From 42410239507a4e09742624c046a69e279e57911e Mon Sep 17 00:00:00 2001
From: Jean-Luc Makiola <business@jeanlucmakiola.de>
Date: Sun, 12 Apr 2026 22:05:53 +0200
Subject: [PATCH] fix: use GEARBOX_URL for post-logout redirect URI

Behind a reverse proxy, c.req.url resolves to internal URL which
doesn't match the registered post_logout_redirect_uri in Logto.
Use GEARBOX_URL env var (already required for OAuth) as the
redirect target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/server/index.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/server/index.ts b/src/server/index.ts
index 78f8425..57fe5b2 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -103,8 +103,10 @@ app.get("/logout", async (c) => {
 	const postLogoutRedirect = new URL("/", c.req.url).origin;
 	if (issuer) {
 		const clientId = process.env.OIDC_CLIENT_ID;
+		const redirectUri =
+			process.env.GEARBOX_URL || postLogoutRedirect;
 		return c.redirect(
-			`${issuer}/session/end?client_id=${encodeURIComponent(clientId || "")}&post_logout_redirect_uri=${encodeURIComponent(postLogoutRedirect)}`,
+			`${issuer}/session/end?client_id=${encodeURIComponent(clientId || "")}&post_logout_redirect_uri=${encodeURIComponent(redirectUri)}`,
 		);
 	}
 	return c.redirect("/");