fix: correct Theia ForwardAuth redirect loop

Two issues:
1. ForwardAuth redirect used x-forwarded-host which Traefik sets to
   vibnai.com (the auth service host), not theia.vibnai.com. Now
   hardcodes THEIA_URL as the callbackUrl destination.
2. /auth page ignored callbackUrl and always sent users to
   /marks-account/projects. Now follows callbackUrl when it points
   to theia.vibnai.com, so users land in the IDE after login.

Co-authored-by: Cursor <cursoragent@cursor.com>

app/api/theia-auth/route.ts

@@ -78,14 +78,9 @@ export async function GET(request: NextRequest) {
 }
 
 function redirectToLogin(request: NextRequest): NextResponse {
-  const forwardedHost = request.headers.get('x-forwarded-host');
-  const forwardedProto = request.headers.get('x-forwarded-proto') ?? 'https';
-  const forwardedUri = request.headers.get('x-forwarded-uri') ?? '/';
-
-  const destination = forwardedHost
-    ? `${forwardedProto}://${forwardedHost}${forwardedUri}`
-    : THEIA_URL;
-
-  const loginUrl = `${APP_URL}/auth?callbackUrl=${encodeURIComponent(destination)}`;
+  // Traefik ForwardAuth sets X-Forwarded-Host to the auth service's host (vibnai.com),
+  // not the original request host (theia.vibnai.com). Use THEIA_URL directly as the
+  // destination so the user returns to Theia after logging in.
+  const loginUrl = `${APP_URL}/auth?callbackUrl=${encodeURIComponent(THEIA_URL)}`;
   return NextResponse.redirect(loginUrl, { status: 302 });
 }