// lib/auth.ts import { PrismaAdapter } from "@auth/prisma-adapter"; import { prisma } from "./database"; import GoogleProvider from "next-auth/providers/google"; import CredentialsProvider from "next-auth/providers/credentials"; import { UserService } from "./services/user.service"; import { AuthOptions } from "next-auth"; // 验证和清理 NEXTAUTH_URL function getValidatedNextAuthUrl(): string { const url = process.env.NEXTAUTH_URL; if (!url) { throw new Error("NEXTAUTH_URL 环境变量未设置"); } // 清理 URL,移除多余的引号 let cleanUrl = url.trim(); if (cleanUrl.startsWith('"') && cleanUrl.endsWith('"')) { cleanUrl = cleanUrl.slice(1, -1); } if (cleanUrl.startsWith("'") && cleanUrl.endsWith("'")) { cleanUrl = cleanUrl.slice(1, -1); } // 确保 URL 格式正确 try { new URL(cleanUrl); } catch (error) { throw new Error(`无效的 NEXTAUTH_URL: ${cleanUrl}`); } return cleanUrl; } // 获取域名用于 Cookie 配置 function getDomain(): string { const url = getValidatedNextAuthUrl(); try { const urlObj = new URL(url); return urlObj.hostname; } catch { return "recorder.zyj.best"; // 默认域名 } } export const authOptions: AuthOptions = { adapter: PrismaAdapter(prisma), providers: [ GoogleProvider({ clientId: process.env.GOOGLE_CLIENT_ID!, clientSecret: process.env.GOOGLE_CLIENT_SECRET!, }), CredentialsProvider({ name: "Credentials", credentials: { email: { label: "Email", type: "text" }, password: { label: "Password", type: "password" }, }, async authorize(credentials) { if (!credentials?.email || !credentials?.password) { throw new Error("请输入邮箱和密码"); } try { const user = await UserService.getUserByEmail(credentials.email); if (!user || !user.hashedPassword) { throw new Error("用户不存在或未设置密码"); } const isPasswordValid = await UserService.verifyPassword( user, credentials.password ); if (!isPasswordValid) { throw new Error("密码错误"); } return user; } catch (error) { throw error; } }, }), ], session: { strategy: "jwt", }, callbacks: { async jwt({ token, user, account }) { if (user) { token.id = user.id; token.email = user.email; token.name = user.name; } return token; }, async session({ session, token }) { if (token?.id && session.user) { session.user.id = token.id as string; session.user.email = token.email as string; session.user.name = token.name as string; } return session; }, async signIn({ user, account, profile }) { // 允许所有用户登录 return true; }, async redirect({ url, baseUrl }) { // 确保重定向到正确的页面 if (url.startsWith("/")) return `${baseUrl}${url}`; else if (new URL(url).origin === baseUrl) return url; return `${baseUrl}/dashboard`; }, }, pages: { signIn: "/login", }, secret: process.env.NEXTAUTH_SECRET, debug: process.env.NODE_ENV === "development", // 添加 Cookie 配置 cookies: { sessionToken: { name: `next-auth.session-token`, options: { httpOnly: true, sameSite: "lax", path: "/", secure: process.env.NODE_ENV === "production", domain: process.env.NODE_ENV === "production" ? getDomain() : undefined, }, }, callbackUrl: { name: `next-auth.callback-url`, options: { sameSite: "lax", path: "/", secure: process.env.NODE_ENV === "production", domain: process.env.NODE_ENV === "production" ? getDomain() : undefined, }, }, csrfToken: { name: `next-auth.csrf-token`, options: { httpOnly: true, sameSite: "lax", path: "/", secure: process.env.NODE_ENV === "production", domain: process.env.NODE_ENV === "production" ? getDomain() : undefined, }, }, pkceCodeVerifier: { name: `next-auth.pkce.code_verifier`, options: { httpOnly: true, sameSite: "lax", path: "/", maxAge: 900, secure: process.env.NODE_ENV === "production", domain: process.env.NODE_ENV === "production" ? getDomain() : undefined, }, }, state: { name: `next-auth.state`, options: { httpOnly: true, sameSite: "lax", path: "/", maxAge: 900, secure: process.env.NODE_ENV === "production", domain: process.env.NODE_ENV === "production" ? getDomain() : undefined, }, }, nonce: { name: `next-auth.nonce`, options: { httpOnly: true, sameSite: "lax", path: "/", secure: process.env.NODE_ENV === "production", domain: process.env.NODE_ENV === "production" ? getDomain() : undefined, }, }, }, };