-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.ts
More file actions
139 lines (106 loc) · 3.58 KB
/
auth.ts
File metadata and controls
139 lines (106 loc) · 3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// /Users/stvlley/Desktop/realist-8-app/auth.ts
import NextAuth, { type DefaultSession } from "next-auth"
import GoogleProvider from "next-auth/providers/google"
import GithubProvider from "next-auth/providers/github"
import LinkedInProvider from "next-auth/providers/linkedin"
import FacebookProvider from "next-auth/providers/facebook"
import { DrizzleAdapter } from "@auth/drizzle-adapter"
import { db } from "@/lib/db" // Adjust the path based on your project structure
import Credentials from "next-auth/providers/credentials"
import { LoginSchema } from "./schemas"
import { getUserByEmail, getUserById } from "./data/user"
import bcrypt from "bcryptjs"
import { getUserRoleById } from "./data/role"
type ExtendedUser = DefaultSession["user"] & {
role: string
customField: string
}
declare module "next-auth" {
interface Session {
user: ExtendedUser
accessToken?: string // Add accessToken to Session
}
interface JWT {
role?: string
accessToken?: string // Add accessToken to JWT
}
}
export const { auth, signIn, signOut, handlers: {GET, POST} } = NextAuth({
adapter: DrizzleAdapter(db),
secret: process.env.AUTH_SECRET,
session: { strategy: "jwt" },
providers: [
Credentials({
async authorize(credentials) {
const validatedFields = LoginSchema.safeParse(credentials);
if (validatedFields.success) {
const { email, password } = validatedFields.data;
const user = await getUserByEmail(email);
console.log('user:', typeof user)
if (!user || !user) return null;
const userPassword: string = user.password as string;
const passwordMatch = await bcrypt.compare(
password,
userPassword,
);
if (passwordMatch) return user;
}
console.log(validatedFields.data)
return null;
}
}),
GoogleProvider({
clientId: process.env.AUTH_GOOGLE_ID!,
clientSecret: process.env.AUTH_GOOGLE_SECRET!,
}),
GithubProvider({
clientId: process.env.AUTH_GITHUB_ID!,
clientSecret: process.env.AUTH_GITHUB_SECRET!,
}),
LinkedInProvider({
clientId: process.env.AUTH_LINKEDIN_ID!,
clientSecret: process.env.AUTH_LINKEDIN_SECRET!,
// Optionally, customize scope or other options
// authorization: { params: { scope: 'r_liteprofile r_emailaddress' } },
}),
FacebookProvider({
clientId: process.env.AUTH_FACEBOOK_ID!,
clientSecret: process.env.AUTH_FACEBOOK_SECRET!,
}),
],
callbacks: {
async signIn({user}) {
const existingUser = await getUserById(user.id as string);
// if ( !existingUser || !existingUser.emailVerified) {
// // alert user to verify email
// return false;
// }
return true
},
async session({ session, token }) {
console.log({
sessionToken: token
})
if (token.sub && session.user) {
session.user.id = token.sub;
}
if (token.role && session.user) {
session.user.role = token.role as string;
// session.user.customField = "This is a custom field";
}
return session
},
async jwt({ token, user }) {
if (!token.sub) return token;
const existingUser = await getUserById(token.sub);
const userRole = await getUserRoleById(token.sub);
if (user && userRole) {
token.role = userRole; // Assuming user has a 'role' property
} else {
token.role = "agent"; // Default
}
if (!existingUser && !userRole) return token;
return token;
},
}
})