kunthawat/moreminimore-redesign
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Activity

fix: magic links missing root prefix (#133)

Browse Source 
* Fix magic links

* Include changeset

---------

Co-authored-by: Matt Kane <mkane@cloudflare.com>
This commit is contained in:
Justin White
2026-04-04 13:47:05 -05:00
committed by GitHub
parent 8fb4173036
commit 9269759674
8 changed files with 70 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.changeset/cuddly-bugs-hear.md Normal file
View File

@@ -0,0 +1,6 @@
---
"@emdash-cms/auth": patch
"emdash": patch
---
Fix auth links and OAuth callbacks to use `/_emdash/api/auth/...` so emailed sign-in, signup, and invite URLs resolve correctly in EmDash.

2
packages/auth/src/invite.ts
View File

@@ -68,7 +68,7 @@ export async function createInviteToken(
}); });
// Build invite URL // Build invite URL
const url = new URL("/api/auth/invite/accept", config.baseUrl); const url = new URL("/_emdash/api/auth/invite/accept", config.baseUrl);
url.searchParams.set("token", token); url.searchParams.set("token", token);
return { url: url.toString(), email }; return { url: url.toString(), email };

2
packages/auth/src/magic-link/index.ts
View File

@@ -63,7 +63,7 @@ export async function sendMagicLink(
}); });
// Build magic link URL // Build magic link URL
const url = new URL("/api/auth/magic-link/verify", config.baseUrl); const url = new URL("/_emdash/api/auth/magic-link/verify", config.baseUrl);
url.searchParams.set("token", token); url.searchParams.set("token", token);
// Send email // Send email

5
packages/auth/src/oauth/consumer.ts
View File

@@ -40,7 +40,10 @@ export async function createAuthorizationUrl(
const provider = getProvider(providerName); const provider = getProvider(providerName);
const state = generateState(); const state = generateState();
const redirectUri = `${config.baseUrl}/api/auth/oauth/${providerName}/callback`; const redirectUri = new URL(
`/_emdash/api/auth/oauth/${providerName}/callback`,
config.baseUrl,
).toString();
// Generate PKCE code verifier for providers that support it // Generate PKCE code verifier for providers that support it
const codeVerifier = generateCodeVerifier(); const codeVerifier = generateCodeVerifier();

2
packages/auth/src/signup.ts
View File

@@ -91,7 +91,7 @@ export async function requestSignup(
}); });
// Build verification URL // Build verification URL
const url = new URL("/api/auth/signup/verify", config.baseUrl); const url = new URL("/_emdash/api/auth/signup/verify", config.baseUrl);
url.searchParams.set("token", token); url.searchParams.set("token", token);
// Send email // Send email

1
packages/core/tests/unit/auth/invite.test.ts
View File

@@ -56,6 +56,7 @@ describe("Invite", () => {
expect(result.email).toBe("new@example.com"); expect(result.email).toBe("new@example.com");
expect(result.url).toContain("https://example.com"); expect(result.url).toContain("https://example.com");
expect(result.url).toContain("/_emdash/api/auth/invite/accept?token=");
expect(result.url).toMatch(TOKEN_PARAM_REGEX); expect(result.url).toMatch(TOKEN_PARAM_REGEX);
// Should NOT have a token field on the result // Should NOT have a token field on the result
expect("token" in result).toBe(false); expect("token" in result).toBe(false);

53
packages/core/tests/unit/auth/magic-link.test.ts Normal file
View File

@@ -0,0 +1,53 @@
import type { AuthAdapter, EmailSendFn } from "@emdash-cms/auth";
import type { EmailMessage } from "@emdash-cms/auth";
import { Role, sendMagicLink } from "@emdash-cms/auth";
import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
import type { Kysely } from "kysely";
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import type { Database } from "../../../src/database/types.js";
import { setupTestDatabase, teardownTestDatabase } from "../../utils/test-db.js";
describe("Magic Link", () => {
let db: Kysely<Database>;
let adapter: AuthAdapter;
let mockEmailSend: EmailSendFn & ReturnType<typeof vi.fn>;
let sentEmails: Array<EmailMessage>;
beforeEach(async () => {
db = await setupTestDatabase();
adapter = createKyselyAdapter(db);
sentEmails = [];
mockEmailSend = vi.fn(async (email: EmailMessage) => {
sentEmails.push(email);
});
});
afterEach(async () => {
await teardownTestDatabase(db);
});
it("sends verify links through the injected EmDash auth route", async () => {
await adapter.createUser({
email: "author@example.com",
name: "Author",
role: Role.AUTHOR,
emailVerified: true,
});
await sendMagicLink(
{
baseUrl: "https://example.com",
siteName: "Test Site",
email: mockEmailSend,
},
adapter,
"author@example.com",
);
expect(mockEmailSend).toHaveBeenCalledOnce();
expect(sentEmails[0]!.text).toContain(
"https://example.com/_emdash/api/auth/magic-link/verify?token=",
);
});
});

3
packages/core/tests/unit/auth/signup.test.ts
View File

@@ -111,6 +111,9 @@ describe("Self-Signup", () => {
expect(mockEmailSend).toHaveBeenCalledTimes(1); expect(mockEmailSend).toHaveBeenCalledTimes(1);
expect(sentEmails[0]!.to).toBe("newuser@allowed.com"); expect(sentEmails[0]!.to).toBe("newuser@allowed.com");
expect(sentEmails[0]!.subject).toContain("Test Site"); expect(sentEmails[0]!.subject).toContain("Test Site");
expect(sentEmails[0]!.text).toContain(
"https://example.com/_emdash/api/auth/signup/verify?token=",
);
expect(sentEmails[0]!.text).toContain("verify"); expect(sentEmails[0]!.text).toContain("verify");
}); });