143 lines
3.6 KiB
TypeScript
143 lines
3.6 KiB
TypeScript
// lib/auth.ts
|
|
|
|
import { PrismaAdapter } from "@auth/prisma-adapter";
|
|
import { prisma } from "./database";
|
|
import GoogleProvider from "next-auth/providers/google";
|
|
import CredentialsProvider from "next-auth/providers/credentials";
|
|
import { UserService } from "./services/user.service";
|
|
import { AuthOptions } from "next-auth";
|
|
|
|
// 验证环境变量
|
|
function validateAuthConfig() {
|
|
const requiredEnvVars = [
|
|
'GOOGLE_CLIENT_ID',
|
|
'GOOGLE_CLIENT_SECRET',
|
|
'NEXTAUTH_SECRET',
|
|
'NEXTAUTH_URL'
|
|
];
|
|
|
|
const missingVars = requiredEnvVars.filter(varName => !process.env[varName]);
|
|
|
|
if (missingVars.length > 0) {
|
|
console.error('Missing required environment variables:', missingVars);
|
|
throw new Error(`Missing required environment variables: ${missingVars.join(', ')}`);
|
|
}
|
|
|
|
console.log('Auth configuration validated:', {
|
|
NEXTAUTH_URL: process.env.NEXTAUTH_URL,
|
|
GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID?.substring(0, 20) + '...',
|
|
NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET ? 'Set' : 'Missing'
|
|
});
|
|
}
|
|
|
|
// 验证配置
|
|
validateAuthConfig();
|
|
|
|
export const authOptions: AuthOptions = {
|
|
adapter: PrismaAdapter(prisma),
|
|
|
|
providers: [
|
|
GoogleProvider({
|
|
clientId: process.env.GOOGLE_CLIENT_ID!,
|
|
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
|
|
authorization: {
|
|
params: {
|
|
prompt: "consent",
|
|
access_type: "offline",
|
|
response_type: "code"
|
|
}
|
|
}
|
|
}),
|
|
|
|
CredentialsProvider({
|
|
name: "Credentials",
|
|
credentials: {
|
|
email: { label: "Email", type: "text" },
|
|
password: { label: "Password", type: "password" },
|
|
},
|
|
async authorize(credentials) {
|
|
if (!credentials?.email || !credentials?.password) {
|
|
throw new Error("请输入邮箱和密码");
|
|
}
|
|
|
|
try {
|
|
const user = await UserService.getUserByEmail(credentials.email);
|
|
|
|
if (!user || !user.hashedPassword) {
|
|
throw new Error("用户不存在或未设置密码");
|
|
}
|
|
|
|
const isPasswordValid = await UserService.verifyPassword(
|
|
user,
|
|
credentials.password
|
|
);
|
|
|
|
if (!isPasswordValid) {
|
|
throw new Error("密码错误");
|
|
}
|
|
|
|
return user;
|
|
} catch (error) {
|
|
throw error;
|
|
}
|
|
},
|
|
}),
|
|
],
|
|
|
|
session: {
|
|
strategy: "jwt",
|
|
},
|
|
|
|
callbacks: {
|
|
async jwt({ token, user, account }) {
|
|
if (user) {
|
|
token.id = user.id;
|
|
token.email = user.email;
|
|
token.name = user.name;
|
|
}
|
|
return token;
|
|
},
|
|
|
|
async session({ session, token }) {
|
|
if (token?.id && session.user) {
|
|
session.user.id = token.id as string;
|
|
session.user.email = token.email as string;
|
|
session.user.name = token.name as string;
|
|
}
|
|
return session;
|
|
},
|
|
|
|
async signIn({ user, account, profile }) {
|
|
// 允许所有用户登录
|
|
return true;
|
|
},
|
|
|
|
async redirect({ url, baseUrl }) {
|
|
// 调试信息
|
|
console.log("Redirect callback:", { url, baseUrl });
|
|
|
|
// 确保重定向到正确的页面
|
|
if (url.startsWith("/")) {
|
|
const redirectUrl = `${baseUrl}${url}`;
|
|
console.log("Redirecting to:", redirectUrl);
|
|
return redirectUrl;
|
|
} else if (new URL(url).origin === baseUrl) {
|
|
console.log("Redirecting to same origin:", url);
|
|
return url;
|
|
}
|
|
|
|
const defaultUrl = `${baseUrl}/dashboard`;
|
|
console.log("Redirecting to default:", defaultUrl);
|
|
return defaultUrl;
|
|
},
|
|
},
|
|
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
|
|
secret: process.env.NEXTAUTH_SECRET,
|
|
|
|
debug: process.env.NODE_ENV === "development",
|
|
};
|