letsbe
/
MOPC-App
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
MOPC-App/src/lib/auth.config.ts

88 lines
2.1 KiB
TypeScript
Raw Blame History

import type { NextAuthConfig } from 'next-auth'
import type { UserRole } from '@prisma/client'
// Extend the built-in session types
declare module 'next-auth' {
interface Session {
user: {
id: string
email: string
name?: string | null
role: UserRole
mustSetPassword?: boolean
}
}
interface User {
role?: UserRole
mustSetPassword?: boolean
}
}
declare module '@auth/core/jwt' {
interface JWT {
id: string
role: UserRole
mustSetPassword?: boolean
}
}
// Edge-compatible auth config (no Node.js-only modules)
// This is used by middleware and can be extended in auth.ts for full functionality
export const authConfig: NextAuthConfig = {
providers: [], // Providers are added in auth.ts
callbacks: {
authorized({ auth, request: { nextUrl } }) {
const isLoggedIn = !!auth?.user
const { pathname } = nextUrl
// Public paths that don't require authentication
const publicPaths = [
'/login',
'/verify-email',
'/auth-error',
'/api/auth',
]
// Check if it's a public path
if (publicPaths.some((path) => pathname.startsWith(path))) {
return true
}
// If not logged in, redirect to login
if (!isLoggedIn) {
return false // Will redirect to signIn page
}
// Check if user needs to set password
const mustSetPassword = auth?.user?.mustSetPassword
const passwordSetupAllowedPaths = [
'/set-password',
'/api/auth',
'/api/trpc',
]
if (mustSetPassword) {
// Allow access to password setup related paths
if (passwordSetupAllowedPaths.some((path) => pathname.startsWith(path))) {
return true
}
// Redirect to set-password page
return Response.redirect(new URL('/set-password', nextUrl))
}
return true
},
},
pages: {
signIn: '/login',
verifyRequest: '/verify-email',
error: '/auth-error',
newUser: '/set-password',
},
session: {
strategy: 'jwt',
maxAge: parseInt(process.env.SESSION_MAX_AGE || '86400'), // 24 hours
},
}
Reference in New Issue View Git Blame Copy Permalink