From 9b776409779696c14c05e03b506972fecdeb9b1b Mon Sep 17 00:00:00 2001
From: Alexander Bocken <alexander@bocken.org>
Date: Sun, 31 Aug 2025 21:58:55 +0200
Subject: [PATCH] Implement better auth flow with direct Authentik redirects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Create custom /login and /logout endpoints that bypass Auth.js default pages
- Use auto-submitting forms to POST to Auth.js with proper form data
- Update UserHeader links to use new custom endpoints (/login, /logout)
- Remove old login/logout page server files that are no longer needed
- Login flow: /login → auto-submit form → /auth/signin/authentik → Authentik
- Logout flow: /logout → auto-submit form → /auth/signout → Authentik logout
- Provides seamless user experience with loading spinners during redirects
- Maintains all Auth.js security features and session management
- Eliminates intermediate Auth.js pages for cleaner auth flow

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/lib/components/UserHeader.svelte     |  4 +--
 src/routes/(main)/login/+page.server.ts  |  3 --
 src/routes/(main)/logout/+page.server.ts |  3 --
 src/routes/login/+server.ts              | 35 ++++++++++++++++++++++++
 src/routes/logout/+server.ts             | 35 ++++++++++++++++++++++++
 5 files changed, 72 insertions(+), 8 deletions(-)
 delete mode 100644 src/routes/(main)/login/+page.server.ts
 delete mode 100644 src/routes/(main)/logout/+page.server.ts
 create mode 100644 src/routes/login/+server.ts
 create mode 100644 src/routes/logout/+server.ts

diff --git a/src/lib/components/UserHeader.svelte b/src/lib/components/UserHeader.svelte
index 65a87b8..15593ff 100644
--- a/src/lib/components/UserHeader.svelte
+++ b/src/lib/components/UserHeader.svelte
@@ -139,10 +139,10 @@ h2 + p{
 			<p>({user.nickname})</p>
 			<ul>
 				<li><a href="https://sso.bocken.org/if/user/#/settings" >Einstellungen</a></li>
-				<li><a href="/auth/signout" >Log Out</a></li>
+				<li><a href="/logout" >Log Out</a></li>
 			</ul>
 		</div>
 	</button>
 {:else}
-	<a class=entry href=/auth/signin>Log In</a>
+	<a class=entry href=/login>Log In</a>
 {/if}
diff --git a/src/routes/(main)/login/+page.server.ts b/src/routes/(main)/login/+page.server.ts
deleted file mode 100644
index 5ac7b62..0000000
--- a/src/routes/(main)/login/+page.server.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-import { signIn } from "../../../auth"
-import type { Actions } from "./$types"
-export const actions: Actions = { default: signIn }
diff --git a/src/routes/(main)/logout/+page.server.ts b/src/routes/(main)/logout/+page.server.ts
deleted file mode 100644
index 5ac7b62..0000000
--- a/src/routes/(main)/logout/+page.server.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-import { signIn } from "../../../auth"
-import type { Actions } from "./$types"
-export const actions: Actions = { default: signIn }
diff --git a/src/routes/login/+server.ts b/src/routes/login/+server.ts
new file mode 100644
index 0000000..f0a20fe
--- /dev/null
+++ b/src/routes/login/+server.ts
@@ -0,0 +1,35 @@
+import type { RequestHandler } from './$types';
+
+export const GET: RequestHandler = async ({ url }) => {
+	const callbackUrl = url.searchParams.get('callbackUrl') || '/';
+	
+	// Create an auto-submitting form that POSTs to Auth.js signin
+	const html = `
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Redirecting to login...</title>
+	<style>
+		body { font-family: system-ui; text-align: center; padding: 2rem; }
+		.spinner { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px; height: 40px; animation: spin 1s linear infinite; margin: 20px auto; }
+		@keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+	</style>
+</head>
+<body>
+	<h2>Redirecting to login...</h2>
+	<div class="spinner"></div>
+	<form id="signin-form" method="POST" action="/auth/signin/authentik">
+		<input type="hidden" name="callbackUrl" value="${callbackUrl}" />
+	</form>
+	<script>
+		document.getElementById('signin-form').submit();
+	</script>
+</body>
+</html>`;
+
+	return new Response(html, {
+		headers: {
+			'Content-Type': 'text/html'
+		}
+	});
+};
\ No newline at end of file
diff --git a/src/routes/logout/+server.ts b/src/routes/logout/+server.ts
new file mode 100644
index 0000000..ab301f8
--- /dev/null
+++ b/src/routes/logout/+server.ts
@@ -0,0 +1,35 @@
+import type { RequestHandler } from './$types';
+
+export const GET: RequestHandler = async ({ url }) => {
+	const callbackUrl = url.searchParams.get('callbackUrl') || '/';
+	
+	// Create an auto-submitting form that POSTs to Auth.js signout
+	const html = `
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Signing out...</title>
+	<style>
+		body { font-family: system-ui; text-align: center; padding: 2rem; }
+		.spinner { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px; height: 40px; animation: spin 1s linear infinite; margin: 20px auto; }
+		@keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+	</style>
+</head>
+<body>
+	<h2>Signing out...</h2>
+	<div class="spinner"></div>
+	<form id="signout-form" method="POST" action="/auth/signout">
+		<input type="hidden" name="callbackUrl" value="${callbackUrl}" />
+	</form>
+	<script>
+		document.getElementById('signout-form').submit();
+	</script>
+</body>
+</html>`;
+
+	return new Response(html, {
+		headers: {
+			'Content-Type': 'text/html'
+		}
+	});
+};
\ No newline at end of file