scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4a05dae0bbfe81faba91be6022eab277413e1b4
web/apps/scandic-web/app/[lang]/(live)/(public)/verifymagiclink/route.ts
Hrishikesh Vaipurkar 287a9ad6a3 Merged in fix/SW-2506-login-with-verification-link- (pull request #2316) 
fix: SW-2506 Booking flow login with magic link fix

* fix: SW-2506 Booking flow login with magic link fix


Approved-by: Michael Zetterberg
2025-06-10 10:54:30 +00:00

111 lines
3.3 KiB
TypeScript
Raw Blame History

import { type NextRequest, NextResponse } from "next/server"
import { AuthError } from "next-auth"
import { badRequest, internalServerError } from "@/server/errors/next"
import { getPublicURL } from "@/server/utils"
import { signIn } from "@/auth"
import type { Lang } from "@/constants/languages"
export async function GET(
request: NextRequest,
context: { params: Promise<{ lang: Lang }> }
) {
const publicURL = getPublicURL(request)
const loginKey = request.nextUrl.searchParams.get("loginKey")
if (!loginKey) {
console.log(
`[verifymagiclink] missing required loginKey, aborting bad request`
)
return badRequest()
}
let redirectTo: string
console.log(`[verifymagiclink] verifying callback`)
const redirectToCookieValue = request.cookies.get(
"magicLinkRedirectTo"
)?.value // Set redirect url from the magicLinkRedirect Cookie which is set when intiating login
const redirectToFallback = "/"
console.log(
`[verifymagiclink] magicLinkRedirectTo cookie value: ${redirectToCookieValue}`
)
redirectTo = redirectToCookieValue || redirectToFallback
// Make relative URL to absolute URL
if (redirectTo.startsWith("/")) {
console.log(
`[verifymagiclink] make redirectTo absolute, from ${redirectTo}`
)
redirectTo = new URL(redirectTo, publicURL).href
console.log(`[verifymagiclink] make redirectTo absolute, to ${redirectTo}`)
}
// Update Seamless login url as Magic link login has a different authenticator in Curity
redirectTo = redirectTo.replace("updatelogin", "updateloginemail")
// https://scandichotels.atlassian.net/browse/SW-2506
// Encode the returnUrl which is passed as search parameter to the old web.
// Use of substring because creating URL object and using searchParams causes partial param retrival
const returnUrl = redirectTo.substring(redirectTo.indexOf("returnurl=") + 10)
redirectTo = redirectTo.replace(
/returnurl.*/gi,
"returnurl=" + encodeURIComponent(returnUrl)
)
try {
console.log(`[verifymagiclink] final redirectUrl: ${redirectTo}`)
const params = await context.params
/**
* Passing `redirect: false` to `signIn` will return the URL instead of
* automatically redirecting to it inside of `signIn`.
* https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
*/
const redirectUrl = await signIn(
"curity",
{
redirectTo,
redirect: false,
},
{
ui_locales: params.lang,
scope: [
"openid",
"profile",
"booking",
"availability",
"profile_link",
"profile_matchtier",
].join(" "),
loginKey: loginKey,
for_origin: publicURL,
acr_values: "urn:com:scandichotels:scandic-email",
version: "2",
}
)
if (redirectUrl) {
console.log(`[verifymagiclink] redirecting to: ${redirectUrl}`)
return NextResponse.redirect(redirectUrl)
} else {
console.error(
`[verifymagiclink] missing redirectUrl reponse from signIn()`
)
}
} catch (error) {
if (error instanceof AuthError) {
console.error({ signInAuthError: error })
} else {
console.error({ signInError: error })
}
}
return internalServerError()
}
Reference in New Issue View Git Blame Copy Permalink