akanealw
99819b70ff
Some checks failed
Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled
Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled
Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled
Tests / test (push) Has been cancelled
38 lines
1.1 KiB
TypeScript
Executable File
38 lines
1.1 KiB
TypeScript
Executable File
import { NextRequest, NextResponse } from "next/server";
|
|
import { redeemExchangeCode } from "@/src/lib/models/forward-auth";
|
|
|
|
const COOKIE_NAME = "_cpm_fa";
|
|
const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days
|
|
|
|
/**
|
|
* Forward auth callback — redeems an exchange code and sets the session cookie.
|
|
* Caddy routes /.cpm-auth/callback on proxied domains to this endpoint.
|
|
*/
|
|
export async function GET(request: NextRequest) {
|
|
const code = request.nextUrl.searchParams.get("code");
|
|
if (!code) {
|
|
return new NextResponse("Missing code parameter", { status: 400 });
|
|
}
|
|
|
|
const result = await redeemExchangeCode(code);
|
|
if (!result) {
|
|
return new NextResponse(
|
|
"Invalid or expired authorization code. Please try logging in again.",
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
// Redirect back to original URL with the session cookie set
|
|
const response = NextResponse.redirect(result.redirectUri, 302);
|
|
|
|
response.cookies.set(COOKIE_NAME, result.rawSessionToken, {
|
|
path: "/",
|
|
httpOnly: true,
|
|
secure: true,
|
|
sameSite: "lax",
|
|
maxAge: COOKIE_MAX_AGE
|
|
});
|
|
|
|
return response;
|
|
}
|