ui/src/app/api/auth/hf/login/route.ts

import { randomUUID } from 'crypto';
import { NextRequest, NextResponse } from 'next/server';

const HF_AUTHORIZE_URL = 'https://huggingface.co/oauth/authorize';
const STATE_COOKIE = 'hf_oauth_state';

export async function GET(request: NextRequest) {
  const clientId = process.env.HF_OAUTH_CLIENT_ID || process.env.NEXT_PUBLIC_HF_OAUTH_CLIENT_ID;
  if (!clientId) {
    return NextResponse.json({ error: 'OAuth client ID not configured' }, { status: 500 });
  }

  const state = randomUUID();
  const origin = request.nextUrl.origin;
  const redirectUri = `${origin}/api/auth/hf/callback`;

  const authorizeUrl = new URL(HF_AUTHORIZE_URL);
  authorizeUrl.searchParams.set('response_type', 'code');
  authorizeUrl.searchParams.set('client_id', clientId);
  authorizeUrl.searchParams.set('redirect_uri', redirectUri);
  authorizeUrl.searchParams.set('scope', 'openid profile read-repos');
  authorizeUrl.searchParams.set('state', state);

  const response = NextResponse.redirect(authorizeUrl.toString(), { status: 302 });
  response.cookies.set({
    name: STATE_COOKIE,
    value: state,
    httpOnly: true,
    sameSite: 'lax',
    secure: process.env.NODE_ENV === 'production',
    maxAge: 60 * 5,
    path: '/',
  });

  return response;
}