Init

2026-05-11 06:11:15 +00:00 · 2026-02-18 14:26:36 +01:00
commit 3a5726e82b
167 changed files with 104081 additions and 0 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -0,0 +1,81 @@
+import NextAuth from "next-auth";
+import { PrismaAdapter } from "@auth/prisma-adapter";
+import Credentials from "next-auth/providers/credentials";
+import GitHub from "next-auth/providers/github";
+import bcrypt from "bcryptjs";
+import { prisma } from "@/lib/prisma";
+import authConfig from "@/lib/auth.config";
+import { loginSchema } from "@/schemas/auth.schema";
+import "@/types/auth.types";
+
+export const { auth, handlers, signIn, signOut } = NextAuth({
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  adapter: PrismaAdapter(prisma) as any,
+  session: { strategy: "jwt" },
+  ...authConfig,
+  callbacks: {
+    ...authConfig.callbacks,
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id!;
+        token.role = user.role ?? "USER";
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      if (token) {
+        session.user.id = token.id as string;
+        session.user.role = token.role as "ADMIN" | "USER";
+      }
+      return session;
+    },
+  },
+  events: {
+    async createUser({ user }) {
+      if (user.id) {
+        await prisma.userSettings.upsert({
+          where: { userId: user.id },
+          update: {},
+          create: {
+            userId: user.id,
+            lowStockThreshold: 10,
+            currency: "USD",
+            theme: "dark",
+            units: "metric",
+          },
+        });
+      }
+    },
+  },
+  providers: [
+    Credentials({
+      async authorize(credentials) {
+        const parsed = loginSchema.safeParse(credentials);
+        if (!parsed.success) return null;
+
+        const user = await prisma.user.findUnique({
+          where: { email: parsed.data.email },
+        });
+        if (!user || !user.hashedPassword) return null;
+
+        const passwordMatch = await bcrypt.compare(parsed.data.password, user.hashedPassword);
+        if (!passwordMatch) return null;
+
+        return {
+          id: user.id,
+          name: user.name,
+          email: user.email,
+          role: user.role,
+        };
+      },
+    }),
+    ...(process.env.AUTH_GITHUB_ID
+      ? [
+          GitHub({
+            clientId: process.env.AUTH_GITHUB_ID,
+            clientSecret: process.env.AUTH_GITHUB_SECRET,
+          }),
+        ]
+      : []),
+  ],
+});