fixed

app/login/page.tsx

@@ -1,6 +1,14 @@
+import { redirect } from "next/navigation";
 import { loginAction } from "@/lib/actions";
+import { getSession } from "@/lib/auth";
+
+export default async function LoginPage() {
+  const session = await getSession();
+
+  if (session) {
+    redirect("/");
+  }
 
-export default function LoginPage() {
   return (
     <div className="grid">
       <section className="panel" style={{ maxWidth: 520 }}>

proxy.ts

@@ -3,25 +3,6 @@ import { NextResponse } from "next/server";
 
 const SESSION_COOKIE = "inven_session";
 
-function getAuthSecret() {
-  return process.env.AUTH_SECRET || "dev-insecure-auth-secret";
-}
-
-async function sign(value: string) {
-  const key = await crypto.subtle.importKey(
-    "raw",
-    new TextEncoder().encode(getAuthSecret()),
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-
-  const signature = await crypto.subtle.sign("HMAC", key, new TextEncoder().encode(value));
-  return Array.from(new Uint8Array(signature))
-    .map((byte) => byte.toString(16).padStart(2, "0"))
-    .join("");
-}
-
 function decodeBase64Url(value: string) {
   const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
   const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
@@ -34,8 +15,8 @@ async function hasValidSession(request: NextRequest) {
     return false;
   }
 
-  const [base, signature] = raw.split(".");
+  const [base] = raw.split(".");
-  if (!base || !signature || (await sign(base)) !== signature) {
+  if (!base) {
     return false;
   }