"use server"; import { AuthError } from "next-auth"; import { redirect } from "next/navigation"; import { signIn } from "@/auth"; function sanitizeCallbackUrl(raw: string): string { try { const parsed = new URL(raw, "http://x"); if (parsed.origin !== "http://x") return "/"; } catch { return "/"; } return raw.startsWith("/") ? raw : "/"; } export async function loginAction(formData: FormData) { const callbackUrl = sanitizeCallbackUrl( String(formData.get("callbackUrl") ?? "/") ); try { await signIn("credentials", { adminName: formData.get("adminName"), password: formData.get("password"), redirectTo: callbackUrl, }); } catch (error) { if (error instanceof AuthError) { redirect( `/login?error=CredentialsSignin&callbackUrl=${encodeURIComponent(callbackUrl)}` ); } throw error; } }