205 lines
6.9 KiB
TypeScript
205 lines
6.9 KiB
TypeScript
import NextAuth, { NextAuthOptions } from "next-auth"
|
|
import GoogleProvider from "next-auth/providers/google"
|
|
import FacebookProvider from "next-auth/providers/facebook"
|
|
import GithubProvider from "next-auth/providers/github"
|
|
import TwitterProvider from "next-auth/providers/twitter"
|
|
import Auth0Provider from "next-auth/providers/auth0"
|
|
import AppleProvider from "next-auth/providers/apple"
|
|
import EmailProvider from "next-auth/providers/email"
|
|
import CredentialsProvider from "next-auth/providers/credentials"
|
|
import { PrismaAdapter } from "@auth/prisma-adapter"
|
|
|
|
//microsoft
|
|
import AzureADProvider from "next-auth/providers/azure-ad";
|
|
|
|
// https://next-auth.js.org/getting-started/client
|
|
|
|
const common = require("../../../src/helpers/common");
|
|
import { isLoggedIn, setAuthTokens, clearAuthTokens, getAccessToken, getRefreshToken } from 'axios-jwt'
|
|
|
|
|
|
// console.log(process.env.EMAIL_SERVER)
|
|
// For more information on each option (and a full list of options) go to
|
|
// https://next-auth.js.org/configuration/options
|
|
export const authOptions: NextAuthOptions = {
|
|
// https://next-auth.js.org/configuration/providers/oauth
|
|
|
|
site: process.env.PUBLIC_URL,
|
|
secret: process.env.NEXTAUTH_SECRET, // Ensure you have this set in your .env file
|
|
//adapter: PrismaAdapter(prisma),
|
|
providers: [
|
|
// register new URL at https://console.cloud.google.com/apis/credentials/oauthclient/926212607479-d3m8hm8f8esp3rf1639prskn445sa01v.apps.googleusercontent.com?project=grand-forge-108716
|
|
//Request details: redirect_uri=http://20.101.62.76:8005/api/auth/callback/google https://s.mwhitnessing.com/
|
|
GoogleProvider({
|
|
clientId: process.env.GOOGLE_ID,
|
|
clientSecret: process.env.GOOGLE_SECRET,
|
|
authorization: {
|
|
params: {
|
|
prompt: "consent",
|
|
access_type: "offline",
|
|
response_type: "code"
|
|
}
|
|
}
|
|
}),
|
|
AzureADProvider({
|
|
clientId: process.env.AZURE_AD_CLIENT_ID,
|
|
clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
|
|
tenantId: process.env.AZURE_AD_TENANT_ID,
|
|
}),
|
|
CredentialsProvider({
|
|
// The name to display on the sign in form (e.g. 'Sign in with...')
|
|
name: 'Credentials',
|
|
credentials: {
|
|
username: { label: "Потребител", type: "text", placeholder: "Потребителско име" },
|
|
password: { label: "Парола", type: "password" }
|
|
},
|
|
async authorize(credentials, req) {
|
|
//const user = { id: "1", name: "Администратора", email: "jsmith@example.com" }
|
|
//return user
|
|
// const res = await fetch("/your/endpoint", {
|
|
// method: 'POST',
|
|
// body: JSON.stringify(credentials),
|
|
// headers: { "Content-Type": "application/json" }
|
|
// })
|
|
// const user = await res.json()
|
|
|
|
// // If no error and we have user data, return it
|
|
// if (res.ok && user) {
|
|
// return user
|
|
// }
|
|
// // Return null if user data could not be retrieved
|
|
// return null
|
|
const users = [
|
|
{ id: "1", name: "admin", email: "admin@example.com", password: "admin123", role: "ADMIN" },
|
|
{ id: "2", name: "krasi", email: "krasi@example.com", password: "krasi123", role: "ADMIN" },
|
|
{ id: "3", name: "popov", email: "popov@example.com", password: "popov123", role: "ADMIN" }
|
|
];
|
|
|
|
// Check if a user with the given username and password exists
|
|
const user = users.find(user =>
|
|
user.name === credentials.username && user.password === credentials.password
|
|
);
|
|
|
|
// If a matching user is found, return the user data, otherwise return null
|
|
if (user) {
|
|
return user; //{ id: user.id, name: user.name, email: user.email };
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}),
|
|
// AppleProvider({
|
|
// clientId: process.env.APPLE_ID,
|
|
// clientSecret: process.env.APPLE_SECRET
|
|
// })
|
|
/*
|
|
EmailProvider({
|
|
server: {
|
|
host: "smtp.mailtrap.io",
|
|
port: 2525,
|
|
auth: {
|
|
user: "8ec69527ff2104",
|
|
pass: "c7bc05f171c96c"
|
|
}
|
|
},
|
|
// server: process.env.EMAIL_SERVER,
|
|
from: "noreply@example.com",
|
|
}),
|
|
|
|
// Temporarily removing the Apple provider from the demo site as the
|
|
// callback URL for it needs updating due to Vercel changing domains
|
|
/*
|
|
|
|
*/
|
|
|
|
//d-popov@abv.bg
|
|
// Auth0Provider({
|
|
// clientId: process.env.AUTH0_ID,
|
|
// clientSecret: process.env.AUTH0_SECRET,
|
|
// issuer: process.env.AUTH0_ISSUER,
|
|
// }),
|
|
],
|
|
theme: {
|
|
colorScheme: "light",
|
|
},
|
|
session: {
|
|
strategy: "jwt"
|
|
},
|
|
callbacks: {
|
|
async signIn({ user, account, profile }) {
|
|
var prisma = common.getPrismaClient();
|
|
|
|
console.log("[nextauth] signIn:", account.provider, user.email)
|
|
if (account.provider === 'google') {
|
|
try {
|
|
// Check user in your database and assign roles
|
|
const dbUser = await prisma.publisher.findUnique({
|
|
where: { email: user.email }
|
|
});
|
|
|
|
if (dbUser) {
|
|
// Assign roles from your database to the session
|
|
user.role = dbUser.role;
|
|
user.id = dbUser.id;
|
|
//user.permissions = dbUser.permissions;
|
|
const session = { ...user };
|
|
return true; // Sign-in successful
|
|
} else {
|
|
// Optionally create a new user in your DB
|
|
// Or return false to deny access
|
|
return false;
|
|
}
|
|
} catch (e) {
|
|
console.log(e);
|
|
}
|
|
}
|
|
|
|
return true; // Allow other providers or default behavior
|
|
},
|
|
|
|
// Persist the OAuth access_token to the token right after signin
|
|
async jwt({ token, user, account, profile, isNewUser }) {
|
|
//!console.log("[nextauth] JWT", token, user)
|
|
//token.userRole = "adminer"
|
|
if (user) {
|
|
token.role = user.role;
|
|
token.id = user.id; //already done in session?
|
|
//token.name = user.name; already done in session (name, email, picture, sub)
|
|
}
|
|
if (account && user) {
|
|
token.accessToken = account.access_token; // Set the access token from the account object
|
|
token.provider = account.provider;
|
|
console.log("[nextauth] setting token.accessToken", token.accessToken);
|
|
setAuthTokens({
|
|
accessToken: account.accessToken,
|
|
refreshToken: account.refreshToken,
|
|
})
|
|
}
|
|
|
|
return token;
|
|
},
|
|
|
|
// Send properties to the client, like an access_token from a provider.
|
|
async session({ session, token, user }) {
|
|
//!console.log("[nextauth] session", token, user)
|
|
if (token) {
|
|
//session.user.role = token.role;
|
|
session.user.id = token.id;
|
|
session.user.role = token.role;
|
|
session.user.name = token.name || token.email;
|
|
}
|
|
|
|
// if (session?.user) {
|
|
// session.user.id = user.id; //duplicate
|
|
// }
|
|
|
|
return {
|
|
...session,
|
|
accessToken: token.accessToken
|
|
};
|
|
},
|
|
},
|
|
}
|
|
|
|
export default NextAuth(authOptions)
|