login via Magic Link, but normal login fails as nonce becomes absent in the token response // if (redirectUrl.indexOf("nonce") != -1) { // redirectUrl = redirectUrl.replace(/nonce=.*&code_challenge=/gi, "&code_challenge="); // redirectUrl = redirectUrl.replace(/&nonce=.*/gi, ""); // } return NextResponse.redirect(redirectUrl, { headers: redirectHeaders, }) } } catch (error) { if (error instanceof AuthError) { console.error({ signInAuthError: error }) } else { console.error({ signInError: error }) } } return internalServerError() }