changing magic links url to protect against microsoft defender and host domna logo

src/app/api/auth/[...nextauth]/authOptions.ts

@@ -146,8 +146,8 @@ export const AuthOptions: NextAuthOptions = {
             .where(
               and(
                 eq(accounts.userId, dbUser.id),
-                eq(accounts.provider, account.provider)
-              )
+                eq(accounts.provider, account.provider),
+              ),
             );
 
           const emailVerified =
@@ -157,7 +157,7 @@ export const AuthOptions: NextAuthOptions = {
             // This handles the case where we had not set up accounts but
             // signed up users with oauth
             console.log(
-              `Linking ${account.provider} account for user ${normalisedEmail}`
+              `Linking ${account.provider} account for user ${normalisedEmail}`,
             );
 
             await db

src/app/email_templates/magic_link.ts

@@ -13,7 +13,20 @@ export async function MagicLinksEmail({
   url: string;
   provider: { server: any; from: string };
 }) {
-  const { host } = new URL(url);
+  const parsed = new URL(url);
+  const host = parsed.host;
+
+  const baseUrl = parsed.origin;
+  const logoUrl = `${baseUrl}/domna-email-logo.png`;
+
+  const token = parsed.searchParams.get("token");
+
+  if (!token) {
+    throw new Error("Magic link token missing");
+  }
+
+  // Create a clean login link instead of the NextAuth callback
+  const loginUrl = `${parsed.origin}/login?t=${token}`;
 
   const transport = createTransport(provider.server);
 
@@ -26,8 +39,19 @@ export async function MagicLinksEmail({
     to: identifier,
     from: provider.from,
     subject: "Your secure Ara sign-in link",
-    text: plainText({ url, host }),
-    html: domnaHtml({ url, host, brandColor, accentColor, brown, background }),
+    text: plainText({ url: loginUrl, host }),
+    html: domnaHtml({
+      url: loginUrl,
+      logoUrl,
+      host,
+      brandColor,
+      accentColor,
+      brown,
+      background,
+    }),
+    headers: {
+      "List-Unsubscribe": `<mailto:${provider.from}>`,
+    },
   });
 
   const failed = result.rejected.filter(Boolean);
@@ -38,6 +62,7 @@ export async function MagicLinksEmail({
 
 function domnaHtml({
   url,
+  logoUrl,
   host,
   brandColor,
   accentColor,
@@ -45,6 +70,7 @@ function domnaHtml({
   background,
 }: {
   url: string;
+  logoUrl: string;
   host: string;
   brandColor: string;
   accentColor: string;
@@ -60,7 +86,7 @@ function domnaHtml({
       <tr>
         <td align="center" style="background: linear-gradient(90deg, ${brandColor}, ${accentColor}); padding: 12px 8px;">
           <img 
-            src="https://145275138.fs1.hubspotusercontent-eu1.net/hubfs/145275138/base_logo_transparent_background.png"
+            src="${logoUrl}"
             alt="Domna Logo"
             width="120"
             height="auto"

src/app/login/page.tsx

@@ -0,0 +1,20 @@
+"use client";
+
+import { useEffect } from "react";
+import { useSearchParams } from "next/navigation";
+
+export default function LoginPage() {
+  const params = useSearchParams();
+
+  useEffect(() => {
+    const token = params.get("t");
+
+    if (!token) return;
+
+    const callback = `/api/auth/callback/email?token=${token}`;
+
+    window.location.href = callback;
+  }, [params]);
+
+  return <p>Signing you in…</p>;
+}