Authify/auth.ts at master · Neon-20/Authify · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import NextAuth from "next-auth"
import { PrismaAdapter } from "@auth/prisma-adapter"
import { PrismaClient, UserRole } from "@prisma/client"
import authConfig from "./auth.config"
import { db } from "./lib/db"
import { getUserById } from './data/user';
import { getTwoFactorConfirmationByUserId } from "./data/two-factor-confirmation"
import { getAccountByUserId } from "./data/account"

const prisma = new PrismaClient()

export const {
    handlers:{GET,POST},
    auth,
    signIn,
    signOut
} = NextAuth({
pages:{
    signIn:"/auth/login",
    error:"/auth/error"
},
//automatically populate the email-verified fields if we login with Oauth
events:{
    async linkAccount({user}){
        await db.user.update({
            where:{
                id:user.id,
            },
            data:{
                emailVerified: new Date()
            }
        })
    }
},

//match for second checking.

callbacks:{
    //Just trying to block myself from signing in xD if I am not verified
    async signIn({user,account}){
        // console.log({
        //     user,
        //     account
        // })

        //Allow OAuth without email verification
        if(account?.provider!=="credentials") return true;

        const existingUser = await getUserById(user.id);

        //prevent signIn without email verification
        if(!existingUser?.emailVerified) return false;

        //do 2FA callback
        if(existingUser.isTwoFactorEnabled && existingUser.email){
            const twoFactorConfirmation = await getTwoFactorConfirmationByUserId(existingUser.id)
            if(!twoFactorConfirmation){
                return false;
            }
        await db.twoFactorConfirmation.delete({
            where:{
                id:twoFactorConfirmation.id
            }
        })
        }

        return true;
    },

    async session({token,session}){
        if(token.sub && session.user){
            session.user.id = token.sub
        }
        if(token.role && session.user){
            session.user.role = token.role as UserRole
        }

        if(session.user){
            session.user.isTwoFactorEnabled = token.isTwoFactorEnabled as boolean
        }

        if(session.user){
            session.user.name = token.name
            session.user.email = token.email
            session.user.isOAuth = token.isOAuth as boolean
        }
        return session
    },

    async jwt({token}){
        if(!token.sub){
            return token
        }
        const existingUser = await getUserById(token.sub);
        if(!existingUser){
            return token
        }

        const existingAccount = await getAccountByUserId(existingUser.id)

        token.isOAuth = !!existingAccount
        token.name = existingUser.name
        token.email = existingUser.email
        token.role = existingUser.role
        token.isTwoFactorEnabled = existingUser.isTwoFactorEnabled;
        return token
    }

},
adapter: PrismaAdapter(db),
session: { strategy: "jwt" },
...authConfig,
})