Description
Just a recommendation, the documentation needs to be updated to allow this to be run against a valid URL vs localhost. The .env variable should be called up specifically. In the docker-compose-full.yml when adjusting the URL for a domain https://.. you will get a Page not found immediately after using any email address to login.
Merely setting NEXTAUTH_URL and NEXT_PUBLIC_URL should be sufficient
In setting a proper URL other than localhost which would be standard for hosting the error pops up in the URL
https:///not-found?callbackUrl=%2Fproject%2F665df17d-a7d5-4318-8131-c16928fc6c77%2Ftraces
In middleware.ts, there's a configuration conflict:
Line 46: pages.signIn: '/not-found' - This is redirecting all unauthorized requests to /not-found
This conflicts with auth.ts which has pages.signIn: '/sign-in'
The middleware is making an API call to ${process.env.NEXTAUTH_URL}/api/auth to verify authorization, but this URL needs to be properly configured for production.
The auth flow appears to be:
User tries to access a protected route (/project/...)
Middleware checks authorization by calling /api/auth
If unauthorized, it redirects to /not-found instead of /sign-in
After login, it tries to redirect back but fails due to the middleware configuration
I have not performed a full code analysis yet but this is a fundamental issue that should have been caught. Likewise, why not enable the full Auth flow instead of processing just an email address.
-DB