2023-02-18 21:32:02 -06:00
|
|
|
import { prisma } from "@/lib/api/db";
|
2023-02-06 11:59:23 -06:00
|
|
|
import NextAuth from "next-auth/next";
|
|
|
|
|
import CredentialsProvider from "next-auth/providers/credentials";
|
2023-11-06 07:25:57 -06:00
|
|
|
import { AuthOptions } from "next-auth";
|
2023-02-06 11:59:23 -06:00
|
|
|
import bcrypt from "bcrypt";
|
2023-07-08 05:35:43 -05:00
|
|
|
import EmailProvider from "next-auth/providers/email";
|
2023-07-12 13:26:34 -05:00
|
|
|
import { PrismaAdapter } from "@auth/prisma-adapter";
|
|
|
|
|
import { Adapter } from "next-auth/adapters";
|
|
|
|
|
import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
|
|
|
|
|
import { Provider } from "next-auth/providers";
|
2023-11-06 07:25:57 -06:00
|
|
|
import verifySubscription from "@/lib/api/verifySubscription";
|
2023-11-19 07:38:05 -06:00
|
|
|
import KeycloakProvider from "next-auth/providers/keycloak";
|
2023-11-26 05:44:44 -06:00
|
|
|
import AuthentikProvider from "next-auth/providers/authentik";
|
2023-02-06 11:59:23 -06:00
|
|
|
|
2023-07-15 21:15:43 -05:00
|
|
|
const emailEnabled =
|
|
|
|
|
process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;
|
2023-07-12 15:34:05 -05:00
|
|
|
|
2023-11-19 07:38:05 -06:00
|
|
|
const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true";
|
2023-11-26 05:44:44 -06:00
|
|
|
const authentikEnabled = process.env.NEXT_PUBLIC_AUTHENTIK_ENABLED === "true";
|
2023-11-09 04:41:08 -06:00
|
|
|
|
|
|
|
|
const adapter = PrismaAdapter(prisma);
|
|
|
|
|
|
2023-11-06 07:25:57 -06:00
|
|
|
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
|
|
|
|
|
|
2023-07-12 13:26:34 -05:00
|
|
|
const providers: Provider[] = [
|
|
|
|
|
CredentialsProvider({
|
|
|
|
|
type: "credentials",
|
2023-07-15 21:15:43 -05:00
|
|
|
credentials: {},
|
2023-07-12 13:26:34 -05:00
|
|
|
async authorize(credentials, req) {
|
2023-11-06 07:25:57 -06:00
|
|
|
console.log("User log in attempt...");
|
2023-07-12 13:26:34 -05:00
|
|
|
if (!credentials) return null;
|
2023-07-08 05:35:43 -05:00
|
|
|
|
2023-07-15 21:15:43 -05:00
|
|
|
const { username, password } = credentials as {
|
|
|
|
|
username: string;
|
|
|
|
|
password: string;
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-06 07:25:57 -06:00
|
|
|
const user = await prisma.user.findFirst({
|
2023-07-15 21:15:43 -05:00
|
|
|
where: emailEnabled
|
|
|
|
|
? {
|
|
|
|
|
OR: [
|
|
|
|
|
{
|
|
|
|
|
username: username.toLowerCase(),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
email: username?.toLowerCase(),
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
emailVerified: { not: null },
|
|
|
|
|
}
|
|
|
|
|
: {
|
|
|
|
|
username: username.toLowerCase(),
|
2023-07-12 13:26:34 -05:00
|
|
|
},
|
|
|
|
|
});
|
2023-07-08 05:35:43 -05:00
|
|
|
|
2023-07-12 13:26:34 -05:00
|
|
|
let passwordMatches: boolean = false;
|
2023-02-06 11:59:23 -06:00
|
|
|
|
2023-11-06 07:25:57 -06:00
|
|
|
if (user?.password) {
|
|
|
|
|
passwordMatches = bcrypt.compareSync(password, user.password);
|
2023-07-12 13:26:34 -05:00
|
|
|
}
|
2023-02-06 11:59:23 -06:00
|
|
|
|
2023-07-12 13:26:34 -05:00
|
|
|
if (passwordMatches) {
|
2023-11-06 07:25:57 -06:00
|
|
|
return { id: user?.id };
|
2023-07-12 13:26:34 -05:00
|
|
|
} else return null as any;
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
];
|
2023-02-06 11:59:23 -06:00
|
|
|
|
2023-11-09 04:41:08 -06:00
|
|
|
if (emailEnabled) {
|
2023-07-12 13:26:34 -05:00
|
|
|
providers.push(
|
|
|
|
|
EmailProvider({
|
|
|
|
|
server: process.env.EMAIL_SERVER,
|
|
|
|
|
from: process.env.EMAIL_FROM,
|
2023-07-15 21:15:43 -05:00
|
|
|
maxAge: 1200,
|
2023-07-12 13:26:34 -05:00
|
|
|
sendVerificationRequest(params) {
|
|
|
|
|
sendVerificationRequest(params);
|
2023-02-06 11:59:23 -06:00
|
|
|
},
|
2023-07-12 13:26:34 -05:00
|
|
|
})
|
|
|
|
|
);
|
2023-11-09 04:41:08 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (keycloakEnabled) {
|
|
|
|
|
providers.push(
|
|
|
|
|
KeycloakProvider({
|
2023-11-19 07:38:05 -06:00
|
|
|
id: "keycloak",
|
|
|
|
|
name: "Keycloak",
|
2023-11-09 04:41:08 -06:00
|
|
|
clientId: process.env.KEYCLOAK_CLIENT_ID!,
|
|
|
|
|
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
|
|
|
issuer: process.env.KEYCLOAK_ISSUER,
|
|
|
|
|
profile: (profile) => {
|
|
|
|
|
return {
|
|
|
|
|
id: profile.sub,
|
|
|
|
|
username: profile.preferred_username,
|
|
|
|
|
name: profile.name ?? profile.preferred_username,
|
|
|
|
|
email: profile.email,
|
|
|
|
|
image: profile.picture,
|
|
|
|
|
};
|
|
|
|
|
},
|
2023-11-19 07:38:05 -06:00
|
|
|
})
|
2023-11-09 04:41:08 -06:00
|
|
|
);
|
|
|
|
|
const _linkAccount = adapter.linkAccount;
|
|
|
|
|
adapter.linkAccount = (account) => {
|
2023-11-19 07:38:05 -06:00
|
|
|
const { "not-before-policy": _, refresh_expires_in, ...data } = account;
|
2023-11-09 04:41:08 -06:00
|
|
|
return _linkAccount ? _linkAccount(data) : undefined;
|
2023-11-26 05:44:44 -06:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (authentikEnabled) {
|
|
|
|
|
console.log(authentikEnabled)
|
|
|
|
|
providers.push(
|
|
|
|
|
AuthentikProvider({
|
|
|
|
|
id: "authentik",
|
|
|
|
|
name: "Authentik",
|
|
|
|
|
clientId: process.env.AUTHENTIK_CLIENT_ID!,
|
|
|
|
|
clientSecret: process.env.AUTHENTIK_CLIENT_SECRET!,
|
|
|
|
|
issuer: process.env.AUTHENTIK_ISSUER,
|
|
|
|
|
profile: (profile) => {
|
|
|
|
|
console.log(profile)
|
|
|
|
|
return {
|
|
|
|
|
id: profile.sub,
|
|
|
|
|
username: profile.preferred_username,
|
|
|
|
|
name: profile.name ?? profile.preferred_username,
|
|
|
|
|
email: profile.email,
|
|
|
|
|
image: profile.picture,
|
|
|
|
|
};
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
const _linkAccount = adapter.linkAccount;
|
|
|
|
|
adapter.linkAccount = (account) => {
|
|
|
|
|
const { "not-before-policy": _, refresh_expires_in, ...data } = account;
|
|
|
|
|
return _linkAccount ? _linkAccount(data) : undefined;
|
2023-11-09 04:41:08 -06:00
|
|
|
};
|
|
|
|
|
}
|
2023-07-12 13:26:34 -05:00
|
|
|
|
|
|
|
|
export const authOptions: AuthOptions = {
|
2023-11-09 04:41:08 -06:00
|
|
|
adapter: adapter as Adapter,
|
2023-07-12 13:26:34 -05:00
|
|
|
session: {
|
|
|
|
|
strategy: "jwt",
|
2023-07-15 21:15:43 -05:00
|
|
|
maxAge: 30 * 24 * 60 * 60, // 30 days
|
2023-07-12 13:26:34 -05:00
|
|
|
},
|
|
|
|
|
providers,
|
2023-02-06 11:59:23 -06:00
|
|
|
pages: {
|
2023-02-08 15:11:33 -06:00
|
|
|
signIn: "/login",
|
2023-07-12 15:34:05 -05:00
|
|
|
verifyRequest: "/confirmation",
|
2023-02-08 15:11:33 -06:00
|
|
|
},
|
|
|
|
|
callbacks: {
|
2023-10-22 23:28:39 -05:00
|
|
|
async jwt({ token, trigger, user }) {
|
2023-11-06 07:25:57 -06:00
|
|
|
token.sub = token.sub ? Number(token.sub) : undefined;
|
2023-11-19 07:38:05 -06:00
|
|
|
if (trigger === "signIn" || trigger === "signUp")
|
|
|
|
|
token.id = user?.id as number;
|
2023-07-15 21:15:43 -05:00
|
|
|
|
2023-11-06 07:25:57 -06:00
|
|
|
return token;
|
|
|
|
|
},
|
|
|
|
|
async session({ session, token }) {
|
|
|
|
|
session.user.id = token.id;
|
2023-07-15 21:15:43 -05:00
|
|
|
|
2023-11-06 07:25:57 -06:00
|
|
|
if (STRIPE_SECRET_KEY) {
|
2023-11-02 13:59:31 -05:00
|
|
|
const user = await prisma.user.findUnique({
|
|
|
|
|
where: {
|
2023-11-06 07:25:57 -06:00
|
|
|
id: token.id,
|
2023-11-02 13:59:31 -05:00
|
|
|
},
|
2023-11-06 07:25:57 -06:00
|
|
|
include: {
|
|
|
|
|
subscriptions: true,
|
2023-07-19 15:39:59 -05:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
2023-11-06 07:25:57 -06:00
|
|
|
if (user) {
|
|
|
|
|
const subscribedUser = await verifySubscription(user);
|
2023-07-19 15:39:59 -05:00
|
|
|
}
|
2023-05-21 04:54:42 -05:00
|
|
|
}
|
2023-11-02 13:59:31 -05:00
|
|
|
|
2023-11-02 00:52:49 -05:00
|
|
|
return session;
|
|
|
|
|
},
|
2023-02-06 11:59:23 -06:00
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
export default NextAuth(authOptions);
|
