diff --git a/src/app/api/auth/[...nextauth]/route.ts b/src/app/api/auth/[...nextauth]/route.ts index 0a98352..5c589d4 100644 --- a/src/app/api/auth/[...nextauth]/route.ts +++ b/src/app/api/auth/[...nextauth]/route.ts @@ -1,3 +1,23 @@ import { handlers } from '@/auth'; +import { NextRequest } from 'next/server'; -export const { GET, POST } = handlers; +const reqWithTrustedOrigin = (req: NextRequest): NextRequest => { + if (process.env.AUTH_TRUST_HOST !== 'true') return req; + const proto = req.headers.get('x-forwarded-proto'); + const host = req.headers.get('x-forwarded-host'); + if (!proto || !host) { + console.warn('Missing x-forwarded-proto or x-forwarded-host headers.'); + return req; + } + const envOrigin = `${proto}://${host}`; + const { href, origin } = req.nextUrl; + return new NextRequest(href.replace(origin, envOrigin), req); +}; + +export const GET = (req: NextRequest) => { + return handlers.GET(reqWithTrustedOrigin(req)); +}; + +export const POST = (req: NextRequest) => { + return handlers.POST(reqWithTrustedOrigin(req)); +}; diff --git a/src/components/Header/components/SignInJoin.tsx b/src/components/Header/components/SignInJoin.tsx index 8a9b91b..2b024ab 100644 --- a/src/components/Header/components/SignInJoin.tsx +++ b/src/components/Header/components/SignInJoin.tsx @@ -1,14 +1,11 @@ -import { env } from '@/env.mjs'; import { signIn } from 'next-auth/react'; import Link from 'next/link'; import Button from '../../Button'; export function SignInJoin() { - const redirectUri = `${env.NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI}?registered`; - const authUrl = `${env.NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER}/protocol/openid-connect/auth?response_type=code&client_id=website&redirect_uri=${redirectUri}&scope=openid+profile+email`; return ( <> -