fix(server): use post request to consume magic link token (#6656)

packages/frontend/core/src/pages/magic-link.tsx

@@ -0,0 +1,40 @@
+import { type LoaderFunction, redirect } from 'react-router-dom';
+
+export const loader: LoaderFunction = async ({ request }) => {
+  const url = new URL(request.url);
+  const queries = url.searchParams;
+  const email = queries.get('email');
+  const token = queries.get('token');
+  const redirectUri = queries.get('redirect_uri');
+
+  if (!email || !token) {
+    return redirect('/404');
+  }
+
+  const res = await fetch('/api/auth/magic-link', {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({ email, token }),
+  });
+
+  if (!res.ok) {
+    let error: string;
+    try {
+      const { message } = await res.json();
+      error = message;
+    } catch (e) {
+      error = 'failed to verify sign-in token';
+    }
+    return redirect(`/signIn?error=${encodeURIComponent(error)}`);
+  }
+
+  location.href = redirectUri || '/';
+  return null;
+};
+
+export const Component = () => {
+  // TODO: loading ui
+  return null;
+};

packages/frontend/core/src/router.tsx

@@ -76,6 +76,10 @@ export const topLevelRoutes = [
         path: '/signIn',
         lazy: () => import('./pages/sign-in'),
       },
+      {
+        path: '/magic-link',
+        lazy: () => import('./pages/magic-link'),
+      },
       {
         path: '/open-app/:action',
         lazy: () => import('./pages/open-app'),