added safe url structure for magic links and self hosted logo

src/app/email_templates/magic_link.ts

@@ -20,13 +20,14 @@ export async function MagicLinksEmail({
   const logoUrl = `${baseUrl}/domna-email-logo.png`;
 
   const token = parsed.searchParams.get("token");
+  const email = parsed.searchParams.get("email");
 
-  if (!token) {
-    throw new Error("Magic link token missing");
+  if (!token || !email) {
+    throw new Error("Magic link token or email missing");
   }
 
   // Create a clean login link instead of the NextAuth callback
-  const loginUrl = `${parsed.origin}/login?t=${token}`;
+  const loginUrl = `${parsed.origin}/login/${token}/${encodeURIComponent(email)}`;
 
   const transport = createTransport(provider.server);
 
@@ -38,7 +39,7 @@ export async function MagicLinksEmail({
   const result = await transport.sendMail({
     to: identifier,
     from: provider.from,
-    subject: "Your secure Ara sign-in link",
+    subject: "Sign in to Ara",
     text: plainText({ url: loginUrl, host }),
     html: domnaHtml({
       url: loginUrl,

src/app/login/[token]/[email]/page.tsx

@@ -0,0 +1,19 @@
+import { redirect } from "next/navigation";
+
+export default async function LoginPage({
+  params,
+}: {
+  params: Promise<{ token: string; email: string }>;
+}) {
+  const { token, email } = await params;
+
+  if (!token || !email) {
+    redirect("/");
+  }
+
+  const decodedEmail = decodeURIComponent(email);
+
+  redirect(
+    `/api/auth/callback/email?token=${token}&email=${encodeURIComponent(decodedEmail)}`,
+  );
+}

src/app/login/page.tsx

@@ -1,20 +0,0 @@
-"use client";
-
-import { useEffect } from "react";
-import { useSearchParams } from "next/navigation";
-
-export default function LoginPage() {
-  const params = useSearchParams();
-
-  useEffect(() => {
-    const token = params.get("t");
-
-    if (!token) return;
-
-    const callback = `/api/auth/callback/email?token=${token}`;
-
-    window.location.href = callback;
-  }, [params]);
-
-  return <p>Signing you in…</p>;
-}