zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): revert SUPABASE_INTERNAL_URL — cookie name mismatch
Some checks failed
Workflow / ʦ TypeScript (push) Failing after 6m17s
Details
Workflow / ⚫️ Test (push) Has been skipped
Details

Browse Source 
Browser creates cookies keyed by the external hostname (sb-myeasycms-*),
but server was using SUPABASE_INTERNAL_URL (sb-supabase-kong-*) — different
keys = server can't find the session = infinite 'please wait' after login.

Both client and server now use the same NEXT_PUBLIC_SUPABASE_URL (external
domain). The SSR reaches Supabase via Traefik → Kong which works fine.
This commit is contained in:
Zaid Marzguioui
2026-04-01 11:42:00 +02:00
parent 0aa2773086
commit 72227b5aab
3 changed files with 3 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -5,7 +5,7 @@ WORKDIR /app
# --- Install + Build in one stage --- # --- Install + Build in one stage ---
FROM base AS builder FROM base AS builder
# CACHE_BUST: change this value to force a full rebuild (busts Docker layer cache) # CACHE_BUST: change this value to force a full rebuild (busts Docker layer cache)
ARG CACHE_BUST=9 ARG CACHE_BUST=10
RUN echo "Cache bust: ${CACHE_BUST}" RUN echo "Cache bust: ${CACHE_BUST}"
COPY . . COPY . .
RUN pnpm install --no-frozen-lockfile RUN pnpm install --no-frozen-lockfile

4
docker-compose.yml
View File

@@ -321,12 +321,10 @@ services:
environment: environment:
NODE_ENV: production NODE_ENV: production
NEXT_PUBLIC_SITE_URL: ${SITE_URL:-http://localhost:3000} NEXT_PUBLIC_SITE_URL: ${SITE_URL:-http://localhost:3000}
# Browser-side: external domain (baked at build time, re-stated here for SSR) # Same URL for browser AND server — keeps Supabase cookie names consistent
NEXT_PUBLIC_SUPABASE_URL: ${API_EXTERNAL_URL:-http://localhost:8000} NEXT_PUBLIC_SUPABASE_URL: ${API_EXTERNAL_URL:-http://localhost:8000}
NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY} NEXT_PUBLIC_SUPABASE_PUBLIC_KEY: ${SUPABASE_ANON_KEY}
NEXT_PUBLIC_DEFAULT_LOCALE: de NEXT_PUBLIC_DEFAULT_LOCALE: de
# Server-side: Docker-internal URL (avoids hairpin NAT / DNS issues)
SUPABASE_INTERNAL_URL: http://supabase-kong:8000
SUPABASE_SECRET_KEY: ${SUPABASE_SERVICE_ROLE_KEY} SUPABASE_SECRET_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
SUPABASE_DB_WEBHOOK_SECRET: ${DB_WEBHOOK_SECRET:-webhooksecret} SUPABASE_DB_WEBHOOK_SECRET: ${DB_WEBHOOK_SECRET:-webhooksecret}
EMAIL_SENDER: ${EMAIL_SENDER:-noreply@myeasycms.de} EMAIL_SENDER: ${EMAIL_SENDER:-noreply@myeasycms.de}

12
packages/supabase/src/get-supabase-client-keys.ts
View File

@@ -2,18 +2,8 @@ import * as z from 'zod';
/** /**
* Returns and validates the Supabase client keys from the environment. * Returns and validates the Supabase client keys from the environment.
*
* On the server, prefers SUPABASE_INTERNAL_URL (Docker-internal)
* over NEXT_PUBLIC_SUPABASE_URL (external domain) to avoid
* hairpin NAT / DNS issues in containerized deployments.
*/ */
export function getSupabaseClientKeys() { export function getSupabaseClientKeys() {
const isServer = typeof window === 'undefined';
const url = isServer
? (process.env.SUPABASE_INTERNAL_URL || process.env.NEXT_PUBLIC_SUPABASE_URL)
: process.env.NEXT_PUBLIC_SUPABASE_URL;
return z return z
.object({ .object({
url: z.string({ url: z.string({
@@ -24,7 +14,7 @@ export function getSupabaseClientKeys() {
}), }),
}) })
.parse({ .parse({
url, url: process.env.NEXT_PUBLIC_SUPABASE_URL,
publicKey: process.env.NEXT_PUBLIC_SUPABASE_PUBLIC_KEY, publicKey: process.env.NEXT_PUBLIC_SUPABASE_PUBLIC_KEY,
}); });
} }