ilia
df865dca41
All checks were successful
CI / skip-ci-check (push) Successful in 1m25s
CI / lint-and-type-check (push) Successful in 1m50s
CI / test (push) Successful in 1m54s
CI / build (push) Successful in 1m54s
CI / secret-scanning (push) Successful in 1m26s
CI / dependency-scan (push) Successful in 1m31s
CI / sast-scan (push) Successful in 2m34s
CI / workflow-summary (push) Successful in 1m23s
# Fix authentication issues and improve developer experience ## Summary This MR fixes critical authentication issues that prevented login on localhost and improves the developer experience with consolidated rebuild scripts and a working help modal keyboard shortcut. ## Problems Fixed ### 1. Authentication Issues - **UntrustedHost Error**: NextAuth v5 was rejecting localhost requests with "UntrustedHost: Host must be trusted" error - **Cookie Prefix Errors**: Cookies were being set with `__Host-` and `__Secure-` prefixes on HTTP (localhost), causing browser rejection - **MissingCSRF Error**: CSRF token cookies were not being set correctly due to cookie configuration issues ### 2. Help Modal Keyboard Shortcut - **Shift+? not working**: The help modal keyboard shortcut was not detecting the question mark key correctly ### 3. Developer Experience - **Multiple rebuild scripts**: Had several overlapping rebuild scripts that were confusing - **Unused code**: Removed unused `useSecureCookies` variable and misleading comments ## Changes Made ### Authentication Fixes (`lib/auth.ts`) - Set `trustHost: true` to fix UntrustedHost error (required for NextAuth v5) - Added explicit cookie configuration for HTTP (localhost) to prevent prefix errors: - Cookies use `secure: false` for HTTP - Cookie names without prefixes for HTTP - Let Auth.js defaults handle HTTPS (with prefixes and Secure flag) - Removed unused `useSecureCookies` variable - Simplified debug logging ### Help Modal Fix (`components/HelpModal.tsx`) - Fixed keyboard shortcut detection to properly handle Shift+? (Shift+/) - Updated help text to show correct shortcut (Shift+? instead of Ctrl+?) ### Developer Scripts - **Consolidated rebuild scripts**: Merged `CLEAN_REBUILD.sh`, `FIX_AND_RESTART.sh`, and `start-server.sh` into single `rebuild.sh` - **Added REBUILD.md**: Documentation for rebuild process - Removed redundant script files ### Code Cleanup - Removed unused `useSecureCookies` variable from `lib/auth.ts` - Removed misleading comment from `app/api/auth/[...nextauth]/route.ts` - Cleaned up verbose debug logging ## Technical Details ### Cookie Configuration The fix works by explicitly configuring cookies for HTTP environments: - **HTTP (localhost)**: Cookies without prefixes, `secure: false` - **HTTPS (production)**: Let Auth.js defaults handle (prefixes + Secure flag) This prevents NextAuth v5 from auto-detecting HTTPS from proxy headers and incorrectly adding cookie prefixes. ### Keyboard Shortcut The question mark key requires Shift+/ on most keyboards. The fix now properly detects: - `event.shiftKey && event.key === "/"` - `event.key === "?"` (fallback) - `event.code === "Slash" && event.shiftKey` (additional fallback) ## Testing - ✅ Login works on localhost (http://localhost:3000) - ✅ No cookie prefix errors in browser console - ✅ No UntrustedHost errors in server logs - ✅ Help modal opens/closes with Shift+? - ✅ Rebuild script works in both dev and prod modes ## Files Changed ### Modified - `lib/auth.ts` - Authentication configuration fixes - `components/HelpModal.tsx` - Keyboard shortcut fix - `app/api/auth/[...nextauth]/route.ts` - Removed misleading comment ### Added - `rebuild.sh` - Consolidated rebuild script - `REBUILD.md` - Rebuild documentation ## Migration Notes No database migrations or environment variable changes required. The fix works with existing configuration. ## Related Issues Fixes authentication issues preventing local development and testing. Reviewed-on: #5
79 lines
2.1 KiB
TypeScript
79 lines
2.1 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server"
|
|
import { auth } from "@/lib/auth"
|
|
import { prisma } from "@/lib/prisma"
|
|
import { logger } from "@/lib/logger"
|
|
import { unlink } from "fs/promises"
|
|
import { join } from "path"
|
|
import { existsSync } from "fs"
|
|
|
|
// Mark this route as dynamic to prevent build-time data collection
|
|
export const dynamic = "force-dynamic"
|
|
|
|
export async function DELETE(
|
|
req: NextRequest,
|
|
{ params }: { params: Promise<{ photoId: string }> }
|
|
) {
|
|
try {
|
|
const session = await auth()
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
|
|
}
|
|
|
|
// Only admins can delete photos
|
|
if (session.user.role !== "ADMIN") {
|
|
return NextResponse.json(
|
|
{ error: "Only admins can delete photos" },
|
|
{ status: 403 }
|
|
)
|
|
}
|
|
|
|
const { photoId } = await params
|
|
|
|
// Find the photo
|
|
const photo = await prisma.photo.findUnique({
|
|
where: { id: photoId },
|
|
})
|
|
|
|
if (!photo) {
|
|
return NextResponse.json({ error: "Photo not found" }, { status: 404 })
|
|
}
|
|
|
|
// Delete all guesses associated with this photo first
|
|
await prisma.guess.deleteMany({
|
|
where: { photoId: photoId },
|
|
})
|
|
|
|
// Delete the photo file if it's a local upload (starts with /uploads/)
|
|
if (photo.url.startsWith("/uploads/")) {
|
|
const filepath = join(process.cwd(), "public", photo.url)
|
|
if (existsSync(filepath)) {
|
|
try {
|
|
await unlink(filepath)
|
|
} catch (error) {
|
|
logger.error("Failed to delete file", {
|
|
filepath,
|
|
error: error instanceof Error ? error : new Error(String(error)),
|
|
})
|
|
// Continue with database deletion even if file deletion fails
|
|
}
|
|
}
|
|
}
|
|
|
|
// Delete the photo
|
|
await prisma.photo.delete({
|
|
where: { id: photoId },
|
|
})
|
|
|
|
return NextResponse.json({ success: true, message: "Photo deleted successfully" })
|
|
} catch (error) {
|
|
logger.error("Error deleting photo", {
|
|
error: error instanceof Error ? error : new Error(String(error)),
|
|
})
|
|
return NextResponse.json(
|
|
{ error: "Internal server error" },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|