fix(auth): make auth redirects basePath-aware — stop bouncing confirmed users to the domain root#10
Merged
Conversation
…nced to domain root) (#156) Auth flow built URLs from window.location.origin and hardcoded '/', ignoring the GitHub Pages basePath. On a project-site deploy the confirmation flow therefore stranded new users at the domain root. - add getInternalUrl/getRedirectUrl to project.config (trailing-slash canonical, degrade to old strings when basePath is empty) - inject the resolved basePath into the client bundle via next.config env (deploy workflows omit NEXT_PUBLIC_BASE_PATH on purpose, so the detected value never reached client code in production) - route emailRedirectTo, OAuth redirectTo, password-reset redirectTo and all hard navigations through the helpers - guard the cross-tab SIGNED_OUT redirect so it can never hijack /auth/callback (transient SIGNED_OUT during confirmation passes the token-validity check because no token exists yet) - pin the seam with unit tests: prefixed emailRedirectTo, prefixed signOut/cross-tab redirects, and no redirect on the callback page Co-authored-by: Claude Fable 5 <noreply@anthropic.com> (cherry picked from commit e6861e6b37b18da9752cba8fddde73c44c8e24ad)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #8
Cherry-pick of the upstream template fix TortoiseWolfe/ScriptHammer#156 (upstream commit e6861e6, applied clean — the auth core here is byte-identical to the template's).
What it fixes in production: after clicking the confirmation email, new users were bounced to https://tortoisewolfe.github.io/ (the domain root, no app) instead of staying under /RescueDogs. Root cause was a template defect: every hand-built auth URL used window.location.origin or a literal '/', ignoring the basePath, and the resolved basePath never reached client code in production because the deploy workflow intentionally omits the env var. Full analysis in the upstream PR.
Verified here in the fork:
Still needed after merge (dashboard, not code — details in the issue comment on #8): Site URL and redirect allow-list on the production Supabase project (cmdhajshektesctrappl) so the prefixed callback URL is allow-listed rather than falling back to Site URL.
🤖 Generated with Claude Code