refactor: Improve SSO authentication flow with enhanced error handling and parameter processing

- Update Q58 route to handle dynamic OAuth parameters
- Add error handling and logging for SSO URL generation
- Modify UserAuthForm to preserve and pass OAuth parameters during authentication
- Implement more robust error handling in authentication process

src/app/api/auth/q58/route.ts

@@ -1,3 +1,5 @@
+"use server";
+
 import { cookies } from "next/headers";
 import Hex from "crypto-js/enc-hex";
 import hmacSHA256 from "crypto-js/hmac-sha256";
@@ -10,15 +12,36 @@ const discourseHost = process.env.DISCOURSE_HOST as string;
 const clientSecret = process.env.DISCOURSE_SECRET as string;
 
 export async function POST(req: Request) {
+  try {
     const nonce = WordArray.random(16).toString();
     const url = new URL(req.url);
-  const originalParams = url.searchParams.toString();
+
-  const return_url = `${hostUrl}/q58/callback?${originalParams}`;
+    // 从请求中获取原始的 OAuth 参数
-  const sso = btoa(`nonce=${nonce}&return_sso_url=${encodeURI(return_url)}`);
+    const searchParams = new URLSearchParams(await req.text());
+    const oauth = searchParams.get("oauth") || "";
+
+    // 构建回调 URL
+    const callbackUrl = new URL("/q58/callback", hostUrl);
+    if (oauth) {
+      callbackUrl.searchParams.set("oauth", oauth);
+    }
+
+    // 构建 SSO 参数
+    const ssoParams = new URLSearchParams();
+    ssoParams.set("nonce", nonce);
+    ssoParams.set("return_sso_url", callbackUrl.toString());
+
+    const sso = btoa(ssoParams.toString());
     const sig = hmacSHA256(sso, clientSecret).toString(Hex);
 
+    // 设置 nonce cookie
     cookies().set(AUTH_NONCE, nonce, { maxAge: 60 * 10 });
+
     return Response.json({
       sso_url: `${discourseHost}/session/sso_provider?sso=${sso}&sig=${sig}`,
     });
+  } catch (error) {
+    console.error("SSO URL generation error:", error);
+    return Response.json({ error: "Internal server error" }, { status: 500 });
+  }
 }

src/components/auth/user-auth-form.tsx

@@ -1,7 +1,7 @@
 "use client";
 
 import * as React from "react";
-import { useRouter } from "next/navigation";
+import { useRouter, useSearchParams } from "next/navigation";
 import { Loader2, MessageCircleCode } from "lucide-react";
 
 import { cn } from "@/lib/utils";
@@ -19,20 +19,43 @@ export function UserAuthForm({
   const [isLoading, setIsLoading] = React.useState<boolean>(false);
   const router = useRouter();
   const { toast } = useToast();
+  const searchParams = useSearchParams();
 
   const signIn = () => {
     React.startTransition(async () => {
-      const response = await fetch("/api/auth/q58", { method: "POST" });
+      try {
-      if (!response.ok || response.status !== 200) {
+        // 获取当前的 OAuth 参数
+        const params = new URLSearchParams();
+        if (searchParams) {
+          const keys = Array.from(searchParams.keys());
+          keys.forEach((key) => {
+            const value = searchParams.get(key);
+            if (value) params.set(key, value);
+          });
+        }
+
+        const response = await fetch("/api/auth/q58", {
+          method: "POST",
+          body: params,
+        });
+
+        if (!response.ok) {
+          throw new Error(response.statusText);
+        }
+
+        const data: DiscourseData = await response.json();
+        if (data.sso_url) {
+          router.push(data.sso_url);
+        } else {
+          throw new Error("Invalid SSO URL");
+        }
+      } catch (error) {
         setIsLoading(false);
         toast({
           variant: "destructive",
           title: "内部服务异常",
-          description: response.statusText,
+          description: error instanceof Error ? error.message : "未知错误",
         });
-      } else {
-        let data: DiscourseData = await response.json();
-        router.push(data.sso_url);
       }
     });
   };