search

gladly-team / next-firebase-auth

Simple Firebase authentication for all Next.js rendering strategies
https://nfa-example-git-v1x-gladly-team.vercel.app/
MIT License
1.34k stars 291 forks source link

Sample dynamic authPageURL config leads to infinite loop for nested page #594

Closed pesty closed 7 months ago

pesty commented 1 year ago

Describe the bug

The sample config to demonstrate the dynamic destination URL when redirecting from app pages can lead to infinite redirection.

Specifically, this is the config:

      const isServerSide = typeof window === 'undefined'
      const origin = isServerSide
        ? absoluteUrl(ctx.req).origin
        : window.location.origin
      const destPath =
        typeof window === 'undefined' ? ctx.resolvedUrl : window.location.href
      const destURL = new URL(destPath, origin)
      return `auth-ssr?destination=${encodeURIComponent(destURL)}`     // <-- this line is causing trouble
    },

For example, when accessing http://localhost:3000/reviews/1234, it will redirect to:

The document / sample code should be updated to include a / before auth-ssr so that it will pass the login request to the right script.

const destURL = new URL(destPath, origin)
return `/auth-ssr?destination=${encodeURIComponent(destURL)}``

Versions

next-firebase-auth version: 1.0.0-canary.18 Firebase JS SDK: 9.14.0 Next.js: 13.0.6

To Reproduce Steps to reproduce the behavior:

  1. Set up the sample app
  2. Create a dynamic route under pages/reviews. Create a pages/reviews/[id].js and use withAuthUserTokenSSR for SSR.
  3. [Optional] Create a pages/reviews/index.js and use withAuthUserTokenSSR to compare.
  4. Try to access /reviews and /reviews/1234 without logged in.
  5. /reviews should work fine, but /reviews/1234 will lead to infinite redirection.

Expected behavior Both should be able to redirect the to /auth-ssr correctly, with the destination set to the encoded original url.

Debug and error logs Please update README.md & initAuth.js in the sample code.

UnkAtreus commented 1 year ago

I have same issue

UnkAtreus commented 1 year ago

@kmjennison pls help us,

kmjennison commented 1 year ago

This issue provides a recommended solution:

The document / sample code should be updated to include a / before auth-ssr so that it will pass the login request to the right script.

const destURL = new URL(destPath, origin)
return `/auth-ssr?destination=${encodeURIComponent(destURL)}`

A PR is welcome!