Matt
03c031a8b6
- Fix rounds list showing 0 projects by adding _count to program.list query - Fix round reordering by using correct cache invalidation params - Fix finalizeResults to auto-advance passed projects to next round - Fix member list not updating after add/remove by invalidating user.list - Fix invitation link error page by correcting path from /auth-error to /error - Add /apply, /verify, /error to public paths in auth config Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
91 lines
2.2 KiB
TypeScript
91 lines
2.2 KiB
TypeScript
import type { NextAuthConfig } from 'next-auth'
|
|
import type { UserRole } from '@prisma/client'
|
|
|
|
// Extend the built-in session types
|
|
declare module 'next-auth' {
|
|
interface Session {
|
|
user: {
|
|
id: string
|
|
email: string
|
|
name?: string | null
|
|
role: UserRole
|
|
mustSetPassword?: boolean
|
|
}
|
|
}
|
|
|
|
interface User {
|
|
role?: UserRole
|
|
mustSetPassword?: boolean
|
|
}
|
|
}
|
|
|
|
declare module '@auth/core/jwt' {
|
|
interface JWT {
|
|
id: string
|
|
role: UserRole
|
|
mustSetPassword?: boolean
|
|
}
|
|
}
|
|
|
|
// Edge-compatible auth config (no Node.js-only modules)
|
|
// This is used by middleware and can be extended in auth.ts for full functionality
|
|
export const authConfig: NextAuthConfig = {
|
|
providers: [], // Providers are added in auth.ts
|
|
callbacks: {
|
|
authorized({ auth, request: { nextUrl } }) {
|
|
const isLoggedIn = !!auth?.user
|
|
const { pathname } = nextUrl
|
|
|
|
// Public paths that don't require authentication
|
|
const publicPaths = [
|
|
'/login',
|
|
'/verify',
|
|
'/verify-email',
|
|
'/error',
|
|
'/accept-invite',
|
|
'/apply',
|
|
'/api/auth',
|
|
]
|
|
|
|
// Check if it's a public path
|
|
if (publicPaths.some((path) => pathname.startsWith(path))) {
|
|
return true
|
|
}
|
|
|
|
// If not logged in, redirect to login
|
|
if (!isLoggedIn) {
|
|
return false // Will redirect to signIn page
|
|
}
|
|
|
|
// Check if user needs to set password
|
|
const mustSetPassword = auth?.user?.mustSetPassword
|
|
const passwordSetupAllowedPaths = [
|
|
'/set-password',
|
|
'/api/auth',
|
|
'/api/trpc',
|
|
]
|
|
|
|
if (mustSetPassword) {
|
|
// Allow access to password setup related paths
|
|
if (passwordSetupAllowedPaths.some((path) => pathname.startsWith(path))) {
|
|
return true
|
|
}
|
|
// Redirect to set-password page
|
|
return Response.redirect(new URL('/set-password', nextUrl))
|
|
}
|
|
|
|
return true
|
|
},
|
|
},
|
|
pages: {
|
|
signIn: '/login',
|
|
verifyRequest: '/verify-email',
|
|
error: '/error',
|
|
newUser: '/set-password',
|
|
},
|
|
session: {
|
|
strategy: 'jwt',
|
|
maxAge: parseInt(process.env.SESSION_MAX_AGE || '86400'), // 24 hours
|
|
},
|
|
}
|