Skip to content

🔥 hotfix(proxy): matcher 排除 oauth/auth/analytics,修复登录 404#335

Merged
longsizhuo merged 1 commit into
mainfrom
hotfix/login-oauth-locale-bypass
May 6, 2026
Merged

🔥 hotfix(proxy): matcher 排除 oauth/auth/analytics,修复登录 404#335
longsizhuo merged 1 commit into
mainfrom
hotfix/login-oauth-locale-bypass

Conversation

@longsizhuo

Copy link
Copy Markdown
Member

🔥 紧急 hotfix:登录炸了

复现:访问 https://involutionhell.com/en/oauth/render/github → 404,所有用户无法登录

根因

i18n PR (#330) 让 next-intl middleware 接管全站 locale routing。但 proxy.ts 的 matcher 只排除了 api/trpc/_next/_vercel/静态资源漏掉了 next.config.mjs 里 rewrite 到后端的非 /api/ 路径

路径 用途
/auth/:path* NextAuth-like (/auth/me/auth/logout)
/oauth/:path* OAuth 跳转入口(登录入口) ⚠️
/analytics/:path* 埋点

请求流:

用户访问 /oauth/render/github
  ↓
next-intl middleware 308 redirect → /en/oauth/render/github
  (按 cookie / Accept-Language 加 locale 前缀)
  ↓
next.config rewrite source 是 /oauth/:path* 不带 locale,不匹配
  ↓
落到 app/[locale]/oauth/... 但这个 page 不存在
  ↓
404 → 登录炸

proxy.ts matcher 加排除:

- matcher: "/((?!api|trpc|_next|_vercel|.*\\..*).*)",
+ matcher: "/((?!api|trpc|auth|oauth|analytics|_next|_vercel|.*\\..*).*)",

排除后这 3 类路径不被 next-intl 拦截,直接走 next.config rewrite 到后端。

Test plan

  • preview 部署 curl -I https://<preview>/oauth/render/github 应该是 302(后端 OAuth redirect 到 GitHub),不是 308 redirect 到 /en/oauth/...
  • preview /auth/me 返回后端响应(而不是 next-intl redirect)
  • 登录流走通:点 SignIn → 跳 GitHub → 回调 /api/auth/callback/github → 落地

后续

加个集成测试保证 i18n routing 不再误吃 backend rewrite 路径,避免类似问题再发生。但这次优先 hotfix。

#330 i18n PR 让 next-intl middleware 接管全站 locale routing,但
matcher 只排除了 api/trpc/_next/_vercel/静态资源,没排除 next.config.mjs
的 rewrites 直通后端的路径。现象:

- 用户访问 /oauth/render/github
- next-intl middleware 308 redirect 到 /en/oauth/render/github
  (按 cookie / Accept-Language 推断 locale)
- next.config rewrite source 是 /oauth/:path* 不带 locale,不匹配
- 落到 app/[locale]/oauth/... 但这个 page 不存在 → 404
- 登录炸

3 条 rewrite-to-backend 路径都要排:
- /auth/:path*       NextAuth-like (/auth/me, /auth/logout)
- /oauth/:path*      OAuth 跳转入口(登录关键)
- /analytics/:path*  埋点

加进 matcher 排除组:
  /((?!api|trpc|auth|oauth|analytics|_next|_vercel|.*\..*).*)
Copilot AI review requested due to automatic review settings May 6, 2026 17:41
@vercel

vercel Bot commented May 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
involutionhell-github-io Building Building Preview, Comment May 6, 2026 5:41pm
website-preview Building Building Preview, Comment May 6, 2026 5:41pm

@longsizhuo longsizhuo merged commit 6704d10 into main May 6, 2026
4 of 6 checks passed
@longsizhuo longsizhuo deleted the hotfix/login-oauth-locale-bypass branch May 6, 2026 17:42
ashert-hsueh pushed a commit to ashert-hsueh/involutionhell.github.io that referenced this pull request Jun 26, 2026
PR InvolutionHell#335 修了登录炸的 hotfix(next-intl middleware matcher 漏排
/oauth /auth /analytics 三条 rewrite-to-backend 路径)。补防御让同
样的 bug 不再发生:

1. tests/proxy-matcher.test.ts
   - 静态扫 next.config.mjs 提取所有 rewrites() 函数体内的 source
   - 解析 proxy.ts matcher 字符串里 negative-lookahead 的排除组
   - 对每个 source 第一段 path,断言它在排除组里
   - 用 test.each 每条 source 一个 case,错误信息直接指引修法
   - 加新 rewrite 不带 /api/ 前缀但忘改 matcher → CI fail

2. dev_docs/i18n_url_routing.md
   - 新章节「加新 backend rewrite」直接告诉以后写代码的人:
     新增 next.config rewrite 必须同步更新 proxy.ts matcher
   - 列了 PR InvolutionHell#335 事故 + 正确流程示例

跑了 pnpm test 19 个 case 全过(含 16 条现有 rewrite + 2 sanity check)。
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant