mark/vibn-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use getServerSession instead of getToken in theia-auth

Browse Source 
next-auth/jwt subpath import causes Next.js to silently drop the
route from the standalone build output. Switch to getServerSession
which is used by all other working API routes.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Mark Henderson
2026-02-18 15:28:22 -08:00
parent 4e6fcbc566
commit b9baefed0b
1 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/api/theia-auth/route.ts
View File

@@ -5,31 +5,29 @@
* *
* Traefik calls this URL for every request to the Theia IDE, forwarding * Traefik calls this URL for every request to the Theia IDE, forwarding
* the user's Cookie header via authRequestHeaders. We validate the * the user's Cookie header via authRequestHeaders. We validate the
* NextAuth session token and return: * NextAuth session and return:
* 200 — session valid, Traefik lets the request through * 200 — session valid, Traefik lets the request through
* 302 — no session, redirect browser to Vibn login * 302 — no session, redirect browser to Vibn login
*/ */
import { NextRequest, NextResponse } from 'next/server'; import { NextRequest, NextResponse } from 'next/server';
import { getToken } from 'next-auth/jwt'; import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth/authOptions';
const APP_URL = process.env.NEXTAUTH_URL ?? 'https://vibnai.com'; const APP_URL = process.env.NEXTAUTH_URL ?? 'https://vibnai.com';
const THEIA_URL = 'https://theia.vibnai.com'; const THEIA_URL = 'https://theia.vibnai.com';
export async function GET(request: NextRequest) { export async function GET(request: NextRequest) {
let token: Awaited<ReturnType<typeof getToken>> = null; let session: Awaited<ReturnType<typeof getServerSession>> = null;
try { try {
token = await getToken({ session = await getServerSession(authOptions);
req: request,
secret: process.env.NEXTAUTH_SECRET,
});
} catch { } catch {
// If token validation throws, treat as unauthenticated // Treat any session-validation errors as unauthenticated
} }
if (!token) { if (!session?.user) {
// Build a callbackUrl so after login the user lands back in Theia // Build a callbackUrl so the user lands back in Theia after login
const forwardedHost = request.headers.get('x-forwarded-host'); const forwardedHost = request.headers.get('x-forwarded-host');
const forwardedProto = request.headers.get('x-forwarded-proto') ?? 'https'; const forwardedProto = request.headers.get('x-forwarded-proto') ?? 'https';
const forwardedUri = request.headers.get('x-forwarded-uri') ?? '/'; const forwardedUri = request.headers.get('x-forwarded-uri') ?? '/';
@@ -43,14 +41,12 @@ export async function GET(request: NextRequest) {
return NextResponse.redirect(loginUrl, { status: 302 }); return NextResponse.redirect(loginUrl, { status: 302 });
} }
// Session is valid — pass user identity to Theia via response headers // Session is valid — forward user identity to Theia via response headers
// (Traefik forwards these to the upstream if authResponseHeaders is set)
return new NextResponse(null, { return new NextResponse(null, {
status: 200, status: 200,
headers: { headers: {
'X-Auth-User': token.sub ?? '', 'X-Auth-Email': session.user.email ?? '',
'X-Auth-Email': (token.email as string) ?? '', 'X-Auth-Name': session.user.name ?? '',
'X-Auth-Name': (token.name as string) ?? '',
}, },
}); });
} }