next-auth makes a request to BASE_URL for CSRF tokens, which may fail behind a loadbalancer

[mac-chaffee]

If you place peppermint behind some kind of loadbalancer or proxy where the BASE_URL might not be reachable from within the container, logins will fail with an error like this:

name: 'FetchError'
  at processTicksAndRejections (internal/process/task_queues.js:95:5)',
  at runMicrotasks (<anonymous>)\n' +
  at /app/node_modules/node-fetch/lib/index.js:272:32\n' +
    stack: 'FetchError: invalid json response body at http://mac-peppermint.macchaffee.com/api/auth/csrf reason: Unexpected token < in JSON at position 0\n' +
    message: 'invalid json response body at http://mac-peppermint.macchaffee.com/api/auth/csrf reason: Unexpected token < in JSON at position 0',

https://next-auth.js.org/errors#client_fetch_error invalid json response body at http://mac-peppermint.macchaffee.com/api/auth/csrf reason: Unexpected token < in JSON at position 0

In my case, my loadbalancer rejected the request with a 403 HTTP response (hence the opening angle bracket) because the source IP of the request came from within the container, which I have not allow-listed.

Not sure if this is an issue with peppermint or with next-js, but it is definitely strange that a web server should need to send itself an API call.

It sorta works if BASE_URL is set to localhost:5001 since that request always works from within the container, but then that breaks other parts of Peppermint.

[potts99]

Will have to have a deeper look into this :)

[potts99]

Working on moving away from next auth which should remove this issue