Two issues:
1. ForwardAuth redirect used x-forwarded-host which Traefik sets to
vibnai.com (the auth service host), not theia.vibnai.com. Now
hardcodes THEIA_URL as the callbackUrl destination.
2. /auth page ignored callbackUrl and always sent users to
/marks-account/projects. Now follows callbackUrl when it points
to theia.vibnai.com, so users land in the IDE after login.
Co-authored-by: Cursor <cursoragent@cursor.com>
BREAKING CHANGE: Replace SuperTokens with NextAuth.js
Why:
- SuperTokens had persistent Traefik routing issues
- SSL certificate not issuing correctly
- Complex infrastructure (separate container)
- NextAuth runs in Next.js app (simpler, no separate service)
Changes:
- Install next-auth, @auth/prisma-adapter, prisma
- Create NextAuth API route: app/api/auth/[...nextauth]/route.ts
- Add Prisma schema for NextAuth tables (users, sessions, accounts)
- Update auth page to use NextAuth signIn()
- Remove all SuperTokens code and dependencies
- Keep same Google OAuth (just simpler integration)
Benefits:
- No separate auth service needed
- No Traefik routing issues
- Sessions stored in Montreal PostgreSQL
- Simpler configuration
- Battle-tested, widely used
All authentication data stays in Montreal!
Co-authored-by: Cursor <cursoragent@cursor.com>
- Remove session check from home page (landing page doesn't need it)
- Add delayed session check in auth page to redirect logged-in users
- Handle SuperTokens not being initialized yet with proper error handling
Co-authored-by: Cursor <cursoragent@cursor.com>
