redirect to correct endpoint

auth.js

@@ -15,7 +15,7 @@ export class Auth {
 
   async redirect(event) {
     const url = new URL(
-      this.remoteBaseUrl + '/'
+      this.giteaAppBaseUrl + '/login/oauth/authorize'
     )
     const search = new URLSearchParams()
     search.set('response_type', 'code')
@@ -24,8 +24,16 @@ export class Auth {
       'redirect_uri',
       this.remoteBaseUrl + '/auth/callback'
     )
-    search.state = 'state'
+    const timestamp = new Date().valueOf()
+    // TODO: sign
+    const signedTimestamp = `${timestamp}`
+    search.set('state', signedTimestamp)
     url.search = search.toString()
-    return Response.redirect(url.toString())
+    return new Response('', {
+      headers: {
+        Location: url.toString()
+      },
+      status: 302,
+    })
   }
 }