Google OAuth callback URL hardcoded to production

### p5.js version

_No response_

### What is your operating system?

None

### Web browser and version

_No response_

### Actual Behavior

Google strategy uses a hardcoded callback URL `https://editor.p5js.org/auth/google/callback`. In development or staging, after Google sign-in the user is redirected to production, breaking the flow and making local/staging Google OAuth testing impossible.

**Location:** `server/config/passport.js` line 237

### Expected Behavior

Callback URL should be derived from configuration (e.g. `EDITOR_URL` or similar) so each environment uses its own URL (e.g. `http://localhost:3000/auth/google/callback` in dev).

### Steps to reproduce

1. Run the app locally and start Google OAuth sign-in.
2. After authenticating with Google, observe redirect to `https://editor.p5js.org/auth/google/callback` instead of localhost.
3. Result: cannot complete sign-in in local/staging.

### Snippet:

```js
// passport.js - GoogleStrategy
callbackURL: 'https://editor.p5js.org/auth/google/callback',
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Google OAuth callback URL hardcoded to production #3910

p5.js version

What is your operating system?

Web browser and version

Actual Behavior

Expected Behavior

Steps to reproduce

Snippet:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Google OAuth callback URL hardcoded to production #3910

Description

p5.js version

What is your operating system?

Web browser and version

Actual Behavior

Expected Behavior

Steps to reproduce

Snippet:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions