From 1db30643d32619a352e759799a24e8f54b8137bf Mon Sep 17 00:00:00 2001
From: joonhoekim <26rote@gmail.com>
Date: Thu, 30 Oct 2025 19:14:25 +0900
Subject: (김준회) 멀티 도메인 로그아웃시 경로 문제 처리
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/api/auth/[...nextauth]/route.ts | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'app/api/auth/[...nextauth]/route.ts')

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index d6ec807f..58566cd6 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -449,12 +449,35 @@ export const authOptions: NextAuthOptions = {
     },
 
     async redirect({ url, baseUrl }) {
+      // 상대 경로인 경우 baseUrl과 결합
       if (url.startsWith("/")) {
         return `${baseUrl}${url}`;
       }
-      else if (new URL(url).origin === baseUrl) {
-        return url;
+      
+      // 절대 URL인 경우: 허용된 도메인 목록 확인
+      try {
+        const urlObj = new URL(url);
+        const allowedDomains = [
+          "shidataroom.com",
+          "partners.sevcp.com",
+          "sevcp.com",
+          "localhost" // 개발 환경
+        ];
+        
+        // 허용된 도메인이면 그대로 반환
+        if (allowedDomains.includes(urlObj.hostname)) {
+          return url;
+        }
+        
+        // 기존 로직: baseUrl과 origin이 같으면 허용
+        if (urlObj.origin === baseUrl) {
+          return url;
+        }
+      } catch {
+        console.error('Invalid redirect URL:', url);
       }
+      
+      // 허용되지 않은 URL은 baseUrl로 리다이렉트
       return baseUrl;
     },
   },
-- 
cgit v1.2.3