wip

apps/website/app/auth/iracing/callback/route.ts

@@ -0,0 +1,41 @@
+import { cookies } from 'next/headers';
+import { NextResponse } from 'next/server';
+
+import { getAuthService } from '../../../../lib/auth';
+
+const SESSION_COOKIE = 'gp_demo_session';
+const STATE_COOKIE = 'gp_demo_auth_state';
+
+export async function GET(request: Request) {
+  const url = new URL(request.url);
+  const code = url.searchParams.get('code') ?? undefined;
+  const state = url.searchParams.get('state') ?? undefined;
+  const returnTo = url.searchParams.get('returnTo') ?? undefined;
+
+  if (!code || !state) {
+    return NextResponse.redirect('/auth/iracing');
+  }
+
+  const cookieStore = await cookies();
+  const storedState = cookieStore.get(STATE_COOKIE)?.value;
+
+  if (!storedState || storedState !== state) {
+    return NextResponse.redirect('/auth/iracing');
+  }
+
+  const authService = getAuthService();
+  const session = await authService.loginWithIracingCallback({ code, state, returnTo });
+
+  cookieStore.set(SESSION_COOKIE, JSON.stringify(session), {
+    httpOnly: true,
+    sameSite: 'lax',
+    path: '/',
+    secure: process.env.NODE_ENV === 'production',
+  });
+
+  cookieStore.delete(STATE_COOKIE);
+
+  const redirectTarget = returnTo || '/dashboard';
+  const absoluteRedirect = new URL(redirectTarget, url.origin).toString();
+  return NextResponse.redirect(absoluteRedirect);
+}