feat: implement OAuth state management for multi-tenancy support

- Introduced encoding and decoding of OAuth state to include tenant metadata, allowing the gateway to route callbacks without hard-coded tenant slugs. - Updated the AuthController to handle social account linking and sign-in with compatibility for legacy paths. - Refactored redirect URI construction to simplify tenant slug handling. - Enhanced documentation to reflect changes in the OAuth flow and state management. Signed-off-by: Innei <tukon479@gmail.com>
2026-04-24 23:05:05 +00:00 · 2025-11-30 14:03:05 +08:00
parent 2a7336cd6b
commit 019ee50121
21 changed files with 384 additions and 67 deletions
--- a/apps/docs/contents/getting-started/quick-start.mdx
+++ b/apps/docs/contents/getting-started/quick-start.mdx
@@ -2,7 +2,7 @@
 title: Quick Start
 description: Get your gallery running in about 5 minutes.
 createdAt: 2025-11-14T22:20:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 2
 ---

@@ -111,3 +111,4 @@ Deploy to Vercel or any Node.js host. See [Vercel Deployment](/deployment/vercel



+
--- a/apps/docs/contents/saas/architecture.mdx
+++ b/apps/docs/contents/saas/architecture.mdx
@@ -2,7 +2,7 @@
 title: SaaS Architecture
 description: Tenant model, domain routing, OAuth flow, and data injection paths.
 createdAt: 2025-11-23T20:20:00+08:00
-lastModified: 2025-11-23T20:44:02+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 36
 ---

@@ -30,8 +30,8 @@ order: 36

 ## OAuth gateway flow

- Providers redirect to `https://auth.<baseDomain>/api/auth/callback/{provider}?tenantSlug=<slug>`.
- Gateway rewrites to `https://<slug>.<baseDomain>/api/auth/callback/{provider}` preserving query params.
+- Providers redirect to the fixed `https://auth.<baseDomain>/api/auth/callback/{provider}`.
+- Tenant slug is wrapped into the OAuth `state` so the gateway can restore the inner Better Auth state and forward to `https://<slug>.<baseDomain>/api/auth/callback/{provider}`.
 - Keeps provider config simple (single callback URL) while maintaining per-tenant sessions.

 ## Data path
--- a/apps/docs/contents/storage/providers/b2.mdx
+++ b/apps/docs/contents/storage/providers/b2.mdx
@@ -2,7 +2,7 @@
 title: B2 (Backblaze B2)
 description: Configure Backblaze B2 storage for cost-effective cloud storage.
 createdAt: 2025-11-14T22:10:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 33
 ---

@@ -86,13 +86,12 @@ Compare with AWS S3 to see which fits your usage pattern better.
 ## Troubleshooting

 **Authentication errors:**
+
 - Verify `B2_KEY_ID` and `B2_KEY` are correct
 - Check that the application key has read permissions
 - Ensure the bucket ID and name match your B2 bucket

 **Rate limiting:**
+
 - B2 has generous rate limits, but very high concurrency may still hit limits
 - Reduce concurrency if needed
-
-
-
--- a/apps/docs/contents/storage/providers/eagle.mdx
+++ b/apps/docs/contents/storage/providers/eagle.mdx
@@ -2,7 +2,7 @@
 title: Eagle Storage
 description: Publish directly from an Eagle 4 library with filtering support.
 createdAt: 2025-11-14T22:10:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 36
 ---

@@ -165,3 +165,4 @@ This creates tags in the manifest based on folder structure, useful for organizi



+
--- a/apps/docs/contents/storage/providers/github.mdx
+++ b/apps/docs/contents/storage/providers/github.mdx
@@ -2,7 +2,7 @@
 title: GitHub Storage
 description: Use a GitHub repository as photo storage for simple deployments.
 createdAt: 2025-11-14T22:10:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 34
 ---

@@ -100,3 +100,4 @@ For private repositories:



+
--- a/apps/docs/contents/storage/providers/index.mdx
+++ b/apps/docs/contents/storage/providers/index.mdx
@@ -2,7 +2,7 @@
 title: Storage Providers
 description: Choose a storage provider for your photo collection.
 createdAt: 2025-11-14T22:40:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 30
 ---

@@ -111,3 +111,4 @@ Credentials and sensitive information should be stored in `.env` and referenced
 See each provider's documentation for specific configuration options.


+
--- a/apps/docs/contents/storage/providers/local.mdx
+++ b/apps/docs/contents/storage/providers/local.mdx
@@ -2,7 +2,7 @@
 title: Local Storage
 description: Use local file system paths for development and self-hosting.
 createdAt: 2025-11-14T22:10:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 35
 ---

@@ -134,3 +134,4 @@ If you want to serve original photos:



+
--- a/apps/docs/contents/storage/providers/s3.mdx
+++ b/apps/docs/contents/storage/providers/s3.mdx
@@ -2,7 +2,7 @@
 title: S3 / S3-Compatible
 description: Configure S3 or S3-compatible storage for your photo collection.
 createdAt: 2025-11-14T22:10:00+08:00
-lastModified: 2025-11-25T17:23:59+08:00
+lastModified: 2025-11-30T14:03:05+08:00
 order: 32
 ---

@@ -121,3 +121,4 @@ This prevents processing temporary or system files.



+