scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
daf765f3d5106d0d3eb1e8e32aa0b0a0cf2375e6
web/apps/scandic-web/app/[lang]/(live)/(public)/verifymagiclink/route.ts
Joakim Jäderberg daf765f3d5 Merged in feature/wrap-logging (pull request #2511) 
Feature/wrap logging

* feat: change all logging to go through our own logger function so that we can control log levels

* move packages/trpc to using our own logger

* merge


Approved-by: Linus Flood
2025-07-03 12:37:04 +00:00

114 lines
3.4 KiB
TypeScript
Raw Blame History

import { type NextRequest, NextResponse } from "next/server"
import { AuthError } from "next-auth"
import { logger } from "@scandic-hotels/common/logger"
import { badRequest, internalServerError } from "@/server/errors/next"
import { getPublicURL } from "@/server/utils"
import { signIn } from "@/auth"
import type { Lang } from "@scandic-hotels/common/constants/language"
export async function GET(
request: NextRequest,
context: { params: Promise<{ lang: Lang }> }
) {
const publicURL = getPublicURL(request)
const loginKey = request.nextUrl.searchParams.get("loginKey")
if (!loginKey) {
logger.debug(
`[verifymagiclink] missing required loginKey, aborting bad request`
)
return badRequest()
}
let redirectTo: string
logger.debug(`[verifymagiclink] verifying callback`)
const redirectToCookieValue = request.cookies.get(
"magicLinkRedirectTo"
)?.value // Set redirect url from the magicLinkRedirect Cookie which is set when intiating login
const redirectToFallback = "/"
logger.debug(
`[verifymagiclink] magicLinkRedirectTo cookie value: ${redirectToCookieValue}`
)
redirectTo = redirectToCookieValue || redirectToFallback
// Make relative URL to absolute URL
if (redirectTo.startsWith("/")) {
logger.debug(
`[verifymagiclink] make redirectTo absolute, from ${redirectTo}`
)
redirectTo = new URL(redirectTo, publicURL).href
logger.debug(`[verifymagiclink] make redirectTo absolute, to ${redirectTo}`)
}
// Update Seamless login url as Magic link login has a different authenticator in Curity
redirectTo = redirectTo.replace("updatelogin", "updateloginemail")
// https://scandichotels.atlassian.net/browse/SW-2506
// Encode the returnUrl which is passed as search parameter to the old web.
// Use of substring because creating URL object and using searchParams causes partial param retrival
const returnUrl = redirectTo.substring(redirectTo.indexOf("returnurl=") + 10)
redirectTo = redirectTo.replace(
/returnurl.*/gi,
"returnurl=" + encodeURIComponent(returnUrl)
)
try {
logger.debug(`[verifymagiclink] final redirectUrl: ${redirectTo}`)
const params = await context.params
/**
* Passing `redirect: false` to `signIn` will return the URL instead of
* automatically redirecting to it inside of `signIn`.
* https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
*/
const redirectUrl = await signIn(
"curity",
{
redirectTo,
redirect: false,
},
{
ui_locales: params.lang,
scope: [
"openid",
"profile",
"booking",
"availability",
"profile_link",
"profile_matchtier",
"profile_point_transfer",
].join(" "),
loginKey: loginKey,
for_origin: publicURL,
acr_values: "urn:com:scandichotels:scandic-email",
version: "2",
}
)
if (redirectUrl) {
logger.debug(`[verifymagiclink] redirecting to: ${redirectUrl}`)
return NextResponse.redirect(redirectUrl)
} else {
logger.error(
`[verifymagiclink] missing redirectUrl reponse from signIn()`
)
}
} catch (error) {
if (error instanceof AuthError) {
logger.error("signInAuthError", { signInAuthError: error })
} else {
logger.error("signInError", { signInError: error })
}
}
return internalServerError()
}
Reference in New Issue View Git Blame Copy Permalink