FilesExpand file tree

 main

/

auth.ts

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

92 lines (76 loc) · 2.38 KB

 main

/

auth.ts

Top

File metadata and controls

• Code
• Blame

92 lines (76 loc) · 2.38 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

import NextAuth, { type DefaultSession } from "next-auth"

import authConfig from "./auth.config"

import { PrismaAdapter } from "@auth/prisma-adapter"

import db from "./lib/db"

import { getUserById } from "./data/user"

import { UserRole } from "@prisma/client"

import { getTwoFactorConfirmationByUserId } from "./data/two-factor-confirmation"

import { use } from "react"

export type ExtendedUser = {

role: UserRole,

isTwoFactorEnabled: boolean

} & DefaultSession["user"]

declare module "next-auth" {

interface Session {

user: ExtendedUser

}

}

export const { auth, handlers, signIn, signOut } = NextAuth({

...authConfig,

adapter: PrismaAdapter(db),

session: { strategy: "jwt" },

callbacks: {

async signIn({ user, account }) {

// google and github signin are automatically email verified

if (account?.provider !== "credentials") return true;

if (!user.id) return false;

const existingUser = await getUserById(user.id);

// Prevent signin unverified emails

if (!existingUser || !existingUser.emailVerified) return false

// TODO: Add 2FA check

if (existingUser.isTwoFactorEnabled) {

const twoFactorConfirmation = await getTwoFactorConfirmationByUserId(existingUser.id);

if (!twoFactorConfirmation) return false;

// Delete 2FA Every login

// await db.twoFactorConfirmation.delete({

// where: { id: twoFactorConfirmation.id }

// })

}

return true

},

async session({ token, session }) {

if (token.sub && session.user) {

session.user.id = token.sub;

}

if (token.role && session.user) {

session.user.role = token.role as UserRole;

}

if (session.user) {

session.user.isTwoFactorEnabled = token.isTwoFactorEnabled as boolean;

}

return session

},

async jwt({ token }) {

if (!token.sub) return token;

const existingUser = await getUserById(token.sub);

if (!existingUser) return token;

token.role = existingUser.role;

token.isTwoFactorEnabled = existingUser.isTwoFactorEnabled;

return token

}

},

events: {

async linkAccount({ user }) {

if (!user.id)

return;

await db.user.update({

where: {id: user.id},

data: { emailVerified: new Date() }

})

}

},

pages: {

signIn: '/auth/login',

error: '/auth/error'

}

})