fix(auth): Implement trusted origin handling for authentication requests

src/app/api/auth/[...nextauth]/route.ts

@@ -1,3 +1,23 @@
 import { handlers } from '@/auth';
+import { NextRequest } from 'next/server';
 
-export const { GET, POST } = handlers;
+const reqWithTrustedOrigin = (req: NextRequest): NextRequest => {
+    if (process.env.AUTH_TRUST_HOST !== 'true') return req;
+    const proto = req.headers.get('x-forwarded-proto');
+    const host = req.headers.get('x-forwarded-host');
+    if (!proto || !host) {
+        console.warn('Missing x-forwarded-proto or x-forwarded-host headers.');
+        return req;
+    }
+    const envOrigin = `${proto}://${host}`;
+    const { href, origin } = req.nextUrl;
+    return new NextRequest(href.replace(origin, envOrigin), req);
+};
+
+export const GET = (req: NextRequest) => {
+    return handlers.GET(reqWithTrustedOrigin(req));
+};
+
+export const POST = (req: NextRequest) => {
+    return handlers.POST(reqWithTrustedOrigin(req));
+};

src/components/Header/components/SignInJoin.tsx

@@ -1,14 +1,11 @@
-import { env } from '@/env.mjs';
 import { signIn } from 'next-auth/react';
 import Link from 'next/link';
 import Button from '../../Button';
 
 export function SignInJoin() {
-    const redirectUri = `${env.NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI}?registered`;
-    const authUrl = `${env.NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER}/protocol/openid-connect/auth?response_type=code&client_id=website&redirect_uri=${redirectUri}&scope=openid+profile+email`;
     return (
         <>
-            <Button colour="orange" href={authUrl}>
+            <Button colour="orange" onClick={() => signIn('keycloak')}>
                 Sign In
             </Button>
             <Button colour="purple" href="/join">