From 55c08071b501055e13807d5ae972bcd14e53c3ef Mon Sep 17 00:00:00 2001
From: "railway-app[bot]" <68434857+railway-app[bot]@users.noreply.github.com>
Date: Fri, 27 Mar 2026 16:14:49 +0000
Subject: [PATCH] feat: add /auth/callback route to exchange OAuth code for
 session

---
 frontend-next/src/app/auth/callback/route.ts | 45 ++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 frontend-next/src/app/auth/callback/route.ts

diff --git a/frontend-next/src/app/auth/callback/route.ts b/frontend-next/src/app/auth/callback/route.ts
new file mode 100644
index 0000000..08550ff
--- /dev/null
+++ b/frontend-next/src/app/auth/callback/route.ts
@@ -0,0 +1,45 @@
+import { createClient } from "@supabase/supabase-js";
+import { NextRequest, NextResponse } from "next/server";
+
+export async function GET(request: NextRequest) {
+  const { searchParams, origin } = new URL(request.url);
+
+  const code = searchParams.get("code");
+  const error = searchParams.get("error");
+  const errorDescription = searchParams.get("error_description");
+
+  // GitHub (or Supabase) returned an OAuth error
+  if (error) {
+    const params = new URLSearchParams({ error: errorDescription ?? error });
+    return NextResponse.redirect(`${origin}/?${params.toString()}`);
+  }
+
+  // No code present — nothing to exchange
+  if (!code) {
+    return NextResponse.redirect(
+      `${origin}/?error=Missing+authorization+code`
+    );
+  }
+
+  const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+  const supabaseKey =
+    process.env.SUPABASE_KEY ?? process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+
+  if (!supabaseUrl || !supabaseKey) {
+    return NextResponse.redirect(
+      `${origin}/?error=Auth+service+not+configured`
+    );
+  }
+
+  const supabase = createClient(supabaseUrl, supabaseKey);
+
+  const { error: exchangeError } = await supabase.auth.exchangeCodeForSession(code);
+
+  if (exchangeError) {
+    const params = new URLSearchParams({ error: exchangeError.message });
+    return NextResponse.redirect(`${origin}/?${params.toString()}`);
+  }
+
+  // Successful exchange — send the user to the dashboard
+  return NextResponse.redirect(`${origin}/`);
+}