fix: preserve page context via cookie after Bluesky redirect

[NandkishorJadoun]

fixes #901

Previously, users logging in via Bluesky were redirected to the homepage regardless of which page they started from.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Error		Feb 5, 2026 4:53am
npmx.dev	Ready	Preview, Comment	Feb 5, 2026 4:53am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
npmx-lunaria	Ignored		Feb 5, 2026 4:53am

[coderabbitai]

📝 Walkthrough

Walkthrough

The client component now uses the current route (useRoute) and replaces direct auth redirects with navigateTo calls to /api/auth/atproto, including query parameters handle, optional create, and returnTo set to route.fullPath. The server endpoint accepts a returnTo query, validates it as a safe relative path (falls back to / if invalid), stores it in an auth_return_to cookie with a 5‑minute maxAge (httpOnly; secure toggled in development), and after completing OAuth/session handling reads and deletes that cookie to redirect the user to the preserved path.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description is directly related to the changeset, clearly stating it fixes issue #901 by preserving page context after Bluesky login redirects.
Linked Issues check	✅ Passed	The code changes directly address the linked issue #901 by implementing return context preservation through cookies and the navigateTo mechanism with returnTo parameters.
Out of Scope Changes check	✅ Passed	All changes are scoped to the Bluesky authentication flow and return context preservation, with no unrelated modifications detected outside the stated objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/components/Header/AuthModal.client.vue (1)

26-36: ⚠️ Potential issue | 🟠 Major

Missing returnTo parameter in handleLogin creates inconsistent redirect behaviour.

The handleLogin() function for manual handle input does not include the returnTo query parameter, whilst handleBlueskySignIn() and handleCreateAccount() do. Users logging in with a custom handle will be redirected to the homepage instead of their original page.

🐛 Proposed fix to add returnTo parameter

 async function handleLogin() {
   if (handleInput.value) {
     await navigateTo(
       {
         path: '/api/auth/atproto',
-        query: { handle: handleInput.value },
+        query: { handle: handleInput.value, returnTo: route.fullPath },
       },
       { external: true },
     )
   }
 }

[danielroe]

would you mind resolving the conflicts? 🙏

[wojtekmaj]

What does it have to do with the described fix?

[NandkishorJadoun]

I was working on another issue and forgot to switch branches. Please ignore that commit for now

[NandkishorJadoun]

yeah, working on it

[wojtekmaj]

Listen to the rabbit 🐰

[wojtekmaj]

Aside from the style change that sneaked in, LGTM.

[danielroe]

I think it would be safer to construct a new URL, validate the hostname, and pass this to setCookie

[codecov]

Codecov Report

❌ Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
app/components/Header/AuthModal.client.vue	33.33%	2 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/components/Header/AuthModal.client.vue (1)

29-33: ⚠️ Potential issue | 🟠 Major

Custom handle login does not preserve page context.

The handleLogin function uses authRedirect(handleInput.value) without passing the returnTo parameter. Users who enter a custom handle will be redirected to the homepage after authentication, inconsistent with the other two login flows (handleBlueskySignIn and handleCreateAccount) which both pass returnTo: route.fullPath.

The authRedirect function currently accepts only identifier and optional create parameters, and does not include returnTo in its query object. Update the function signature to accept an optional returnTo parameter:

-export async function authRedirect(identifier: string, create: boolean = false) {
+export async function authRedirect(identifier: string, create: boolean = false, returnTo?: string) {
   let query: LocationQueryRaw = { handle: identifier }
   if (create) {
     query = { ...query, create: 'true' }
   }
+  if (returnTo) {
+    query = { ...query, returnTo }
+  }
   await navigateTo(
     {
       path: '/api/auth/atproto',
       query,
     },
     { external: true },
   )
 }

Then call it with the return path in handleLogin:

 async function handleLogin() {
   if (handleInput.value) {
-    await authRedirect(handleInput.value)
+    await authRedirect(handleInput.value, false, route.fullPath)
   }
 }

[fatfingers23]

LGTM! Thank you for adding it! Was a big ask we got