From 789cd62a43edf738e9e1e288b08d436462f3fd55 Mon Sep 17 00:00:00 2001 From: Collin Beczak Date: Mon, 29 Jun 2026 18:00:52 -0500 Subject: [PATCH] Remove OAuth URL references from environment files and refactor authentication logic to use shared API request client. --- .env.example | 1 - .env.test | 1 - src/api/index.ts | 6 ------ src/contexts/AuthContext.tsx | 13 +++++++------ src/vite-env.d.ts | 1 - 5 files changed, 7 insertions(+), 15 deletions(-) diff --git a/.env.example b/.env.example index 97c6c5cf7..33ac71f15 100644 --- a/.env.example +++ b/.env.example @@ -2,7 +2,6 @@ VITE_APP_NAME="MapRoulette" VITE_APP_DESCRIPTION="MapRoulette 4 Local Development Environment" VITE_API_BASE_URL="https://maproulette.org" VITE_MAP_ROULETTE_SERVER_WEBSOCKET_URL="wss://maproulette.org/ws" -VITE_SERVER_OAUTH_URL="https://maproulette.org/auth/authenticate" VITE_SERVER_API_KEY="" # Base URL for short links embedded in OSM changeset comments # (e.g. https://mpr.lt/c//t/). If unset, diff --git a/.env.test b/.env.test index deb7e24e1..8701be4cc 100644 --- a/.env.test +++ b/.env.test @@ -4,7 +4,6 @@ VITE_APP_URL="http://localhost:3005" VITE_API_BASE_URL="http://localhost:9000" VITE_MAP_ROULETTE_SERVER_WEBSOCKET_URL="ws://localhost:9000/ws" -VITE_SERVER_OAUTH_URL="http://localhost:9000/auth/authenticate" # Must match MR_SUPER_KEY in docker-compose.test.yaml. VITE_SERVER_API_KEY="super-secret-key" diff --git a/src/api/index.ts b/src/api/index.ts index ee6a8a6ab..6768bfc98 100644 --- a/src/api/index.ts +++ b/src/api/index.ts @@ -47,12 +47,6 @@ export const apiRequest = ky.extend({ }, }) -export const createApiWithBaseUrl = (baseUrl: string) => { - return apiRequest.extend({ - prefixUrl: baseUrl, - }) -} - export const convertParamsToSearchParams = ( params: Record< string, diff --git a/src/contexts/AuthContext.tsx b/src/contexts/AuthContext.tsx index d341e8f5a..a893ef10b 100644 --- a/src/contexts/AuthContext.tsx +++ b/src/contexts/AuthContext.tsx @@ -1,7 +1,7 @@ import { useQueryClient } from '@tanstack/react-query' import { useLocation, useSearch } from '@tanstack/react-router' import { createContext, useCallback, useContext, useEffect, useMemo, useRef, useState } from 'react' -import { api, createApiWithBaseUrl } from '@/api' +import { api, apiRequest } from '@/api' import { Loader } from '@/components/ui/Loader' import { logger } from '@/lib/logger' import type { OAuthLoginResponse } from '@/types/Oauth' @@ -175,12 +175,13 @@ export const AuthProvider = ({ children }: { children: React.ReactNode }) => { const currentUrl = location.pathname + location.searchStr setStoredRedirectUrl(currentUrl) - const oauthBaseUrl = window.env.VITE_SERVER_OAUTH_URL - const loginUrl = `?redirect=${encodeURIComponent(currentUrl)}` - try { - const oauthApi = createApiWithBaseUrl(oauthBaseUrl) - const response = await oauthApi.get(loginUrl) + // Hit the backend via the shared apiRequest client (same host as the + // callback) so the backend derives the OAuth redirect_uri from this + // request's Origin header, which resolves correctly across deployments + // (maproulette.org, beta.maproulette.org, 127.0.0.1). No redirect param: + // post-login navigation is handled client-side via the stored redirect URL. + const response = await apiRequest.get('auth/authenticate') const jsonData = (await response.json()) as OAuthLoginResponse if (jsonData.state) { diff --git a/src/vite-env.d.ts b/src/vite-env.d.ts index dfccc2098..d61fb398e 100644 --- a/src/vite-env.d.ts +++ b/src/vite-env.d.ts @@ -12,7 +12,6 @@ interface AppEnv { readonly VITE_APP_DESCRIPTION: string readonly VITE_API_BASE_URL: string | undefined readonly VITE_MAP_ROULETTE_SERVER_WEBSOCKET_URL: string - readonly VITE_SERVER_OAUTH_URL: string readonly VITE_SERVER_API_KEY: string | undefined readonly VITE_GITHUB_ISSUES_API_OWNER: string | undefined readonly VITE_GITHUB_ISSUES_API_REPO: string | undefined