From 0be9b5d577cc731d1707652e05c6b70b7d47ee33 Mon Sep 17 00:00:00 2001
From: virtus <fevirtus@gmail.com>
Date: Fri, 24 Apr 2026 01:05:29 +0700
Subject: [PATCH] Refactor authentication options to improve environment
 variable handling and add error logging for API sync failures

---
 lib/auth.ts | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/lib/auth.ts b/lib/auth.ts
index 0784231..d582e09 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -1,7 +1,9 @@
 import { NextAuthOptions } from "next-auth"
 import GoogleProvider from "next-auth/providers/google"
 
-const readerApiOrigin = (process.env.READER_API_ORIGIN || "http://localhost:8000").replace(/\/+$/, "")
+const readerApiOrigin = process.env.READER_API_ORIGIN?.replace(/\/+$/, "")
+const googleClientId = process.env.GOOGLE_CLIENT_ID
+const googleClientSecret = process.env.GOOGLE_CLIENT_SECRET
 
 type MobileLoginResponse = {
     accessToken: string
@@ -17,8 +19,8 @@ type MobileLoginResponse = {
 export const authOptions: NextAuthOptions = {
     providers: [
         GoogleProvider({
-            clientId: process.env.GOOGLE_CLIENT_ID || "demo-id",
-            clientSecret: process.env.GOOGLE_CLIENT_SECRET || "demo-secret",
+            clientId: googleClientId || "",
+            clientSecret: googleClientSecret || "",
         }),
     ],
     session: {
@@ -27,23 +29,35 @@ export const authOptions: NextAuthOptions = {
     callbacks: {
         async jwt({ token, account }) {
             if (account?.provider === "google" && account.id_token) {
+                if (!readerApiOrigin) {
+                    console.warn("READER_API_ORIGIN is not configured, skipping reader-api sync after Google login")
+                    return token
+                }
+
                 try {
                     const response = await fetch(`${readerApiOrigin}/api/auth/mobile-login`, {
                         method: "POST",
                         headers: { "Content-Type": "application/json" },
                         body: JSON.stringify({ googleIdToken: account.id_token }),
+                        signal: AbortSignal.timeout(5000),
                     })
 
-                    if (response.ok) {
-                        const data = (await response.json()) as MobileLoginResponse
-                        token.sub = data.user.id
-                        ;(token as any).id = data.user.id
-                        ;(token as any).role = data.user.role || "USER"
-                        ;(token as any).name = data.user.name || token.name || null
-                        ;(token as any).email = data.user.email || token.email || null
-                        ;(token as any).picture = data.user.image || (token as any).picture || null
-                        ;(token as any).accessToken = data.accessToken
+                    if (!response.ok) {
+                        console.error("reader-api sync failed", {
+                            status: response.status,
+                            statusText: response.statusText,
+                        })
+                        return token
                     }
+
+                    const data = (await response.json()) as MobileLoginResponse
+                    token.sub = data.user.id
+                    ;(token as any).id = data.user.id
+                    ;(token as any).role = data.user.role || "USER"
+                    ;(token as any).name = data.user.name || token.name || null
+                    ;(token as any).email = data.user.email || token.email || null
+                    ;(token as any).picture = data.user.image || (token as any).picture || null
+                    ;(token as any).accessToken = data.accessToken
                 } catch (error) {
                     console.error("Failed to sync Google login with reader-api", error)
                 }
@@ -64,4 +78,5 @@ export const authOptions: NextAuthOptions = {
         },
     },
     secret: process.env.NEXTAUTH_SECRET,
+    debug: process.env.NEXTAUTH_DEBUG === "true",
 }