로그인 후 리다이렉트를 검증된 상대경로로 고정, NextAuth 계산 URL은 로그로 기록
This commit is contained in:
@@ -4,6 +4,7 @@ import { AuthError } from "next-auth";
|
|||||||
import { redirect } from "next/navigation";
|
import { redirect } from "next/navigation";
|
||||||
|
|
||||||
import { signIn } from "@/auth";
|
import { signIn } from "@/auth";
|
||||||
|
import { logger } from "@/lib/logger";
|
||||||
|
|
||||||
function sanitizeCallbackUrl(raw: string): string {
|
function sanitizeCallbackUrl(raw: string): string {
|
||||||
try {
|
try {
|
||||||
@@ -21,11 +22,17 @@ export async function loginAction(formData: FormData) {
|
|||||||
);
|
);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
await signIn("credentials", {
|
const nextAuthRedirectUrl = await signIn("credentials", {
|
||||||
adminName: formData.get("adminName"),
|
adminName: formData.get("adminName"),
|
||||||
password: formData.get("password"),
|
password: formData.get("password"),
|
||||||
|
redirect: false,
|
||||||
redirectTo: callbackUrl,
|
redirectTo: callbackUrl,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
logger.info("auth", "login redirect", {
|
||||||
|
nextAuthRedirectUrl: String(nextAuthRedirectUrl),
|
||||||
|
callbackUrl,
|
||||||
|
});
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
if (error instanceof AuthError) {
|
if (error instanceof AuthError) {
|
||||||
redirect(
|
redirect(
|
||||||
@@ -35,4 +42,6 @@ export async function loginAction(formData: FormData) {
|
|||||||
|
|
||||||
throw error;
|
throw error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
redirect(callbackUrl);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user