Fix NextAuth 500 errors by adding NEXTAUTH_URL environment variable

rgilks · rgilks · commit 717eca555f6b · 2025-10-25T12:01:12.000+01:00
- Add NEXTAUTH_URL to wrangler.toml for Cloudflare deployment
- Update GitHub Actions workflows to include NEXTAUTH_URL secret
- Update deployment documentation to include NEXTAUTH_URL requirement
- Update README with NEXTAUTH_URL configuration instructions

This resolves the 500 errors on /api/auth/session and /api/auth/_log endpoints
by ensuring NextAuth has the correct production URL for proper initialization.
diff --git a/.github/workflows/cloudflare-branch.yml b/.github/workflows/cloudflare-branch.yml
@@ -58,6 +58,7 @@ jobs:
           command: deploy --minify
         env:
           NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
+          NEXTAUTH_URL: ${{ secrets.NEXTAUTH_URL }}
           GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
           GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
           GOOGLE_TRANSLATE_API_KEY: ${{ secrets.GOOGLE_TRANSLATE_API_KEY }}
diff --git a/.github/workflows/cloudflare.yml b/.github/workflows/cloudflare.yml
@@ -56,6 +56,7 @@ jobs:
           command: deploy --minify
         env:
           NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
+          NEXTAUTH_URL: ${{ secrets.NEXTAUTH_URL }}
           GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
           GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
           GOOGLE_TRANSLATE_API_KEY: ${{ secrets.GOOGLE_TRANSLATE_API_KEY }}
diff --git a/README.md b/README.md
@@ -140,7 +140,7 @@ Comprehendo implements strategies to manage AI API costs:
       - `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET` (optional, if enabling Google login)
       - `DISCORD_CLIENT_ID`, `DISCORD_CLIENT_SECRET` (optional, if enabling Discord login)
       - `AUTH_SECRET`: Generate with `openssl rand -base64 32`
-      - `NEXTAUTH_URL`: The canonical URL of your deployment (e.g., `http://localhost:3000` for local development).
+      - `NEXTAUTH_URL`: The canonical URL of your deployment (e.g., `http://localhost:3000` for local development, `https://comprehendo.tre.systems` for production).
       - `ADMIN_EMAILS`: Comma-separated list of emails for admin access (e.g., `admin@example.com,test@test.com`).
       - `GOOGLE_TRANSLATE_API_KEY`: (Optional) Needed for hover translation feature.
       - `RATE_LIMIT_MAX_REQUESTS_PER_HOUR`: (Optional, default 100) Max exercise generation requests per IP per hour.
@@ -207,6 +207,7 @@ The application is configured to deploy to Cloudflare Workers using OpenNext and
 5. **Set Production Secrets:**
    ```bash
    wrangler secret put NEXTAUTH_SECRET
+   wrangler secret put NEXTAUTH_URL
    wrangler secret put GOOGLE_CLIENT_ID
    wrangler secret put GOOGLE_CLIENT_SECRET
    wrangler secret put GOOGLE_TRANSLATE_API_KEY
diff --git a/docs/cloudflare-deployment-guide.md b/docs/cloudflare-deployment-guide.md
@@ -65,15 +65,16 @@ In your GitHub repository:
 
 ### Required Secrets
 
-| Secret Name                | Description                | How to Get                               |
-| -------------------------- | -------------------------- | ---------------------------------------- |
-| `CLOUDFLARE_API_TOKEN`     | Cloudflare API token       | From Step 1                              |
-| `CLOUDFLARE_ACCOUNT_ID`    | Cloudflare Account ID      | From Step 2                              |
-| `NEXTAUTH_SECRET`          | NextAuth.js secret         | Generate with: `openssl rand -base64 32` |
-| `GOOGLE_CLIENT_ID`         | Google OAuth Client ID     | From Google Cloud Console                |
-| `GOOGLE_CLIENT_SECRET`     | Google OAuth Client Secret | From Google Cloud Console                |
-| `GOOGLE_TRANSLATE_API_KEY` | Google Translate API Key   | From Google Cloud Console                |
-| `ADMIN_EMAILS`             | Admin email addresses      | Comma-separated list                     |
+| Secret Name                | Description                | How to Get                                                    |
+| -------------------------- | -------------------------- | ------------------------------------------------------------- |
+| `CLOUDFLARE_API_TOKEN`     | Cloudflare API token       | From Step 1                                                   |
+| `CLOUDFLARE_ACCOUNT_ID`    | Cloudflare Account ID      | From Step 2                                                   |
+| `NEXTAUTH_SECRET`          | NextAuth.js secret         | Generate with: `openssl rand -base64 32`                      |
+| `NEXTAUTH_URL`             | NextAuth.js URL            | Your production URL (e.g., `https://comprehendo.tre.systems`) |
+| `GOOGLE_CLIENT_ID`         | Google OAuth Client ID     | From Google Cloud Console                                     |
+| `GOOGLE_CLIENT_SECRET`     | Google OAuth Client Secret | From Google Cloud Console                                     |
+| `GOOGLE_TRANSLATE_API_KEY` | Google Translate API Key   | From Google Cloud Console                                     |
+| `ADMIN_EMAILS`             | Admin email addresses      | Comma-separated list                                          |
 
 ### Generate NextAuth Secret
 
diff --git a/wrangler.toml b/wrangler.toml
@@ -15,3 +15,4 @@ migrations_dir = "migrations"
 
 [vars]
 NODE_ENV = "production"
+NEXTAUTH_URL = "https://comprehendo.tre.systems"

Original file line number	Diff line number	Diff line change
`@@ -15,3 +15,4 @@ migrations_dir = "migrations"`
`15`	`15`
`16`	`16`	`[vars]`
`17`	`17`	`NODE_ENV = "production"`
	`18`	`+NEXTAUTH_URL = "https://comprehendo.tre.systems"`