Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,18 @@ All notable changes to StudyMap are documented here.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.2.1] - 2026-06-28

### Added

- Optional sign-in via Google OAuth and Supabase email/password auth. The site remains fully public - a Sign in button appears in the top-right navbar for users who want to authenticate. After sign-in, users are returned to the page they came from.

### Fixed

- Auth callbacks always redirect to `studymapp.vercel.app` regardless of which Vercel deployment URL receives the OAuth callback, preventing users from landing on the auto-assigned `studymapp-student-suite.vercel.app` domain.
- Contact email updated to `studentsuite0@gmail.com` in `CONTRIBUTING.md`, `SECURITY.md`, and issue templates.
- Canonical live URL corrected to `https://studymapp.vercel.app` in `README.md`.

## [1.2.0] - 2026-06-27

### Added
Expand Down
17 changes: 16 additions & 1 deletion src/proxy.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,23 @@
import { createServerClient } from "@supabase/ssr";
import { NextResponse, type NextRequest } from "next/server";

const CANONICAL = "https://studymapp.vercel.app";
// Vercel auto-assigns this URL based on the team name — it can't be deleted,
// so we intercept every request on it and redirect to the canonical domain.
const WRONG_DOMAIN = "studymapp-student-suite.vercel.app";

export async function proxy(request: NextRequest) {
// Domain enforcement — must happen before anything else so that OAuth
// callbacks landing on the wrong Vercel domain get bounced to the right one
// before the auth code exchange runs.
const host =
request.headers.get("x-forwarded-host") ?? request.nextUrl.hostname;

if (host === WRONG_DOMAIN) {
const canonical = `${CANONICAL}${request.nextUrl.pathname}${request.nextUrl.search}`;
return NextResponse.redirect(canonical, { status: 301 });
}

let proxyResponse = NextResponse.next({ request });

const supabase = createServerClient(
Expand All @@ -26,7 +42,6 @@ export async function proxy(request: NextRequest) {
);

// Refresh the session so it doesn't expire mid-visit.
// No auth enforcement — the site is fully public.
await supabase.auth.getUser();

return proxyResponse;
Expand Down
Loading