From 290d5b0ff21adebc663e65f2f853f604ef2461f7 Mon Sep 17 00:00:00 2001
From: Till Tomczak <till.tmk@gmail.com>
Date: Tue, 1 Apr 2025 14:06:29 +0200
Subject: [PATCH] Verbessere OAuth-Konfiguration mit zentraler Callback-URL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Füge zentralen API-Konfigurationsmodul mit OAUTH_CALLBACK_URL hinzu
- Verwende konstante OAUTH_CALLBACK_URL in allen OAuth-Komponenten
- Vereinfache Code durch Entfernung von doppelter URL-Konstruktion
- Verbessere Logging für OAuth-Debugging
- Stelle Konsistenz zwischen API-Anfragen und OAuth-Validierung sicher

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../src/app/auth/login/callback/route.ts      |  9 +++---
 .../src/app/auth/login/route.ts               |  9 +++---
 .../src/server/auth/oauth.ts                  | 28 ++++---------------
 .../src/utils/api-config.ts                   | 12 ++++++++
 4 files changed, 27 insertions(+), 31 deletions(-)

diff --git a/packages/reservation-platform/src/app/auth/login/callback/route.ts b/packages/reservation-platform/src/app/auth/login/callback/route.ts
index 1ca5f64..c9f93d0 100644
--- a/packages/reservation-platform/src/app/auth/login/callback/route.ts
+++ b/packages/reservation-platform/src/app/auth/login/callback/route.ts
@@ -1,5 +1,6 @@
 import { lucia } from "@/server/auth";
 import { type GitHubUserResult, github } from "@/server/auth/oauth";
+import { OAUTH_CALLBACK_URL } from "@/utils/api-config";
 import { db } from "@/server/db";
 import { users } from "@/server/db/schema";
 import { OAuth2RequestError } from "arctic";
@@ -34,11 +35,11 @@ export async function GET(request: Request): Promise<Response> {
 	}
 
 	try {
-		// Explizit die redirect_uri übergeben, um Konsistenz zu gewährleisten
-		const callbackUrl = new URL("/auth/login/callback", process.env.NEXT_PUBLIC_FRONTEND_URL || "http://localhost:3000").toString();
+		// Verwende die zentral definierte Callback-URL für konsistente Validierung
+		const tokens = await github.validateAuthorizationCode(code, OAUTH_CALLBACK_URL);
 		
-		// Übergabe der redirect_uri bei der Token-Validierung
-		const tokens = await github.validateAuthorizationCode(code, callbackUrl);
+		// Log zur Fehlersuche
+		console.log(`GitHub OAuth Token-Validierung mit Callback-URL: ${OAUTH_CALLBACK_URL}`);
 		
 		const githubUserResponse = await fetch("https://git.i.mercedes-benz.com/api/v3/user", {
 			headers: {
diff --git a/packages/reservation-platform/src/app/auth/login/route.ts b/packages/reservation-platform/src/app/auth/login/route.ts
index c7973f0..642335f 100644
--- a/packages/reservation-platform/src/app/auth/login/route.ts
+++ b/packages/reservation-platform/src/app/auth/login/route.ts
@@ -1,4 +1,5 @@
 import { github } from "@/server/auth/oauth";
+import { OAUTH_CALLBACK_URL } from "@/utils/api-config";
 import { generateState } from "arctic";
 import { cookies } from "next/headers";
 
@@ -7,12 +8,10 @@ export const dynamic = "force-dynamic";
 export async function GET(): Promise<Response> {
 	const state = generateState();
 	
-	// Explizit die redirect_uri übergeben, um Konsistenz zu gewährleisten
-	const callbackUrl = new URL("/auth/login/callback", process.env.NEXT_PUBLIC_FRONTEND_URL || "http://localhost:3000").toString();
-	
+	// Verwende die zentral definierte Callback-URL
 	const url = await github.createAuthorizationURL(state, {
 		scopes: ["user"],
-		redirectURI: callbackUrl,
+		redirectURI: OAUTH_CALLBACK_URL,
 	});
 	const ONE_HOUR = 60 * 60;
 
@@ -26,7 +25,7 @@ export async function GET(): Promise<Response> {
 
 	// Log zur Fehlersuche
 	console.log(`GitHub OAuth redirect zu: ${url.toString()}`);
-	console.log(`Verwendete Callback-URL: ${callbackUrl}`);
+	console.log(`Verwendete Callback-URL: ${OAUTH_CALLBACK_URL}`);
 
 	return Response.redirect(url);
 }
diff --git a/packages/reservation-platform/src/server/auth/oauth.ts b/packages/reservation-platform/src/server/auth/oauth.ts
index 8146f03..8aec7cd 100644
--- a/packages/reservation-platform/src/server/auth/oauth.ts
+++ b/packages/reservation-platform/src/server/auth/oauth.ts
@@ -1,30 +1,14 @@
 import { GitHub } from "arctic";
+import { FRONTEND_URL, OAUTH_CALLBACK_URL } from "@/utils/api-config";
 
-// Bestimme die Callback-URL basierend auf der NEXT_PUBLIC_API_URL für das Backend
-// und dem Standardport 3000 für das Frontend
+// Bestimme die Callback-URL basierend auf der Frontend-URL
 const getCallbackUrl = () => {
-  // Extrahiere die Basis-URL (Hostname) aus der Backend-URL, falls vorhanden
-  let baseUrl = "http://localhost:3000";
-  
-  try {
-    const apiUrlEnv = process.env.NEXT_PUBLIC_API_URL;
-    
-    if (apiUrlEnv) {
-      // Wenn wir eine Backend-URL haben, extrahieren wir nur den Hostname-Teil für das Frontend
-      const apiUrl = new URL(apiUrlEnv);
-      const hostname = apiUrl.hostname;
-      
-      // Verwende den Hostname, aber mit Frontend-Port 3000
-      baseUrl = `http://${hostname}:3000`;
-    }
-  } catch (error) {
-    console.error("Fehler beim Parsen der API-URL:", error);
-    // Fallback auf localhost
-  }
-  
-  return `${baseUrl}/auth/login/callback`;
+  console.log("Frontend URL:", FRONTEND_URL);
+  console.log("Verwende OAuth Callback URL:", OAUTH_CALLBACK_URL);
+  return OAUTH_CALLBACK_URL;
 };
 
+// Erstelle GitHub OAuth-Client mit expliziter Redirect-URI
 export const github = new GitHub(
   process.env.OAUTH_CLIENT_ID as string, 
   process.env.OAUTH_CLIENT_SECRET as string, 
diff --git a/packages/reservation-platform/src/utils/api-config.ts b/packages/reservation-platform/src/utils/api-config.ts
index 528b003..a5e1351 100644
--- a/packages/reservation-platform/src/utils/api-config.ts
+++ b/packages/reservation-platform/src/utils/api-config.ts
@@ -1,9 +1,21 @@
 // Basis-URL für Backend-API
 export const API_BASE_URL = process.env.NEXT_PUBLIC_API_URL || "http://192.168.0.105:5000";
 
+// Frontendurl für Callbacks
+export const FRONTEND_URL = process.env.NEXT_PUBLIC_FRONTEND_URL || "http://localhost:3000";
+
+// OAuth Callback URL
+export const OAUTH_CALLBACK_URL = `${FRONTEND_URL}/auth/login/callback`;
+
 // Endpunkte für die verschiedenen Ressourcen
 export const API_ENDPOINTS = {
   PRINTERS: `${API_BASE_URL}/api/printers`,
   JOBS: `${API_BASE_URL}/api/jobs`,
   USERS: `${API_BASE_URL}/api/users`,
+  
+  // OAuth-spezifische Endpunkte
+  AUTH: {
+    LOGIN: `${API_BASE_URL}/api/auth/login`,
+    CALLBACK: `${API_BASE_URL}/api/auth/callback`,
+  }
 };
\ No newline at end of file