From 60f8a8702835326fcda80cc830d26e2bc7798290 Mon Sep 17 00:00:00 2001
From: Till Tomczak <till.tmk@gmail.com>
Date: Tue, 1 Apr 2025 15:37:39 +0200
Subject: [PATCH] Fix GitHub OAuth callback type errors completely
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add USED_CALLBACK_URL export to fix type error
- Update the callback route to use the exported URL
- Enhance update-package.js to fix all OAuth-related issues

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../src/app/auth/login/callback/route.ts      |  6 +-
 .../src/server/auth/oauth.ts                  |  5 +-
 .../reservation-platform/update-package.js    | 88 +++++++++++++++----
 3 files changed, 78 insertions(+), 21 deletions(-)

diff --git a/packages/reservation-platform/src/app/auth/login/callback/route.ts b/packages/reservation-platform/src/app/auth/login/callback/route.ts
index b57c0c5..ea30b80 100644
--- a/packages/reservation-platform/src/app/auth/login/callback/route.ts
+++ b/packages/reservation-platform/src/app/auth/login/callback/route.ts
@@ -1,6 +1,6 @@
 import { lucia } from "@/server/auth";
-import { type GitHubUserResult, github, isValidCallbackHost } from "@/server/auth/oauth";
-import { ALLOWED_CALLBACK_HOSTS, OAUTH_CALLBACK_URL } from "@/utils/api-config";
+import { type GitHubUserResult, github, isValidCallbackHost, USED_CALLBACK_URL } from "@/server/auth/oauth";
+import { ALLOWED_CALLBACK_HOSTS } from "@/utils/api-config";
 import { db } from "@/server/db";
 import { users } from "@/server/db/schema";
 import { OAuth2RequestError } from "arctic";
@@ -45,7 +45,7 @@ export async function GET(request: Request): Promise<Response> {
 		const tokens = await github.validateAuthorizationCode(code);
 		
 		// Log zur Fehlersuche
-		console.log("GitHub OAuth Token-Validierung erfolgreich");
+		console.log(`GitHub OAuth Token-Validierung erfolgreich, verwendete Callback-URL: ${USED_CALLBACK_URL}`);
 		
 		const githubUserResponse = await fetch("https://git.i.mercedes-benz.com/api/v3/user", {
 			headers: {
diff --git a/packages/reservation-platform/src/server/auth/oauth.ts b/packages/reservation-platform/src/server/auth/oauth.ts
index d878203..b0ad368 100644
--- a/packages/reservation-platform/src/server/auth/oauth.ts
+++ b/packages/reservation-platform/src/server/auth/oauth.ts
@@ -21,13 +21,16 @@ const getCallbackUrl = () => {
   return OAUTH_CALLBACK_URL;
 };
 
+// Berechne die Callback-URL
+export const USED_CALLBACK_URL = getCallbackUrl();
+
 // Erstelle GitHub OAuth-Client mit expliziter Redirect-URI
 export const github = new GitHub(
   process.env.OAUTH_CLIENT_ID as string, 
   process.env.OAUTH_CLIENT_SECRET as string, 
   {
     enterpriseDomain: "https://git.i.mercedes-benz.com",
-    redirectURI: getCallbackUrl(),
+    redirectURI: USED_CALLBACK_URL,
   }
 );
 
diff --git a/packages/reservation-platform/update-package.js b/packages/reservation-platform/update-package.js
index 47f4de4..71c00cd 100755
--- a/packages/reservation-platform/update-package.js
+++ b/packages/reservation-platform/update-package.js
@@ -10,31 +10,85 @@
 const fs = require('fs');
 const path = require('path');
 
-// Pfad zur OAuth-Callback-Route
+// Pfad zur OAuth-Callback-Route und OAuth-Konfiguration
 const callbackRoutePath = path.join(__dirname, 'src/app/auth/login/callback/route.ts');
+const oauthConfigPath = path.join(__dirname, 'src/server/auth/oauth.ts');
 
-// Lese die aktuelle Datei
+// Aktualisiere die OAuth-Konfiguration
 try {
-  let content = fs.readFileSync(callbackRoutePath, 'utf8');
+  // 1. Prüfe, ob wir die USED_CALLBACK_URL exportieren müssen
+  let oauthContent = fs.readFileSync(oauthConfigPath, 'utf8');
   
-  // Prüfe, ob die Datei den fehlerhaften Code enthält
-  if (content.includes('await github.validateAuthorizationCode(code, OAUTH_CALLBACK_URL)')) {
-    console.log('✅ Aktualisiere OAuth-Callback-Route...');
+  if (!oauthContent.includes('export const USED_CALLBACK_URL')) {
+    console.log('✅ Aktualisiere OAuth-Konfiguration...');
     
-    // Ersetze den fehlerhaften Code
-    content = content.replace(
-      /await github\.validateAuthorizationCode\(code, OAUTH_CALLBACK_URL\);/g,
-      'await github.validateAuthorizationCode(code);'
-    );
-    
-    // Aktualisiere auch die Logging-Nachricht
-    content = content.replace(
-      /console\.log\(`GitHub OAuth Token-Validierung mit Callback-URL: \${OAUTH_CALLBACK_URL}\`\);/g,
-      'console.log("GitHub OAuth Token-Validierung erfolgreich");'
+    // Füge die USED_CALLBACK_URL-Export hinzu
+    oauthContent = oauthContent.replace(
+      '// Erstelle GitHub OAuth-Client mit expliziter Redirect-URI',
+      '// Berechne die Callback-URL\nexport const USED_CALLBACK_URL = getCallbackUrl();\n\n// Erstelle GitHub OAuth-Client mit expliziter Redirect-URI'
     );
     
     // Schreibe die aktualisierte Datei
-    fs.writeFileSync(callbackRoutePath, content, 'utf8');
+    fs.writeFileSync(oauthConfigPath, oauthContent, 'utf8');
+    console.log('✅ OAuth-Konfiguration erfolgreich aktualisiert.');
+  } else {
+    console.log('ℹ️ OAuth-Konfiguration ist bereits aktuell.');
+  }
+} catch (error) {
+  console.error('❌ Fehler beim Aktualisieren der OAuth-Konfiguration:', error);
+}
+
+// Aktualisiere die OAuth-Callback-Route
+try {
+  let callbackContent = fs.readFileSync(callbackRoutePath, 'utf8');
+  
+  // Prüfe, ob Änderungen nötig sind
+  const needsUpdate = 
+    callbackContent.includes('await github.validateAuthorizationCode(code, OAUTH_CALLBACK_URL)') || 
+    !callbackContent.includes('USED_CALLBACK_URL');
+  
+  if (needsUpdate) {
+    console.log('✅ Aktualisiere OAuth-Callback-Route...');
+    
+    // 1. Aktualisiere den Import
+    if (!callbackContent.includes('USED_CALLBACK_URL')) {
+      callbackContent = callbackContent.replace(
+        'import { type GitHubUserResult, github, isValidCallbackHost } from "@/server/auth/oauth";',
+        'import { type GitHubUserResult, github, isValidCallbackHost, USED_CALLBACK_URL } from "@/server/auth/oauth";'
+      );
+      
+      // Entferne den OAUTH_CALLBACK_URL-Import, wenn er nicht mehr benötigt wird
+      if (callbackContent.includes('OAUTH_CALLBACK_URL')) {
+        callbackContent = callbackContent.replace(
+          ', OAUTH_CALLBACK_URL } from "@/utils/api-config"',
+          ' } from "@/utils/api-config"'
+        );
+      }
+    }
+    
+    // 2. Korrigiere die validateAuthorizationCode-Funktion
+    if (callbackContent.includes('await github.validateAuthorizationCode(code, OAUTH_CALLBACK_URL)')) {
+      callbackContent = callbackContent.replace(
+        'await github.validateAuthorizationCode(code, OAUTH_CALLBACK_URL)',
+        'await github.validateAuthorizationCode(code)'
+      );
+    }
+    
+    // 3. Aktualisiere die Logging-Nachricht
+    if (callbackContent.includes('console.log(`GitHub OAuth Token-Validierung mit Callback-URL: ${OAUTH_CALLBACK_URL}`)')) {
+      callbackContent = callbackContent.replace(
+        'console.log(`GitHub OAuth Token-Validierung mit Callback-URL: ${OAUTH_CALLBACK_URL}`)',
+        'console.log(`GitHub OAuth Token-Validierung erfolgreich, verwendete Callback-URL: ${USED_CALLBACK_URL}`)'
+      );
+    } else if (callbackContent.includes('console.log("GitHub OAuth Token-Validierung erfolgreich")')) {
+      callbackContent = callbackContent.replace(
+        'console.log("GitHub OAuth Token-Validierung erfolgreich")',
+        'console.log(`GitHub OAuth Token-Validierung erfolgreich, verwendete Callback-URL: ${USED_CALLBACK_URL}`)'
+      );
+    }
+    
+    // Schreibe die aktualisierte Datei
+    fs.writeFileSync(callbackRoutePath, callbackContent, 'utf8');
     console.log('✅ OAuth-Callback-Route erfolgreich aktualisiert.');
   } else {
     console.log('ℹ️ OAuth-Callback-Route ist bereits aktuell.');