From b9baefed0bfc7e36efcfb6994df444cbf1c863ba Mon Sep 17 00:00:00 2001
From: Mark Henderson <mark@getacquired.com>
Date: Wed, 18 Feb 2026 15:28:22 -0800
Subject: [PATCH] fix: use getServerSession instead of getToken in theia-auth

next-auth/jwt subpath import causes Next.js to silently drop the
route from the standalone build output. Switch to getServerSession
which is used by all other working API routes.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 app/api/theia-auth/route.ts | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/app/api/theia-auth/route.ts b/app/api/theia-auth/route.ts
index d070bbe..1e5d14b 100644
--- a/app/api/theia-auth/route.ts
+++ b/app/api/theia-auth/route.ts
@@ -5,31 +5,29 @@
  *
  * Traefik calls this URL for every request to the Theia IDE, forwarding
  * the user's Cookie header via authRequestHeaders. We validate the
- * NextAuth session token and return:
+ * NextAuth session and return:
  *   200  — session valid, Traefik lets the request through
  *   302  — no session, redirect browser to Vibn login
  */
 
 import { NextRequest, NextResponse } from 'next/server';
-import { getToken } from 'next-auth/jwt';
+import { getServerSession } from 'next-auth';
+import { authOptions } from '@/lib/auth/authOptions';
 
 const APP_URL = process.env.NEXTAUTH_URL ?? 'https://vibnai.com';
 const THEIA_URL = 'https://theia.vibnai.com';
 
 export async function GET(request: NextRequest) {
-  let token: Awaited<ReturnType<typeof getToken>> = null;
+  let session: Awaited<ReturnType<typeof getServerSession>> = null;
 
   try {
-    token = await getToken({
-      req: request,
-      secret: process.env.NEXTAUTH_SECRET,
-    });
+    session = await getServerSession(authOptions);
   } catch {
-    // If token validation throws, treat as unauthenticated
+    // Treat any session-validation errors as unauthenticated
   }
 
-  if (!token) {
-    // Build a callbackUrl so after login the user lands back in Theia
+  if (!session?.user) {
+    // Build a callbackUrl so the user lands back in Theia after login
     const forwardedHost = request.headers.get('x-forwarded-host');
     const forwardedProto = request.headers.get('x-forwarded-proto') ?? 'https';
     const forwardedUri = request.headers.get('x-forwarded-uri') ?? '/';
@@ -43,14 +41,12 @@ export async function GET(request: NextRequest) {
     return NextResponse.redirect(loginUrl, { status: 302 });
   }
 
-  // Session is valid — pass user identity to Theia via response headers
-  // (Traefik forwards these to the upstream if authResponseHeaders is set)
+  // Session is valid — forward user identity to Theia via response headers
   return new NextResponse(null, {
     status: 200,
     headers: {
-      'X-Auth-User': token.sub ?? '',
-      'X-Auth-Email': (token.email as string) ?? '',
-      'X-Auth-Name': (token.name as string) ?? '',
+      'X-Auth-Email': session.user.email ?? '',
+      'X-Auth-Name': session.user.name ?? '',
     },
   });
 }