2025-09-01 07:07:33 +00:00
|
|
|
|
2025-09-01 06:34:12 +00:00
|
|
|
import NextAuth from 'next-auth';
|
|
|
|
|
import { authConfig } from './auth.config';
|
2025-09-01 06:55:40 +00:00
|
|
|
import Credentials from 'next-auth/providers/credentials';
|
|
|
|
|
import { z } from 'zod';
|
2025-09-01 07:06:52 +00:00
|
|
|
import { getUserByEmail } from '@/lib/actions/user';
|
2025-09-01 06:34:12 +00:00
|
|
|
|
2025-09-01 06:55:40 +00:00
|
|
|
export const { handlers, auth, signIn, signOut } = NextAuth({
|
|
|
|
|
...authConfig,
|
|
|
|
|
providers: [
|
|
|
|
|
Credentials({
|
|
|
|
|
async authorize(credentials) {
|
|
|
|
|
const parsedCredentials = z
|
|
|
|
|
.object({ email: z.string().email(), password: z.string().min(1) })
|
|
|
|
|
.safeParse(credentials);
|
|
|
|
|
|
|
|
|
|
if (parsedCredentials.success) {
|
|
|
|
|
const { email, password } = parsedCredentials.data;
|
|
|
|
|
|
2025-09-01 07:06:52 +00:00
|
|
|
const user = await getUserByEmail(email);
|
2025-09-01 07:07:33 +00:00
|
|
|
if (!user || !user.password) return null;
|
2025-09-01 07:06:07 +00:00
|
|
|
|
|
|
|
|
// WARNING: Storing passwords in plaintext is insecure.
|
|
|
|
|
// This is for demonstration purposes only.
|
|
|
|
|
// In a real application, you MUST hash and salt passwords.
|
|
|
|
|
const passwordsMatch = password === user.password;
|
2025-09-01 07:05:09 +00:00
|
|
|
|
2025-09-01 07:06:07 +00:00
|
|
|
if (passwordsMatch) {
|
|
|
|
|
// The user object returned here will be encoded in the JWT.
|
|
|
|
|
return { id: user.id, name: user.name, email: user.email };
|
2025-09-01 06:55:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-01 07:06:07 +00:00
|
|
|
console.log('Invalid credentials');
|
2025-09-01 06:55:40 +00:00
|
|
|
return null;
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
]
|
|
|
|
|
});
|
