chore: fix harcoded oauth dev port

[serhalp]

🔗 Linked issue

N/A - just found this while working on something else

🧭 Context

When the dev server runs on another port, you can't auth because it redirects back to to port 3000.

📚 Description

Use the nuxt dev server port instead of hardcoding

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Feb 28, 2026 4:33pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Feb 28, 2026 4:33pm
npmx-lunaria	Ignored		Feb 28, 2026 4:33pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[serhalp]

We still need this final fallback for the test env.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request introduces devUrl support across the environment configuration and OAuth modules. The config/env.ts file now computes devUrl from the Nuxt development server port when in development mode and exports it via the getEnv function. The modules/oauth.ts file is updated to extract devUrl and incorporate it into the clientUri fallback chain, checking productionUrl first, followed by previewUrl, then devUrl, and finally a default value.

Possibly related PRs

• chore: use getEnv in oauth module for platform agnosticity #1148: Directly related through modifications to the same code paths in config/getEnv and modules/oauth, with this PR's devUrl addition extending the earlier environment URL supply logic.

Suggested reviewers

• danielroe

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description clearly relates to the changeset by explaining the problem (hardcoded port) and solution (use Nuxt dev server port dynamically).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch serhalp/fix-auth-redirect-port

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5ccbff and 8f4b884.

📒 Files selected for processing (2)

• config/env.ts
• modules/oauth.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, locate and inspect config/env.ts around lines 153-154
find . -name "env.ts" -path "*/config/*" | head -5

Repository: npmx-dev/npmx.dev

Length of output: 76

---

🏁 Script executed:

# Check the structure around lines 153-154 in config/env.ts
fd "env.ts" -p "config" | head -1 | xargs wc -l

Repository: npmx-dev/npmx.dev

Length of output: 78

---

🏁 Script executed:

# Get the actual content around lines 153-154
fd "env.ts" -p "config" | head -1 | xargs cat -n | sed -n '145,165p'

Repository: npmx-dev/npmx.dev

Length of output: 729

---

🏁 Script executed:

# Also check modules/oauth.ts to verify the fallback logic
fd "oauth.ts" -p "modules" | head -1 | xargs cat -n | sed -n '1,30p'

Repository: npmx-dev/npmx.dev

Length of output: 1289

---

🏁 Script executed:

# Search for the getEnv function definition to understand context
rg "function getEnv|const getEnv" -B 2 -A 5

Repository: npmx-dev/npmx.dev

Length of output: 365

---

🌐 Web query:

Nuxt 4.3.1 devServer.port type definition and whether it is guaranteed to be defined

💡 Result:

Type definition (Nuxt 4.3.1)

• In nuxt.config.ts (user config), devServer.port is a number and is optional (you can omit it). The config reference documents it as:
  • Type: number
  • Default: 3000  [1]

Is it guaranteed to be defined?

• In resolved Nuxt options (nuxt.options), devServer.port is treated as defined (Nuxt applies defaults). The nuxt dev command docs show the fallback chain ending in nuxtOptions.devServer.port (not optional-chained), which implies Nuxt expects it to exist after resolution. [2]

Practical takeaway

• If you’re reading the user’s raw config object, it may be undefined (because it’s optional in config).
• If you’re reading nuxt.options.devServer.port inside Nuxt/module hooks after config resolution, you can generally treat it as a number (defaulting to 3000 unless overridden by CLI/env). [1][2]

Sources: [1] Nuxt config reference (devServer.port) [2] nuxt dev command docs (default resolution order)

---

🏁 Script executed:

# Check if there are any type definitions or nuxt.config in the repo
fd "nuxt.config" | head -5

Repository: npmx-dev/npmx.dev

Length of output: 95

---

🏁 Script executed:

# Search for devServer port references in the codebase
rg "devServer\.port|devServer\?" -B 2 -A 2

Repository: npmx-dev/npmx.dev

Length of output: 350

---

🏁 Script executed:

# Check if there's package.json to verify Nuxt version
cat package.json | grep -A 2 -B 2 '"nuxt"'

Repository: npmx-dev/npmx.dev

Length of output: 196

---

🏁 Script executed:

# Search for all calls to getEnv to verify it's only called in module context
rg "getEnv\(" -B 2 -A 2

Repository: npmx-dev/npmx.dev

Length of output: 1248

---

🏁 Script executed:

# Also check the full context of config/env.ts to see if there are any type annotations
cat -n config/env.ts | head -20

Repository: npmx-dev/npmx.dev

Length of output: 937

---

🏁 Script executed:

# Check nuxt.config.ts to see how devServer is configured in this project
cat nuxt.config.ts

Repository: npmx-dev/npmx.dev

Length of output: 10471

---

Add defensive check for devServer.port to align with strict type-safety guidelines.

Line 154 accesses nuxt.options.devServer.port without validation. Although Nuxt resolves this to a default value of 3000 in module setup hooks, the code should align with the coding guideline requiring strictly type-safe access patterns. A defensive check would improve code robustness:

const nuxt = useNuxt()
const devPort = nuxt.options.devServer?.port
const devUrl = isDevelopment && typeof devPort === 'number' ? `http://127.0.0.1:${devPort}` : undefined

This ensures devUrl is only set when a valid port is present, maintaining consistency with the fallback chain in modules/oauth.ts line 16.

[danielroe]

have you tested this when running the dev server on another port?

[serhalp]

have you tested this when running the dev server on another port?

😓 great point. It doesn't work. and I just tried about six other approaches and none of them worked either. I believe we need to use a .hook('listen') to capture the actual dev server url, but I think the oauth module needs to be refactored, because it does all its work in setup, which runs too early(?).

I'll change this to a draft and focus on something else for now 😶.