disclosure-bureau/web/app/auth/callback/route.ts

/**
 * Magic-link callback. The link emailed to the user lands here with a `code` —
 * we exchange it for a Supabase session cookie and bounce to the requested
 * page (or home).
 */
import { NextResponse } from "next/server";
import { createClient } from "@/lib/supabase/server";

export async function GET(request: Request) {
  const { searchParams, origin } = new URL(request.url);
  const code = searchParams.get("code");
  const next = searchParams.get("next") ?? "/";

  if (!code) {
    return NextResponse.redirect(`${origin}/auth/signin?error=missing_code`);
  }

  const supabase = await createClient();
  const { error } = await supabase.auth.exchangeCodeForSession(code);
  if (error) {
    return NextResponse.redirect(`${origin}/auth/signin?error=${encodeURIComponent(error.message)}`);
  }

  return NextResponse.redirect(`${origin}${next}`);
}
baseline: Disclosure Bureau pipeline + Next.js UI + Supabase stack 2026-05-18 01:44:36 +00:00			`/**`
			* Magic-link callback. The link emailed to the user lands here with a `code` —
			`* we exchange it for a Supabase session cookie and bounce to the requested`
			`* page (or home).`
			`*/`
			`import { NextResponse } from "next/server";`
			`import { createClient } from "@/lib/supabase/server";`

			`export async function GET(request: Request) {`
			`const { searchParams, origin } = new URL(request.url);`
			`const code = searchParams.get("code");`
			`const next = searchParams.get("next") ?? "/";`

			`if (!code) {`
			return NextResponse.redirect(`${origin}/auth/signin?error=missing_code`);
			`}`

			`const supabase = await createClient();`
			`const { error } = await supabase.auth.exchangeCodeForSession(code);`
			`if (error) {`
			return NextResponse.redirect(`${origin}/auth/signin?error=${encodeURIComponent(error.message)}`);
			`}`

			return NextResponse.redirect(`${origin}${next}`);
			`}`