fix(auth): preserve query params in OAuth callback redirect

Clément VALENTIN · claude · Clément VALENTIN · commit c0b51c02a6e0 · 2025-12-21T22:30:31.000+01:00
When an unauthenticated user landed on /oauth/callback?code=..., the ProtectedRoute component was only saving location.pathname in the redirect state, losing the query parameters. After login, the user was redirected to /oauth/callback without the code parameter, causing "Paramètres de callback invalides" error. Changes: - ProtectedRoute now saves pathname + search in redirect state - Added Vite proxy for /api/* to enable same-origin httpOnly cookies - Mount .env.web in frontend container for runtime env configuration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/apps/web/src/App.tsx b/apps/web/src/App.tsx
@@ -61,8 +61,9 @@ function ProtectedRoute({ children }: { children: React.ReactNode }) {
   }
 
   if (!isAuthenticated) {
-    // Sauvegarder l'URL courante pour y revenir après connexion
-    return <Navigate to="/login" state={{ from: location.pathname }} replace />
+    // Sauvegarder l'URL courante (avec query params) pour y revenir après connexion
+    const fullPath = location.pathname + location.search
+    return <Navigate to="/login" state={{ from: fullPath }} replace />
   }
 
   return <>{children}</>
diff --git a/apps/web/vite.config.ts b/apps/web/vite.config.ts
@@ -8,7 +8,8 @@ const __dirname = dirname(__filename)
 
 export default defineConfig(({ mode }) => {
   const env = loadEnv(mode, process.cwd(), '')
-  const backendUrl = env.VITE_BACKEND_URL || 'http://127.0.0.1:8000'
+  // Use process.env first (from Docker env_file), then loadEnv, then default
+  const backendUrl = process.env.VITE_BACKEND_URL || env.VITE_BACKEND_URL || 'http://backend:8000'
 
   return {
     plugins: [react()],
@@ -75,6 +76,16 @@ export default defineConfig(({ mode }) => {
       hmr: {
         clientPort: 8000,
       },
+      // Proxy API requests to backend - ensures same-origin for httpOnly cookies
+      proxy: {
+        '/api': {
+          target: backendUrl,
+          changeOrigin: true,
+          rewrite: (path) => path.replace(/^\/api/, ''),
+          // Forward cookies
+          cookieDomainRewrite: 'localhost',
+        },
+      },
     },
     test: {
       globals: true,
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -104,6 +104,7 @@ services:
       - ./apps/web/tsconfig.node.json:/app/tsconfig.node.json
       - ./apps/web/tailwind.config.js:/app/tailwind.config.js
       - ./apps/web/postcss.config.js:/app/postcss.config.js
+      - ./.env.web:/app/.env:ro
       - /app/node_modules
     ports:
       - "8000:5173"

Original file line number	Diff line number	Diff line change
`@@ -61,8 +61,9 @@ function ProtectedRoute({ children }: { children: React.ReactNode }) {`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`if (!isAuthenticated) {`
`64`		`- // Sauvegarder l'URL courante pour y revenir après connexion`
`65`		`- return <Navigate to="/login" state={{ from: location.pathname }} replace />`
	`64`	`+ // Sauvegarder l'URL courante (avec query params) pour y revenir après connexion`
	`65`	`+ const fullPath = location.pathname + location.search`
	`66`	`+ return <Navigate to="/login" state={{ from: fullPath }} replace />`
`66`	`67`	`}`
`67`	`68`
`68`	`69`	`return <>{children}</>`