fix: use getServerSession instead of getToken in theia-auth

next-auth/jwt subpath import causes Next.js to silently drop the route from the standalone build output. Switch to getServerSession which is used by all other working API routes. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-18 15:28:22 -08:00
parent 4e6fcbc566
commit b9baefed0b
1 changed files with 11 additions and 15 deletions
--- a/app/api/theia-auth/route.ts
+++ b/app/api/theia-auth/route.ts
@@ -5,31 +5,29 @@
 *
 * Traefik calls this URL for every request to the Theia IDE, forwarding
 * the user's Cookie header via authRequestHeaders. We validate the
- * NextAuth session token and return:
+ * NextAuth session and return:
 *   200  — session valid, Traefik lets the request through
 *   302  — no session, redirect browser to Vibn login
 */

 import { NextRequest, NextResponse } from 'next/server';
-import { getToken } from 'next-auth/jwt';
+import { getServerSession } from 'next-auth';
+import { authOptions } from '@/lib/auth/authOptions';

 const APP_URL = process.env.NEXTAUTH_URL ?? 'https://vibnai.com';
 const THEIA_URL = 'https://theia.vibnai.com';

 export async function GET(request: NextRequest) {
-  let token: Awaited<ReturnType<typeof getToken>> = null;
+  let session: Awaited<ReturnType<typeof getServerSession>> = null;

  try {
-    token = await getToken({
-      req: request,
-      secret: process.env.NEXTAUTH_SECRET,
-    });
+    session = await getServerSession(authOptions);
  } catch {
-    // If token validation throws, treat as unauthenticated
+    // Treat any session-validation errors as unauthenticated
  }

-  if (!token) {
-    // Build a callbackUrl so after login the user lands back in Theia
+  if (!session?.user) {
+    // Build a callbackUrl so the user lands back in Theia after login
    const forwardedHost = request.headers.get('x-forwarded-host');
    const forwardedProto = request.headers.get('x-forwarded-proto') ?? 'https';
    const forwardedUri = request.headers.get('x-forwarded-uri') ?? '/';
@@ -43,14 +41,12 @@ export async function GET(request: NextRequest) {
    return NextResponse.redirect(loginUrl, { status: 302 });
  }

-  // Session is valid — pass user identity to Theia via response headers
-  // (Traefik forwards these to the upstream if authResponseHeaders is set)
+  // Session is valid — forward user identity to Theia via response headers
  return new NextResponse(null, {
    status: 200,
    headers: {
-      'X-Auth-User': token.sub ?? '',
-      'X-Auth-Email': (token.email as string) ?? '',
-      'X-Auth-Name': (token.name as string) ?? '',
+      'X-Auth-Email': session.user.email ?? '',
+      'X-Auth-Name': session.user.name ?? '',
    },
  });
 }