jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: wrong redirect url for oidc requests #1909 (#2149)

Browse Source 
* fix: wrong redirect url for oidc requests #1909

* fix: login not working with https
This commit is contained in:
Meier Lukas
2024-10-16 16:47:21 +02:00
committed by GitHub
parent d4765c1e7f
commit 6469aa2350
5 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example
View File

@@ -4,8 +4,7 @@ DATABASE_URL="file:./database/db.sqlite"
# You can generate a new secret on the command line with: # You can generate a new secret on the command line with:
# openssl rand -base64 32 # openssl rand -base64 32
# https://next-auth.js.org/configuration/options#secret # https://next-auth.js.org/configuration/options#secret
NEXTAUTH_URL="http://localhost:3000" AUTH_TRUST_HOST="true"
NEXTAUTH_SECRET="anything" NEXTAUTH_SECRET="anything"
# Disable analytics # Disable analytics

2
Dockerfile
View File

@@ -52,7 +52,7 @@ EXPOSE $PORT
ENV PORT=${PORT} ENV PORT=${PORT}
ENV DATABASE_URL "file:/data/db.sqlite" ENV DATABASE_URL "file:/data/db.sqlite"
ENV NEXTAUTH_URL "http://localhost:7575" ENV AUTH_TRUST_HOST="true"
ENV PORT 7575 ENV PORT 7575
ENV NEXTAUTH_SECRET NOT_IN_USE_BECAUSE_JWTS_ARE_UNUSED ENV NEXTAUTH_SECRET NOT_IN_USE_BECAUSE_JWTS_ARE_UNUSED

2
package.json
View File

@@ -11,7 +11,7 @@
"dev": "next dev", "dev": "next dev",
"build": "NEXTAUTH_SECRET=WILL_BE_OVERWRITTEN next build", "build": "NEXTAUTH_SECRET=WILL_BE_OVERWRITTEN next build",
"analyze": "ANALYZE=true next build", "analyze": "ANALYZE=true next build",
"turbo": "DATABASE_URL=file:WILL_BE_OVERWRITTEN.sqlite NEXTAUTH_URL=http://WILL_BE_OVERWRITTEN turbo build", "turbo": "DATABASE_URL=file:WILL_BE_OVERWRITTEN.sqlite turbo build",
"start": "next start", "start": "next start",
"typecheck": "tsc --noEmit", "typecheck": "tsc --noEmit",
"export": "next build && next export", "export": "next build && next export",

8
src/env.js
View File

@@ -37,13 +37,6 @@ const env = createEnv({
DATABASE_URL: z.string().url().default('file:../database/db.sqlite'), DATABASE_URL: z.string().url().default('file:../database/db.sqlite'),
NEXTAUTH_SECRET: NEXTAUTH_SECRET:
process.env.NODE_ENV === 'production' ? z.string().min(1) : z.string().min(1).optional(), process.env.NODE_ENV === 'production' ? z.string().min(1) : z.string().min(1).optional(),
NEXTAUTH_URL: z.preprocess(
// This makes Vercel deployments not fail if you don't set NEXTAUTH_URL
// Since NextAuth.js automatically uses the VERCEL_URL if present.
(str) => process.env.VERCEL_URL ?? str,
// VERCEL_URL doesn't include `https` so it cant be validated as a URL
process.env.VERCEL ? z.string().min(1) : z.string().url()
),
DOCKER_HOST: z.string().optional(), DOCKER_HOST: z.string().optional(),
DOCKER_PORT: portSchema, DOCKER_PORT: portSchema,
DEMO_MODE: z.string().optional(), DEMO_MODE: z.string().optional(),
@@ -136,7 +129,6 @@ const env = createEnv({
runtimeEnv: { runtimeEnv: {
DATABASE_URL: process.env.DATABASE_URL, DATABASE_URL: process.env.DATABASE_URL,
NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET, NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
NEXTAUTH_URL: process.env.NEXTAUTH_URL,
NEXT_PUBLIC_DISABLE_ANALYTICS: process.env.DISABLE_ANALYTICS, NEXT_PUBLIC_DISABLE_ANALYTICS: process.env.DISABLE_ANALYTICS,
DOCKER_HOST: process.env.DOCKER_HOST, DOCKER_HOST: process.env.DOCKER_HOST,
DOCKER_PORT: process.env.DOCKER_PORT, DOCKER_PORT: process.env.DOCKER_PORT,

11
src/server/auth.ts
View File

@@ -106,6 +106,17 @@ export const constructAuthOptions = async (
}, },
adapter: adapter as Adapter, adapter: adapter as Adapter,
providers: [...(await getProviders(req.headers)), EmptyNextAuthProvider()], providers: [...(await getProviders(req.headers)), EmptyNextAuthProvider()],
cookies: {
sessionToken: {
name: 'next-auth.session-token',
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: true,
},
},
},
jwt: { jwt: {
async encode(params) { async encode(params) {
if (!isCredentialsRequest(req)) { if (!isCredentialsRequest(req)) {