Fix auth redirect to 0.0.0.0 and credentials sign-in error

- Add AUTH_URL env var to docker-compose.yml and .env/.env.example so NextAuth builds correct redirect URLs instead of falling back to the Docker bind address (0.0.0.0:3000) - Normalize email to lowercase in authorize() to match how the register route stores emails, preventing case-sensitive lookup mismatches Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 23:42:24 +01:00 · 2026-02-20 23:42:24 +01:00 · 33ed7b7cb7
commit 33ed7b7cb7
parent 53e6d363b7
3 changed files with 5 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@ -21,6 +21,9 @@ AUTH_SECRET=change_me_to_a_strong_random_secret
 AUTH_GOOGLE_ID=your_google_oauth_client_id
 AUTH_GOOGLE_SECRET=your_google_oauth_client_secret
 # Auth.js base URL - set to the public URL of your app
 AUTH_URL=http://localhost:3000
 # Auth.js trust host configuration
 # Set to true when using HTTP (e.g., localhost), should be false in production with HTTPS
 AUTH_TRUST_HOST=true
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -14,6 +14,7 @@ services:
      - NEXT_PUBLIC_PREDICTIONS_ENABLED=true
      - API_KEY=${API_KEY}
      - AUTH_SECRET=${AUTH_SECRET}
      - AUTH_URL=${AUTH_URL}
      - AUTH_GOOGLE_ID=${AUTH_GOOGLE_ID}
      - AUTH_GOOGLE_SECRET=${AUTH_GOOGLE_SECRET}
      - AUTH_TRUST_HOST=${AUTH_TRUST_HOST}
--- a/src/auth.ts
+++ b/src/auth.ts
@ -21,7 +21,7 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
        password: { label: "Password", type: "password" },
      },
      async authorize(credentials) {
-        const email = credentials?.email as string | undefined;
+        const email = (credentials?.email as string | undefined)?.trim().toLowerCase();
        const password = credentials?.password as string | undefined;
        if (!email || !password) {