fix: correct Theia ForwardAuth redirect loop

Two issues: 1. ForwardAuth redirect used x-forwarded-host which Traefik sets to vibnai.com (the auth service host), not theia.vibnai.com. Now hardcodes THEIA_URL as the callbackUrl destination. 2. /auth page ignored callbackUrl and always sent users to /marks-account/projects. Now follows callbackUrl when it points to theia.vibnai.com, so users land in the IDE after login. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-18 18:17:16 -08:00
parent 8e0d9090be
commit 1146d8d129
2 changed files with 14 additions and 13 deletions
--- a/app/auth/page.tsx
+++ b/app/auth/page.tsx
@@ -1,20 +1,26 @@
 "use client";

 import { useSession } from "next-auth/react";
-import { useRouter } from "next/navigation";
+import { useRouter, useSearchParams } from "next/navigation";
 import { useEffect } from "react";
 import NextAuthComponent from "@/app/components/NextAuthComponent";

 export default function AuthPage() {
  const { data: session, status } = useSession();
  const router = useRouter();
+  const searchParams = useSearchParams();

  useEffect(() => {
-    // Redirect if already authenticated
    if (status === "authenticated") {
-      router.push("/marks-account/projects");
+      const callbackUrl = searchParams.get("callbackUrl");
+      // Only follow external callbackUrls we control (Theia subdomain)
+      if (callbackUrl && callbackUrl.startsWith("https://theia.vibnai.com")) {
+        window.location.href = callbackUrl;
+      } else {
+        router.push("/marks-account/projects");
+      }
    }
-  }, [status, router]);
+  }, [status, router, searchParams]);

  if (status === "loading") {
    return (