-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathauth.config.ts
129 lines (117 loc) · 3.56 KB
/
auth.config.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import Credentials from 'next-auth/providers/credentials'
import bcrypt from 'bcryptjs'
import { NextAuthConfig } from 'next-auth'
import Github from 'next-auth/providers/github'
import Google from 'next-auth/providers/google'
import Facebook from 'next-auth/providers/facebook'
import { NextResponse } from 'next/server'
import { prisma } from './lib/db'
import { PRIVATE_PATHS } from './lib/appRoutes'
import { AUTH_PATHS } from './lib/appRoutes'
import { i18nRouter } from 'next-i18n-router'
import i18nConfig from './i18nConfig'
export default {
providers: [
Github({
clientId: process.env.GITHUB_TEST_CLIENT,
clientSecret: process.env.GITHUB_TEST_SECRET,
}),
Google({
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
}),
Facebook({
clientId: process.env.FACEBOOK_CLIENT_ID,
clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
}),
Credentials({
credentials: {
email: { name: 'email', type: 'email', placeholder: 'email' },
password: {
name: 'password',
type: 'password',
placeholder: 'password',
},
},
authorize: async (credentials) => {
let user = null
// Find user
user = await prisma.user.findUnique({
where: {
email: credentials.email as string,
},
})
// Check if user exists
if (!user) {
throw new Error('User does not exist')
}
// Check if password is correct
const isPasswordCorrect = bcrypt.compareSync(
credentials.password as string,
user.password as string
)
// Throw error if password is incorrect
if (!isPasswordCorrect) {
throw new Error('Invalid password')
}
// Return user
const { password, ...userWithoutPassword } = user
return userWithoutPassword
},
}),
],
callbacks: {
async jwt({ token, user }) {
if (user) {
token.id = user.id as string
token.email = user.email as string
token.name = user.name as string
}
return token
},
async session({ session, token }) {
session.user.id = token.id as string
session.user.email = token.email as string
session.user.name = token.name as string
return session
},
async signIn({ account }) {
// return true if user signed in with oauth
if (account?.provider !== 'credentials') {
return true
}
return true
},
authorized: ({ request, auth }) => {
// Check what path the user is trying to access
let path = request.nextUrl.pathname
// extract the locale from the path
path = '/' + path.split('/')[2]
// check if user is logged in
const isLoggedIn = !!auth?.user
// Check if user is trying to access a private path
if (PRIVATE_PATHS.includes(path) && !isLoggedIn) {
return NextResponse.redirect(
new URL('/signIn?message=sign-in-required', request.nextUrl.origin)
)
}
// Check if user is trying to access an auth path
if (AUTH_PATHS.includes(path) && isLoggedIn) {
return Response.redirect(new URL('/', request.nextUrl.origin))
}
return i18nRouter(request, i18nConfig)
},
},
events: {
linkAccount: async ({ user }) => {
// Update user
await prisma.user.update({
where: { id: user.id },
data: {
emailVerified: new Date(),
},
})
return
},
},
} satisfies NextAuthConfig