Prisma maps sessionToken → session_token and userId → user_id
in the PostgreSQL sessions table. The forwardAuth query was using
the wrong camelCase column names.
Co-authored-by: Cursor <cursoragent@cursor.com>
Avoid importing authOptions/PrismaClient in the forwardAuth endpoint.
Under --network host (Coolify's build flag), routes that import Prisma
at module evaluation time are silently dropped from the build output.
Instead, read the NextAuth session-token cookie directly and verify
it with a raw SQL query against the sessions table - the same pattern
used by other working API routes via @/lib/db-postgres.
Co-authored-by: Cursor <cursoragent@cursor.com>
next-auth/jwt subpath import causes Next.js to silently drop the
route from the standalone build output. Switch to getServerSession
which is used by all other working API routes.
Co-authored-by: Cursor <cursoragent@cursor.com>
NextAuth catches all /api/auth/* routes via [...nextauth] catch-all.
Move the Traefik forwardAuth endpoint to /api/theia-auth to avoid
the conflict. Traefik dynamic config updated to match.
Co-authored-by: Cursor <cursoragent@cursor.com>
POST /api/auth/theia-check validates the NextAuth session cookie
forwarded by Traefik. Returns 200 for authenticated users with
X-Auth-User/Email/Name headers, or 302 redirect to /auth for
unauthenticated requests — preserving the original Theia URL as
callbackUrl so users land back in the IDE after login.
Co-authored-by: Cursor <cursoragent@cursor.com>
- project layout.tsx: replace Firebase Admin SDK with direct Postgres
query to resolve project name; removes firebase/admin dependency
- overview page: full rewrite — fetches from /api/projects/:id, shows
Gitea repo + last commit, branch, clone URLs; deployment status badge;
open PRs and issues from contextSnapshot; recent commits list;
resources section; Open IDE button; context freshness timestamp
- projects list page: cards now show Gitea repo + last commit inline,
deploy status dot, IDE quick-link; updated empty state copy to reflect
auto-provisioning; removed Firebase imports
Co-authored-by: Cursor <cursoragent@cursor.com>
BREAKING CHANGE: Replace SuperTokens with NextAuth.js
Why:
- SuperTokens had persistent Traefik routing issues
- SSL certificate not issuing correctly
- Complex infrastructure (separate container)
- NextAuth runs in Next.js app (simpler, no separate service)
Changes:
- Install next-auth, @auth/prisma-adapter, prisma
- Create NextAuth API route: app/api/auth/[...nextauth]/route.ts
- Add Prisma schema for NextAuth tables (users, sessions, accounts)
- Update auth page to use NextAuth signIn()
- Remove all SuperTokens code and dependencies
- Keep same Google OAuth (just simpler integration)
Benefits:
- No separate auth service needed
- No Traefik routing issues
- Sessions stored in Montreal PostgreSQL
- Simpler configuration
- Battle-tested, widely used
All authentication data stays in Montreal!
Co-authored-by: Cursor <cursoragent@cursor.com>
- SuperTokens requires redirectURIOnProviderDashboard param
- Construct it from NEXT_PUBLIC_APP_URL or window.location.origin
- Properly encode the redirect URI in the query string
- Fixes 400 error: 'Please provide the redirectURIOnProviderDashboard'
Co-authored-by: Cursor <cursoragent@cursor.com>
- Delete app/page.tsx to let app/(marketing)/page.tsx be the root
- Full marketing page has Hero, Features, Pricing, etc.
- Much better for vibnai.com root domain
Co-authored-by: Cursor <cursoragent@cursor.com>
- Remove session check from home page (landing page doesn't need it)
- Add delayed session check in auth page to redirect logged-in users
- Handle SuperTokens not being initialized yet with proper error handling
Co-authored-by: Cursor <cursoragent@cursor.com>
