Apply full refactor updates plus pipeline/email UX confirmations
All checks were successful
Build and Push Docker Image / build (push) Successful in 10m33s
All checks were successful
Build and Push Docker Image / build (push) Successful in 10m33s
This commit is contained in:
Matt
@@ -1,91 +1,91 @@
|
||||
import type { NextAuthConfig } from 'next-auth'
|
||||
import type { UserRole } from '@prisma/client'
|
||||
|
||||
// Extend the built-in session types
|
||||
declare module 'next-auth' {
|
||||
interface Session {
|
||||
user: {
|
||||
id: string
|
||||
email: string
|
||||
name?: string | null
|
||||
role: UserRole
|
||||
mustSetPassword?: boolean
|
||||
}
|
||||
}
|
||||
|
||||
interface User {
|
||||
role?: UserRole
|
||||
mustSetPassword?: boolean
|
||||
}
|
||||
}
|
||||
|
||||
declare module '@auth/core/jwt' {
|
||||
interface JWT {
|
||||
id: string
|
||||
role: UserRole
|
||||
mustSetPassword?: boolean
|
||||
}
|
||||
}
|
||||
|
||||
// Edge-compatible auth config (no Node.js-only modules)
|
||||
// This is used by middleware and can be extended in auth.ts for full functionality
|
||||
export const authConfig: NextAuthConfig = {
|
||||
providers: [], // Providers are added in auth.ts
|
||||
callbacks: {
|
||||
authorized({ auth, request: { nextUrl } }) {
|
||||
const isLoggedIn = !!auth?.user
|
||||
const { pathname } = nextUrl
|
||||
|
||||
// Public paths that don't require authentication
|
||||
const publicPaths = [
|
||||
'/login',
|
||||
'/verify',
|
||||
'/verify-email',
|
||||
'/error',
|
||||
'/accept-invite',
|
||||
'/apply',
|
||||
'/api/auth',
|
||||
'/api/trpc', // tRPC handles its own auth via procedures
|
||||
]
|
||||
|
||||
// Check if it's a public path
|
||||
if (publicPaths.some((path) => pathname.startsWith(path))) {
|
||||
return true
|
||||
}
|
||||
|
||||
// If not logged in, redirect to login
|
||||
if (!isLoggedIn) {
|
||||
return false // Will redirect to signIn page
|
||||
}
|
||||
|
||||
// Check if user needs to set password
|
||||
const mustSetPassword = auth?.user?.mustSetPassword
|
||||
const passwordSetupAllowedPaths = [
|
||||
'/set-password',
|
||||
'/api/auth',
|
||||
'/api/trpc',
|
||||
]
|
||||
|
||||
if (mustSetPassword) {
|
||||
// Allow access to password setup related paths
|
||||
if (passwordSetupAllowedPaths.some((path) => pathname.startsWith(path))) {
|
||||
return true
|
||||
}
|
||||
// Redirect to set-password page
|
||||
return Response.redirect(new URL('/set-password', nextUrl))
|
||||
}
|
||||
|
||||
return true
|
||||
},
|
||||
},
|
||||
pages: {
|
||||
signIn: '/login',
|
||||
verifyRequest: '/verify-email',
|
||||
error: '/error',
|
||||
newUser: '/set-password',
|
||||
},
|
||||
session: {
|
||||
strategy: 'jwt',
|
||||
maxAge: parseInt(process.env.SESSION_MAX_AGE || '86400'), // 24 hours
|
||||
},
|
||||
}
|
||||
import type { NextAuthConfig } from 'next-auth'
|
||||
import type { UserRole } from '@prisma/client'
|
||||
|
||||
// Extend the built-in session types
|
||||
declare module 'next-auth' {
|
||||
interface Session {
|
||||
user: {
|
||||
id: string
|
||||
email: string
|
||||
name?: string | null
|
||||
role: UserRole
|
||||
mustSetPassword?: boolean
|
||||
}
|
||||
}
|
||||
|
||||
interface User {
|
||||
role?: UserRole
|
||||
mustSetPassword?: boolean
|
||||
}
|
||||
}
|
||||
|
||||
declare module '@auth/core/jwt' {
|
||||
interface JWT {
|
||||
id: string
|
||||
role: UserRole
|
||||
mustSetPassword?: boolean
|
||||
}
|
||||
}
|
||||
|
||||
// Edge-compatible auth config (no Node.js-only modules)
|
||||
// This is used by middleware and can be extended in auth.ts for full functionality
|
||||
export const authConfig: NextAuthConfig = {
|
||||
providers: [], // Providers are added in auth.ts
|
||||
callbacks: {
|
||||
authorized({ auth, request: { nextUrl } }) {
|
||||
const isLoggedIn = !!auth?.user
|
||||
const { pathname } = nextUrl
|
||||
|
||||
// Public paths that don't require authentication
|
||||
const publicPaths = [
|
||||
'/login',
|
||||
'/verify',
|
||||
'/verify-email',
|
||||
'/error',
|
||||
'/accept-invite',
|
||||
'/apply',
|
||||
'/api/auth',
|
||||
'/api/trpc', // tRPC handles its own auth via procedures
|
||||
]
|
||||
|
||||
// Check if it's a public path
|
||||
if (publicPaths.some((path) => pathname.startsWith(path))) {
|
||||
return true
|
||||
}
|
||||
|
||||
// If not logged in, redirect to login
|
||||
if (!isLoggedIn) {
|
||||
return false // Will redirect to signIn page
|
||||
}
|
||||
|
||||
// Check if user needs to set password
|
||||
const mustSetPassword = auth?.user?.mustSetPassword
|
||||
const passwordSetupAllowedPaths = [
|
||||
'/set-password',
|
||||
'/api/auth',
|
||||
'/api/trpc',
|
||||
]
|
||||
|
||||
if (mustSetPassword) {
|
||||
// Allow access to password setup related paths
|
||||
if (passwordSetupAllowedPaths.some((path) => pathname.startsWith(path))) {
|
||||
return true
|
||||
}
|
||||
// Redirect to set-password page
|
||||
return Response.redirect(new URL('/set-password', nextUrl))
|
||||
}
|
||||
|
||||
return true
|
||||
},
|
||||
},
|
||||
pages: {
|
||||
signIn: '/login',
|
||||
verifyRequest: '/verify-email',
|
||||
error: '/error',
|
||||
newUser: '/set-password',
|
||||
},
|
||||
session: {
|
||||
strategy: 'jwt',
|
||||
maxAge: parseInt(process.env.SESSION_MAX_AGE || '86400'), // 24 hours
|
||||
},
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user