ilia/mirror_match
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mirror_match/next.config.ts
ilia df865dca41
All checks were successful
CI / skip-ci-check (push) Successful in 1m25s
Details
CI / lint-and-type-check (push) Successful in 1m50s
Details
CI / test (push) Successful in 1m54s
Details
CI / build (push) Successful in 1m54s
Details
CI / secret-scanning (push) Successful in 1m26s
Details
CI / dependency-scan (push) Successful in 1m31s
Details
CI / sast-scan (push) Successful in 2m34s
Details
CI / workflow-summary (push) Successful in 1m23s
Details
This MR fixes critical authentication issues that prevented login on localhost and improves the developer experience with consolidated rebuild scripts and a working help modal keyboard shortcut. (#5) 
# Fix authentication issues and improve developer experience

## Summary

This MR fixes critical authentication issues that prevented login on localhost and improves the developer experience with consolidated rebuild scripts and a working help modal keyboard shortcut.

## Problems Fixed

### 1. Authentication Issues
- **UntrustedHost Error**: NextAuth v5 was rejecting localhost requests with "UntrustedHost: Host must be trusted" error
- **Cookie Prefix Errors**: Cookies were being set with `__Host-` and `__Secure-` prefixes on HTTP (localhost), causing browser rejection
- **MissingCSRF Error**: CSRF token cookies were not being set correctly due to cookie configuration issues

### 2. Help Modal Keyboard Shortcut
- **Shift+? not working**: The help modal keyboard shortcut was not detecting the question mark key correctly

### 3. Developer Experience
- **Multiple rebuild scripts**: Had several overlapping rebuild scripts that were confusing
- **Unused code**: Removed unused `useSecureCookies` variable and misleading comments

## Changes Made

### Authentication Fixes (`lib/auth.ts`)
- Set `trustHost: true` to fix UntrustedHost error (required for NextAuth v5)
- Added explicit cookie configuration for HTTP (localhost) to prevent prefix errors:
  - Cookies use `secure: false` for HTTP
  - Cookie names without prefixes for HTTP
  - Let Auth.js defaults handle HTTPS (with prefixes and Secure flag)
- Removed unused `useSecureCookies` variable
- Simplified debug logging

### Help Modal Fix (`components/HelpModal.tsx`)
- Fixed keyboard shortcut detection to properly handle Shift+? (Shift+/)
- Updated help text to show correct shortcut (Shift+? instead of Ctrl+?)

### Developer Scripts
- **Consolidated rebuild scripts**: Merged `CLEAN_REBUILD.sh`, `FIX_AND_RESTART.sh`, and `start-server.sh` into single `rebuild.sh`
- **Added REBUILD.md**: Documentation for rebuild process
- Removed redundant script files

### Code Cleanup
- Removed unused `useSecureCookies` variable from `lib/auth.ts`
- Removed misleading comment from `app/api/auth/[...nextauth]/route.ts`
- Cleaned up verbose debug logging

## Technical Details

### Cookie Configuration
The fix works by explicitly configuring cookies for HTTP environments:
- **HTTP (localhost)**: Cookies without prefixes, `secure: false`
- **HTTPS (production)**: Let Auth.js defaults handle (prefixes + Secure flag)

This prevents NextAuth v5 from auto-detecting HTTPS from proxy headers and incorrectly adding cookie prefixes.

### Keyboard Shortcut
The question mark key requires Shift+/ on most keyboards. The fix now properly detects:
- `event.shiftKey && event.key === "/"`
- `event.key === "?"` (fallback)
- `event.code === "Slash" && event.shiftKey` (additional fallback)

## Testing

-  Login works on localhost (http://localhost:3000)
-  No cookie prefix errors in browser console
-  No UntrustedHost errors in server logs
-  Help modal opens/closes with Shift+?
-  Rebuild script works in both dev and prod modes

## Files Changed

### Modified
- `lib/auth.ts` - Authentication configuration fixes
- `components/HelpModal.tsx` - Keyboard shortcut fix
- `app/api/auth/[...nextauth]/route.ts` - Removed misleading comment

### Added
- `rebuild.sh` - Consolidated rebuild script
- `REBUILD.md` - Rebuild documentation

## Migration Notes

No database migrations or environment variable changes required. The fix works with existing configuration.

## Related Issues

Fixes authentication issues preventing local development and testing.

Reviewed-on: #5
2026-01-05 19:42:46 -05:00

83 lines
2.5 KiB
TypeScript
Raw Permalink Blame History

import type { NextConfig } from "next";
/**
* Next.js Configuration
*
* Configuration decisions:
*
* 1. Image Optimization:
* - Enabled (unoptimized: false) for better performance and bandwidth usage
* - Remote patterns allow all hosts (http/https) - this is permissive but necessary
* for the photo guessing game where users may upload images from any URL.
* - Consider restricting in production if security is a concern, but this would
* limit functionality for URL-based photo uploads.
*
* 2. Turbopack Configuration:
* - Currently configured but not actively used (dev script uses --webpack flag)
* - Kept for future migration to Turbopack when stable
* - Can be removed if not planning to use Turbopack
*
* 3. Webpack Configuration:
* - Prisma client is externalized on server-side to prevent bundling issues
* - This is necessary because Prisma generates client code that shouldn't be bundled
* - Required for proper Prisma functionality in Next.js
*
* 4. Page Extensions:
* - Only processes TypeScript/JavaScript files (ts, tsx, js, jsx)
* - Prevents processing of other file types as pages
*/
const nextConfig: NextConfig = {
// Only process specific file extensions
pageExtensions: ["ts", "tsx", "js", "jsx"],
// Image optimization configuration
images: {
remotePatterns: [
{
protocol: "http",
hostname: "**",
},
{
protocol: "https",
hostname: "**",
},
],
// Enable optimization for better performance and bandwidth usage
// Note: Remote patterns are permissive to allow URL-based photo uploads
// Consider restricting in production if security is a concern
unoptimized: false,
},
// Configure Turbopack (currently not used - dev script uses --webpack)
// Kept for future migration when Turbopack is stable
// Can be removed if not planning to use Turbopack
turbopack: {
resolveExtensions: [
".tsx",
".ts",
".jsx",
".js",
".mjs",
".json",
],
rules: {
"*.md": {
loaders: [],
as: "*.txt",
},
},
},
// Webpack configuration to externalize Prisma
// Required: Prisma client must be externalized on server-side to prevent bundling issues
webpack: (config, { isServer }) => {
if (isServer) {
config.externals = config.externals || [];
config.externals.push("@prisma/client");
}
return config;
},
};
export default nextConfig;
Reference in New Issue View Git Blame Copy Permalink