- Use NEXTAUTH_URL instead of request.url for callbackUrl (was 0.0.0.0:3000)
- Add custom /auth/signin page that auto-calls signIn("authentik")
- Skip the intermediate "Sign in with Authentik" button page
- Exclude /auth/signin from middleware matcher
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Auth:
- Add middleware.ts that redirects unauthenticated users to Authentik SSO
- Extract authOptions to shared auth-options.ts
- Add getAuthSession() helper for API route protection
- Add loading spinner during session validation
- Dev mode bypasses auth (stub user still works)
ManicTime:
- Fix hardcoded companyId="beletage" — now uses group context from Tags.txt
- Fix extended project format label parsing (extracts name after year)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AI Assistant