"use server"; import { AuthError } from "next-auth"; import { redirect } from "next/navigation"; import { signIn } from "@/auth"; import { logger } from "@/lib/logger"; function sanitizeCallbackUrl(raw: string): string { try { const parsed = new URL(raw, "http://x"); if (parsed.origin !== "http://x") return "/"; } catch { return "/"; } return raw.startsWith("/") ? raw : "/"; } export async function loginAction(formData: FormData) { const callbackUrl = sanitizeCallbackUrl( String(formData.get("callbackUrl") ?? "/") ); try { const nextAuthRedirectUrl = await signIn("credentials", { adminName: formData.get("adminName"), password: formData.get("password"), redirect: false, redirectTo: callbackUrl, }); logger.info("auth", "login redirect", { nextAuthRedirectUrl: String(nextAuthRedirectUrl), callbackUrl, }); } catch (error) { if (error instanceof AuthError) { redirect( `/login?error=CredentialsSignin&callbackUrl=${encodeURIComponent(callbackUrl)}` ); } throw error; } redirect(callbackUrl); }