From 23156477432d1ed843571342dab9ee8835349cf6 Mon Sep 17 00:00:00 2001
From: Strtus <Strtus@outlook.com>
Date: Tue, 19 May 2026 11:41:15 +0800
Subject: [PATCH] Fix EdgeOne auth runtime configuration

Set trustHost and explicitly provide AUTH_SECRET in NextAuth config
so auth routes do not fail host/config validation on non-Vercel
platforms like EdgeOne.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 src/auth/server.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/auth/server.ts b/src/auth/server.ts
index 33758db2..d78762c9 100644
--- a/src/auth/server.ts
+++ b/src/auth/server.ts
@@ -8,6 +8,10 @@ export const {
   signOut,
   auth,
 } = NextAuth({
+  // Non-Vercel platforms (e.g. EdgeOne) may not be auto-trusted by Auth.js.
+  // Enabling trustHost prevents auth route 500s caused by host validation.
+  trustHost: true,
+  secret: process.env.AUTH_SECRET,
   providers: [
     Credentials({
       async authorize({ email, password }) {