@appconda/nextjs 1.0.85 → 1.0.87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/actions/actionClient.js +1 -1
  2. package/dist/actions/auth.d.ts +1 -1
  3. package/dist/actions/auth.js +1 -1
  4. package/dist/actions/authOptions.d.ts +1 -2
  5. package/dist/actions/authOptions.js +210 -194
  6. package/package.json +1 -1
  7. package/src/actions/actionClient.ts +1 -1
  8. package/src/actions/auth.ts +1 -1
  9. package/src/actions/authOptions.ts +223 -206
package/dist/actions/actionClient.js CHANGED
@@ -21,7 +21,7 @@ export const actionClient = createSafeActionClient({
21
21
  },
22
22
  });
23
23
  export const authenticatedActionClient = actionClient.use(async ({ next }) => {
24
- const session = await getServerSession(authOptions);
24
+ const session = await getServerSession(authOptions());
25
25
  if (!session?.user) {
26
26
  throw new AuthenticationError("Not authenticated");
27
27
  }
package/dist/actions/auth.d.ts CHANGED
@@ -1 +1 @@
1
- export declare const auth: () => Promise<import("next-auth").Session>;
1
+ export declare const auth: () => Promise<unknown>;
package/dist/actions/auth.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { getServerSession } from "next-auth";
2
2
  import { authOptions } from "./authOptions";
3
3
  export const auth = async () => {
4
- return await getServerSession(authOptions);
4
+ return await getServerSession(authOptions());
5
5
  };
package/dist/actions/authOptions.d.ts CHANGED
@@ -1,6 +1,5 @@
1
- import type { NextAuthOptions } from "next-auth";
2
1
  export declare function signIn({ userName, password }: {
3
2
  userName: string;
4
3
  password: string;
5
4
  }): Promise<import("../modules/account/types").Session>;
6
- export declare const authOptions: NextAuthOptions;
5
+ export declare const authOptions: () => any;
package/dist/actions/authOptions.js CHANGED
@@ -5,6 +5,14 @@ import { Account } from "../modules/account/service";
5
5
  import { getEnv } from "../lib/env";
6
6
  import { getSDKForCurrentUser } from "../getSDKForCurrentUser";
7
7
  import { Query } from "../query";
8
+ /* const getEnv = () => {
9
+ return {
10
+ APPCONDA_ENDPOINT: 'process.env.APPCONDA_ENDPOINT',
11
+ APPCONDA_CLIENT_ENDPOINT: 'process.env.APPCONDA_CLIENT_ENDPOINT',
12
+ _SERVICE_TOKEN: 'process.env._SERVICE_TOKEN',
13
+ ENTERPRISE_LICENSE_KEY: 'process.env.ENTERPRISE_LICENSE_KEY',
14
+ };
15
+ }; */
8
16
  export async function signIn({ userName, password }) {
9
17
  const adminClient = await getAppcondaClient();
10
18
  const account = new Account(adminClient);
@@ -18,200 +26,208 @@ export async function signIn({ userName, password }) {
18
26
  });
19
27
  return session;
20
28
  }
21
- export const authOptions = {
22
- providers: [
23
- CredentialsProvider({
24
- id: "credentials",
25
- // The name to display on the sign in form (e.g. "Sign in with...")
26
- name: "Credentials",
27
- // The credentials is used to generate a suitable form on the sign in page.
28
- // You can specify whatever fields you are expecting to be submitted.
29
- // e.g. domain, username, password, 2FA token, etc.
30
- // You can pass any HTML attribute to the <input> tag through the object.
31
- credentials: {
32
- email: {
33
- label: "Email Address",
34
- type: "email",
35
- placeholder: "Your email address",
29
+ export const authOptions = (() => {
30
+ let options = null;
31
+ return () => {
32
+ if (options == null) {
33
+ options = {
34
+ providers: [
35
+ CredentialsProvider({
36
+ id: "credentials",
37
+ // The name to display on the sign in form (e.g. "Sign in with...")
38
+ name: "Credentials",
39
+ // The credentials is used to generate a suitable form on the sign in page.
40
+ // You can specify whatever fields you are expecting to be submitted.
41
+ // e.g. domain, username, password, 2FA token, etc.
42
+ // You can pass any HTML attribute to the <input> tag through the object.
43
+ credentials: {
44
+ email: {
45
+ label: "Email Address",
46
+ type: "email",
47
+ placeholder: "Your email address",
48
+ },
49
+ password: {
50
+ label: "Password",
51
+ type: "password",
52
+ placeholder: "Your password",
53
+ },
54
+ totpCode: { label: "Two-factor Code", type: "input", placeholder: "Code from authenticator app" },
55
+ backupCode: { label: "Backup Code", type: "input", placeholder: "Two-factor backup code" },
56
+ },
57
+ async authorize(credentials, _req) {
58
+ let user;
59
+ const appcondaSession = await signIn({ userName: credentials?.email, password: credentials?.password });
60
+ console.log(credentials);
61
+ /* try {
62
+ user = await prisma.user.findUnique({
63
+ where: {
64
+ email: credentials?.email,
65
+ },
66
+ });
67
+ } catch (e) {
68
+ console.error(e);
69
+ throw Error("Internal server error. Please try again later");
70
+ }
71
+ if (!user || !credentials) {
72
+ throw new Error("Invalid credentials");
73
+ }
74
+ if (!user.password) {
75
+ throw new Error("Invalid credentials");
76
+ }
77
+
78
+ const isValid = await verifyPassword(credentials.password, user.password);
79
+
80
+ if (!isValid) {
81
+ throw new Error("Invalid credentials");
82
+ }
83
+
84
+ if (user.twoFactorEnabled && credentials.backupCode) {
85
+ if (!ENCRYPTION_KEY) {
86
+ console.error("Missing encryption key; cannot proceed with backup code login.");
87
+ throw new Error("Internal Server Error");
88
+ }
89
+
90
+ if (!user.backupCodes) throw new Error("No backup codes found");
91
+
92
+ const backupCodes = JSON.parse(symmetricDecrypt(user.backupCodes, ENCRYPTION_KEY));
93
+
94
+ // check if user-supplied code matches one
95
+ const index = backupCodes.indexOf(credentials.backupCode.replaceAll("-", ""));
96
+ if (index === -1) throw new Error("Invalid backup code");
97
+
98
+ // delete verified backup code and re-encrypt remaining
99
+ backupCodes[index] = null;
100
+ await prisma.user.update({
101
+ where: {
102
+ id: user.id,
103
+ },
104
+ data: {
105
+ backupCodes: symmetricEncrypt(JSON.stringify(backupCodes), ENCRYPTION_KEY),
106
+ },
107
+ });
108
+ } else if (user.twoFactorEnabled) {
109
+ if (!credentials.totpCode) {
110
+ throw new Error("second factor required");
111
+ }
112
+
113
+ if (!user.twoFactorSecret) {
114
+ throw new Error("Internal Server Error");
115
+ }
116
+
117
+ if (!ENCRYPTION_KEY) {
118
+ throw new Error("Internal Server Error");
119
+ }
120
+
121
+ const secret = symmetricDecrypt(user.twoFactorSecret, ENCRYPTION_KEY);
122
+ if (secret.length !== 32) {
123
+ throw new Error("Internal Server Error");
124
+ }
125
+
126
+ const isValidToken = (await import("./totp")).totpAuthenticatorCheck(credentials.totpCode, secret);
127
+ if (!isValidToken) {
128
+ throw new Error("Invalid second factor code");
129
+ }
130
+ } */
131
+ console.log("asafdf");
132
+ return {
133
+ id: appcondaSession.userId,
134
+ email: appcondaSession.providerUid,
135
+ emailVerified: true,
136
+ imageUrl: "",
137
+ };
138
+ },
139
+ }),
140
+ CredentialsProvider({
141
+ id: "token",
142
+ // The name to display on the sign in form (e.g. "Sign in with...")
143
+ name: "Token",
144
+ // The credentials is used to generate a suitable form on the sign in page.
145
+ // You can specify whatever fields you are expecting to be submitted.
146
+ // e.g. domain, username, password, 2FA token, etc.
147
+ // You can pass any HTML attribute to the <input> tag through the object.
148
+ credentials: {
149
+ token: {
150
+ label: "Verification Token",
151
+ type: "string",
152
+ },
153
+ },
154
+ async authorize(credentials, _req) {
155
+ let user;
156
+ /* try {
157
+ if (!credentials?.token) {
158
+ throw new Error("Token not found");
159
+ }
160
+ const { id } = await verifyToken(credentials?.token);
161
+ user = await prisma.user.findUnique({
162
+ where: {
163
+ id: id,
164
+ },
165
+ });
166
+ } catch (e) {
167
+ console.error(e);
168
+ throw new Error("Either a user does not match the provided token or the token is invalid");
169
+ }
170
+
171
+ if (!user) {
172
+ throw new Error("Either a user does not match the provided token or the token is invalid");
173
+ }
174
+
175
+ if (user.emailVerified) {
176
+ throw new Error("Email already verified");
177
+ }
178
+
179
+ user = await updateUser(user.id, { emailVerified: new Date() }); */
180
+ return user || null;
181
+ },
182
+ }),
183
+ // Conditionally add enterprise SSO providers
184
+ ...(getEnv().ENTERPRISE_LICENSE_KEY ? [] : []),
185
+ ],
186
+ callbacks: {
187
+ async jwt({ token }) {
188
+ const { users } = await getSDKForCurrentUser();
189
+ const userList = await users.list([Query.equal("email", token.email)]);
190
+ const user = userList.users[0] ?? {};
191
+ /* const existingUser = await getUserByEmail(token?.email!);
192
+
193
+ if (!existingUser) {
194
+ return token;
195
+ } */
196
+ return {
197
+ ...token,
198
+ //@ts-ignore
199
+ profile: { id: user.$id, ...user },
200
+ };
201
+ },
202
+ async session({ session, token }) {
203
+ //@ts-ignore
204
+ session.user.id = token?.id;
205
+ //@ts-ignore
206
+ session.user = token.profile;
207
+ return session;
208
+ },
209
+ //@ts-ignore
210
+ async signIn({ user, account }) {
211
+ /* if (account?.provider === "credentials" || account?.provider === "token") {
212
+ // check if user's email is verified or not
213
+ if (!user.emailVerified && !EMAIL_VERIFICATION_DISABLED) {
214
+ throw new Error("Email Verification is Pending");
215
+ }
216
+ return true;
217
+ }
218
+ if (ENTERPRISE_LICENSE_KEY) {
219
+ return handleSSOCallback({ user, account });
220
+ } */
221
+ return true;
222
+ },
36
223
  },
37
- password: {
38
- label: "Password",
39
- type: "password",
40
- placeholder: "Your password",
224
+ pages: {
225
+ signIn: "/auth/login",
226
+ signOut: "/auth/logout",
227
+ error: "/auth/login", // Error code passed in query string as ?error=
41
228
  },
42
- totpCode: { label: "Two-factor Code", type: "input", placeholder: "Code from authenticator app" },
43
- backupCode: { label: "Backup Code", type: "input", placeholder: "Two-factor backup code" },
44
- },
45
- async authorize(credentials, _req) {
46
- let user;
47
- const appcondaSession = await signIn({ userName: credentials?.email, password: credentials?.password });
48
- console.log(credentials);
49
- /* try {
50
- user = await prisma.user.findUnique({
51
- where: {
52
- email: credentials?.email,
53
- },
54
- });
55
- } catch (e) {
56
- console.error(e);
57
- throw Error("Internal server error. Please try again later");
58
- }
59
- if (!user || !credentials) {
60
- throw new Error("Invalid credentials");
61
- }
62
- if (!user.password) {
63
- throw new Error("Invalid credentials");
64
- }
65
-
66
- const isValid = await verifyPassword(credentials.password, user.password);
67
-
68
- if (!isValid) {
69
- throw new Error("Invalid credentials");
70
- }
71
-
72
- if (user.twoFactorEnabled && credentials.backupCode) {
73
- if (!ENCRYPTION_KEY) {
74
- console.error("Missing encryption key; cannot proceed with backup code login.");
75
- throw new Error("Internal Server Error");
76
- }
77
-
78
- if (!user.backupCodes) throw new Error("No backup codes found");
79
-
80
- const backupCodes = JSON.parse(symmetricDecrypt(user.backupCodes, ENCRYPTION_KEY));
81
-
82
- // check if user-supplied code matches one
83
- const index = backupCodes.indexOf(credentials.backupCode.replaceAll("-", ""));
84
- if (index === -1) throw new Error("Invalid backup code");
85
-
86
- // delete verified backup code and re-encrypt remaining
87
- backupCodes[index] = null;
88
- await prisma.user.update({
89
- where: {
90
- id: user.id,
91
- },
92
- data: {
93
- backupCodes: symmetricEncrypt(JSON.stringify(backupCodes), ENCRYPTION_KEY),
94
- },
95
- });
96
- } else if (user.twoFactorEnabled) {
97
- if (!credentials.totpCode) {
98
- throw new Error("second factor required");
99
- }
100
-
101
- if (!user.twoFactorSecret) {
102
- throw new Error("Internal Server Error");
103
- }
104
-
105
- if (!ENCRYPTION_KEY) {
106
- throw new Error("Internal Server Error");
107
- }
108
-
109
- const secret = symmetricDecrypt(user.twoFactorSecret, ENCRYPTION_KEY);
110
- if (secret.length !== 32) {
111
- throw new Error("Internal Server Error");
112
- }
113
-
114
- const isValidToken = (await import("./totp")).totpAuthenticatorCheck(credentials.totpCode, secret);
115
- if (!isValidToken) {
116
- throw new Error("Invalid second factor code");
117
- }
118
- } */
119
- console.log("asafdf");
120
- return {
121
- id: appcondaSession.userId,
122
- email: appcondaSession.providerUid,
123
- emailVerified: true,
124
- imageUrl: "",
125
- };
126
- },
127
- }),
128
- CredentialsProvider({
129
- id: "token",
130
- // The name to display on the sign in form (e.g. "Sign in with...")
131
- name: "Token",
132
- // The credentials is used to generate a suitable form on the sign in page.
133
- // You can specify whatever fields you are expecting to be submitted.
134
- // e.g. domain, username, password, 2FA token, etc.
135
- // You can pass any HTML attribute to the <input> tag through the object.
136
- credentials: {
137
- token: {
138
- label: "Verification Token",
139
- type: "string",
140
- },
141
- },
142
- async authorize(credentials, _req) {
143
- let user;
144
- /* try {
145
- if (!credentials?.token) {
146
- throw new Error("Token not found");
147
- }
148
- const { id } = await verifyToken(credentials?.token);
149
- user = await prisma.user.findUnique({
150
- where: {
151
- id: id,
152
- },
153
- });
154
- } catch (e) {
155
- console.error(e);
156
- throw new Error("Either a user does not match the provided token or the token is invalid");
157
- }
158
-
159
- if (!user) {
160
- throw new Error("Either a user does not match the provided token or the token is invalid");
161
- }
162
-
163
- if (user.emailVerified) {
164
- throw new Error("Email already verified");
165
- }
166
-
167
- user = await updateUser(user.id, { emailVerified: new Date() }); */
168
- return user || null;
169
- },
170
- }),
171
- // Conditionally add enterprise SSO providers
172
- ...(getEnv().ENTERPRISE_LICENSE_KEY ? [] : []),
173
- ],
174
- callbacks: {
175
- async jwt({ token }) {
176
- const { users } = await getSDKForCurrentUser();
177
- const userList = await users.list([Query.equal("email", token.email)]);
178
- const user = userList.users[0] ?? {};
179
- /* const existingUser = await getUserByEmail(token?.email!);
180
-
181
- if (!existingUser) {
182
- return token;
183
- } */
184
- return {
185
- ...token,
186
- //@ts-ignore
187
- profile: { id: user.$id, ...user },
188
229
  };
189
- },
190
- async session({ session, token }) {
191
- //@ts-ignore
192
- session.user.id = token?.id;
193
- //@ts-ignore
194
- session.user = token.profile;
195
- return session;
196
- },
197
- //@ts-ignore
198
- async signIn({ user, account }) {
199
- /* if (account?.provider === "credentials" || account?.provider === "token") {
200
- // check if user's email is verified or not
201
- if (!user.emailVerified && !EMAIL_VERIFICATION_DISABLED) {
202
- throw new Error("Email Verification is Pending");
203
- }
204
- return true;
205
- }
206
- if (ENTERPRISE_LICENSE_KEY) {
207
- return handleSSOCallback({ user, account });
208
- } */
209
- return true;
210
- },
211
- },
212
- pages: {
213
- signIn: "/auth/login",
214
- signOut: "/auth/logout",
215
- error: "/auth/login", // Error code passed in query string as ?error=
216
- },
217
- };
230
+ }
231
+ return options;
232
+ };
233
+ })();
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "@appconda/nextjs",
3
3
  "homepage": "https://appconda.io/support",
4
4
  "description": "Appconda is an open-source self-hosted backend server that abstract and simplify complex and repetitive development tasks behind a very simple REST API",
5
- "version": "1.0.85",
5
+ "version": "1.0.87",
6
6
  "license": "BSD-3-Clause",
7
7
  "main": "dist/index.js",
8
8
  "types": "dist/index.d.ts",
package/src/actions/actionClient.ts CHANGED
@@ -27,7 +27,7 @@ export const actionClient = createSafeActionClient({
27
27
  });
28
28
 
29
29
  export const authenticatedActionClient = actionClient.use(async ({ next }) => {
30
- const session = await getServerSession(authOptions);
30
+ const session = await getServerSession(authOptions());
31
31
  if (!session?.user) {
32
32
  throw new AuthenticationError("Not authenticated");
33
33
  }
package/src/actions/auth.ts CHANGED
@@ -2,5 +2,5 @@ import { getServerSession } from "next-auth"
2
2
  import { authOptions } from "./authOptions";
3
3
 
4
4
  export const auth = async ()=> {
5
- return await getServerSession(authOptions);
5
+ return await getServerSession(authOptions());
6
6
  }
package/src/actions/authOptions.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { NextAuthOptions } from "next-auth";
1
+ import type { NextAuthOptions } from "next-auth";
2
2
  import CredentialsProvider from "next-auth/providers/credentials";
3
3
  import { cookies } from "next/headers";
4
4
  import { getAppcondaClient } from "../getAppcondaClient";
@@ -7,6 +7,14 @@ import { getEnv } from "../lib/env";
7
7
  import { getSDKForCurrentUser } from "../getSDKForCurrentUser";
8
8
  import { Query } from "../query";
9
9
 
10
+ /* const getEnv = () => {
11
+ return {
12
+ APPCONDA_ENDPOINT: 'process.env.APPCONDA_ENDPOINT',
13
+ APPCONDA_CLIENT_ENDPOINT: 'process.env.APPCONDA_CLIENT_ENDPOINT',
14
+ _SERVICE_TOKEN: 'process.env._SERVICE_TOKEN',
15
+ ENTERPRISE_LICENSE_KEY: 'process.env.ENTERPRISE_LICENSE_KEY',
16
+ };
17
+ }; */
10
18
 
11
19
  export async function signIn({ userName, password }: { userName: string, password: string }) {
12
20
  const adminClient = await getAppcondaClient();
@@ -28,210 +36,219 @@ export async function signIn({ userName, password }: { userName: string, passwor
28
36
 
29
37
  }
30
38
 
31
- export const authOptions: NextAuthOptions = {
32
- providers: [
33
- CredentialsProvider({
34
- id: "credentials",
35
- // The name to display on the sign in form (e.g. "Sign in with...")
36
- name: "Credentials",
37
- // The credentials is used to generate a suitable form on the sign in page.
38
- // You can specify whatever fields you are expecting to be submitted.
39
- // e.g. domain, username, password, 2FA token, etc.
40
- // You can pass any HTML attribute to the <input> tag through the object.
41
- credentials: {
42
- email: {
43
- label: "Email Address",
44
- type: "email",
45
- placeholder: "Your email address",
39
+ export const authOptions = (() => {
40
+ let options = null;
41
+
42
+ return () => {
43
+ if (options == null) {
44
+ options = {
45
+ providers: [
46
+ CredentialsProvider({
47
+ id: "credentials",
48
+ // The name to display on the sign in form (e.g. "Sign in with...")
49
+ name: "Credentials",
50
+ // The credentials is used to generate a suitable form on the sign in page.
51
+ // You can specify whatever fields you are expecting to be submitted.
52
+ // e.g. domain, username, password, 2FA token, etc.
53
+ // You can pass any HTML attribute to the <input> tag through the object.
54
+ credentials: {
55
+ email: {
56
+ label: "Email Address",
57
+ type: "email",
58
+ placeholder: "Your email address",
59
+ },
60
+ password: {
61
+ label: "Password",
62
+ type: "password",
63
+ placeholder: "Your password",
64
+ },
65
+ totpCode: { label: "Two-factor Code", type: "input", placeholder: "Code from authenticator app" },
66
+ backupCode: { label: "Backup Code", type: "input", placeholder: "Two-factor backup code" },
67
+ },
68
+ async authorize(credentials, _req) {
69
+ let user;
70
+ const appcondaSession = await signIn({ userName: credentials?.email as string, password: credentials?.password as string });
71
+
72
+ console.log(credentials);
73
+ /* try {
74
+ user = await prisma.user.findUnique({
75
+ where: {
76
+ email: credentials?.email,
77
+ },
78
+ });
79
+ } catch (e) {
80
+ console.error(e);
81
+ throw Error("Internal server error. Please try again later");
82
+ }
83
+ if (!user || !credentials) {
84
+ throw new Error("Invalid credentials");
85
+ }
86
+ if (!user.password) {
87
+ throw new Error("Invalid credentials");
88
+ }
89
+
90
+ const isValid = await verifyPassword(credentials.password, user.password);
91
+
92
+ if (!isValid) {
93
+ throw new Error("Invalid credentials");
94
+ }
95
+
96
+ if (user.twoFactorEnabled && credentials.backupCode) {
97
+ if (!ENCRYPTION_KEY) {
98
+ console.error("Missing encryption key; cannot proceed with backup code login.");
99
+ throw new Error("Internal Server Error");
100
+ }
101
+
102
+ if (!user.backupCodes) throw new Error("No backup codes found");
103
+
104
+ const backupCodes = JSON.parse(symmetricDecrypt(user.backupCodes, ENCRYPTION_KEY));
105
+
106
+ // check if user-supplied code matches one
107
+ const index = backupCodes.indexOf(credentials.backupCode.replaceAll("-", ""));
108
+ if (index === -1) throw new Error("Invalid backup code");
109
+
110
+ // delete verified backup code and re-encrypt remaining
111
+ backupCodes[index] = null;
112
+ await prisma.user.update({
113
+ where: {
114
+ id: user.id,
115
+ },
116
+ data: {
117
+ backupCodes: symmetricEncrypt(JSON.stringify(backupCodes), ENCRYPTION_KEY),
118
+ },
119
+ });
120
+ } else if (user.twoFactorEnabled) {
121
+ if (!credentials.totpCode) {
122
+ throw new Error("second factor required");
123
+ }
124
+
125
+ if (!user.twoFactorSecret) {
126
+ throw new Error("Internal Server Error");
127
+ }
128
+
129
+ if (!ENCRYPTION_KEY) {
130
+ throw new Error("Internal Server Error");
131
+ }
132
+
133
+ const secret = symmetricDecrypt(user.twoFactorSecret, ENCRYPTION_KEY);
134
+ if (secret.length !== 32) {
135
+ throw new Error("Internal Server Error");
136
+ }
137
+
138
+ const isValidToken = (await import("./totp")).totpAuthenticatorCheck(credentials.totpCode, secret);
139
+ if (!isValidToken) {
140
+ throw new Error("Invalid second factor code");
141
+ }
142
+ } */
143
+
144
+ console.log("asafdf")
145
+
146
+ return {
147
+ id: appcondaSession.userId,
148
+ email: appcondaSession.providerUid,
149
+ emailVerified: true,
150
+ imageUrl: "",
151
+ };
152
+ },
153
+ }),
154
+ CredentialsProvider({
155
+ id: "token",
156
+ // The name to display on the sign in form (e.g. "Sign in with...")
157
+ name: "Token",
158
+ // The credentials is used to generate a suitable form on the sign in page.
159
+ // You can specify whatever fields you are expecting to be submitted.
160
+ // e.g. domain, username, password, 2FA token, etc.
161
+ // You can pass any HTML attribute to the <input> tag through the object.
162
+ credentials: {
163
+ token: {
164
+ label: "Verification Token",
165
+ type: "string",
166
+ },
167
+ },
168
+ async authorize(credentials, _req) {
169
+
170
+ let user;
171
+ /* try {
172
+ if (!credentials?.token) {
173
+ throw new Error("Token not found");
174
+ }
175
+ const { id } = await verifyToken(credentials?.token);
176
+ user = await prisma.user.findUnique({
177
+ where: {
178
+ id: id,
179
+ },
180
+ });
181
+ } catch (e) {
182
+ console.error(e);
183
+ throw new Error("Either a user does not match the provided token or the token is invalid");
184
+ }
185
+
186
+ if (!user) {
187
+ throw new Error("Either a user does not match the provided token or the token is invalid");
188
+ }
189
+
190
+ if (user.emailVerified) {
191
+ throw new Error("Email already verified");
192
+ }
193
+
194
+ user = await updateUser(user.id, { emailVerified: new Date() }); */
195
+
196
+ return user || null;
197
+ },
198
+ }),
199
+ // Conditionally add enterprise SSO providers
200
+ ...(getEnv().ENTERPRISE_LICENSE_KEY ? [] : []),
201
+ ],
202
+ callbacks: {
203
+ async jwt({ token }) {
204
+
205
+ const { users } = await getSDKForCurrentUser();
206
+ const userList = await users.list([Query.equal("email", token.email!)])
207
+
208
+ const user = userList.users[0] ?? {};
209
+
210
+ /* const existingUser = await getUserByEmail(token?.email!);
211
+
212
+ if (!existingUser) {
213
+ return token;
214
+ } */
215
+
216
+ return {
217
+ ...token,
218
+ //@ts-ignore
219
+ profile: { id: user.$id, ...user },
220
+ };
221
+ },
222
+ async session({ session, token }) {
223
+ //@ts-ignore
224
+ session.user.id = token?.id;
225
+ //@ts-ignore
226
+ session.user = token.profile;
227
+
228
+ return session;
229
+ },
230
+ //@ts-ignore
231
+ async signIn({ user, account }: { user: any; account: Account | null }) {
232
+ /* if (account?.provider === "credentials" || account?.provider === "token") {
233
+ // check if user's email is verified or not
234
+ if (!user.emailVerified && !EMAIL_VERIFICATION_DISABLED) {
235
+ throw new Error("Email Verification is Pending");
236
+ }
237
+ return true;
238
+ }
239
+ if (ENTERPRISE_LICENSE_KEY) {
240
+ return handleSSOCallback({ user, account });
241
+ } */
242
+ return true;
243
+ },
46
244
  },
47
- password: {
48
- label: "Password",
49
- type: "password",
50
- placeholder: "Your password",
245
+ pages: {
246
+ signIn: "/auth/login",
247
+ signOut: "/auth/logout",
248
+ error: "/auth/login", // Error code passed in query string as ?error=
51
249
  },
52
- totpCode: { label: "Two-factor Code", type: "input", placeholder: "Code from authenticator app" },
53
- backupCode: { label: "Backup Code", type: "input", placeholder: "Two-factor backup code" },
54
- },
55
- async authorize(credentials, _req) {
56
- let user;
57
- const appcondaSession = await signIn({ userName: credentials?.email as string, password: credentials?.password as string });
58
-
59
- console.log(credentials);
60
- /* try {
61
- user = await prisma.user.findUnique({
62
- where: {
63
- email: credentials?.email,
64
- },
65
- });
66
- } catch (e) {
67
- console.error(e);
68
- throw Error("Internal server error. Please try again later");
69
- }
70
- if (!user || !credentials) {
71
- throw new Error("Invalid credentials");
72
- }
73
- if (!user.password) {
74
- throw new Error("Invalid credentials");
75
- }
76
-
77
- const isValid = await verifyPassword(credentials.password, user.password);
78
-
79
- if (!isValid) {
80
- throw new Error("Invalid credentials");
81
- }
82
-
83
- if (user.twoFactorEnabled && credentials.backupCode) {
84
- if (!ENCRYPTION_KEY) {
85
- console.error("Missing encryption key; cannot proceed with backup code login.");
86
- throw new Error("Internal Server Error");
87
- }
88
-
89
- if (!user.backupCodes) throw new Error("No backup codes found");
90
-
91
- const backupCodes = JSON.parse(symmetricDecrypt(user.backupCodes, ENCRYPTION_KEY));
92
-
93
- // check if user-supplied code matches one
94
- const index = backupCodes.indexOf(credentials.backupCode.replaceAll("-", ""));
95
- if (index === -1) throw new Error("Invalid backup code");
96
-
97
- // delete verified backup code and re-encrypt remaining
98
- backupCodes[index] = null;
99
- await prisma.user.update({
100
- where: {
101
- id: user.id,
102
- },
103
- data: {
104
- backupCodes: symmetricEncrypt(JSON.stringify(backupCodes), ENCRYPTION_KEY),
105
- },
106
- });
107
- } else if (user.twoFactorEnabled) {
108
- if (!credentials.totpCode) {
109
- throw new Error("second factor required");
110
- }
111
-
112
- if (!user.twoFactorSecret) {
113
- throw new Error("Internal Server Error");
114
- }
115
-
116
- if (!ENCRYPTION_KEY) {
117
- throw new Error("Internal Server Error");
118
- }
119
-
120
- const secret = symmetricDecrypt(user.twoFactorSecret, ENCRYPTION_KEY);
121
- if (secret.length !== 32) {
122
- throw new Error("Internal Server Error");
123
- }
124
-
125
- const isValidToken = (await import("./totp")).totpAuthenticatorCheck(credentials.totpCode, secret);
126
- if (!isValidToken) {
127
- throw new Error("Invalid second factor code");
128
- }
129
- } */
130
-
131
- console.log("asafdf")
132
-
133
- return {
134
- id: appcondaSession.userId,
135
- email: appcondaSession.providerUid,
136
- emailVerified: true,
137
- imageUrl: "",
138
- };
139
- },
140
- }),
141
- CredentialsProvider({
142
- id: "token",
143
- // The name to display on the sign in form (e.g. "Sign in with...")
144
- name: "Token",
145
- // The credentials is used to generate a suitable form on the sign in page.
146
- // You can specify whatever fields you are expecting to be submitted.
147
- // e.g. domain, username, password, 2FA token, etc.
148
- // You can pass any HTML attribute to the <input> tag through the object.
149
- credentials: {
150
- token: {
151
- label: "Verification Token",
152
- type: "string",
153
- },
154
- },
155
- async authorize(credentials, _req) {
156
-
157
- let user;
158
- /* try {
159
- if (!credentials?.token) {
160
- throw new Error("Token not found");
161
- }
162
- const { id } = await verifyToken(credentials?.token);
163
- user = await prisma.user.findUnique({
164
- where: {
165
- id: id,
166
- },
167
- });
168
- } catch (e) {
169
- console.error(e);
170
- throw new Error("Either a user does not match the provided token or the token is invalid");
171
- }
172
-
173
- if (!user) {
174
- throw new Error("Either a user does not match the provided token or the token is invalid");
175
- }
176
-
177
- if (user.emailVerified) {
178
- throw new Error("Email already verified");
179
- }
180
-
181
- user = await updateUser(user.id, { emailVerified: new Date() }); */
182
-
183
- return user || null;
184
- },
185
- }),
186
- // Conditionally add enterprise SSO providers
187
- ...(getEnv().ENTERPRISE_LICENSE_KEY ? [] : []),
188
- ],
189
- callbacks: {
190
- async jwt({ token }) {
191
-
192
- const { users } = await getSDKForCurrentUser();
193
- const userList = await users.list([Query.equal("email", token.email!)])
194
-
195
- const user = userList.users[0] ?? {};
196
-
197
- /* const existingUser = await getUserByEmail(token?.email!);
198
-
199
- if (!existingUser) {
200
- return token;
201
- } */
202
-
203
- return {
204
- ...token,
205
- //@ts-ignore
206
- profile: { id: user.$id, ...user },
207
- };
208
- },
209
- async session({ session, token }) {
210
- //@ts-ignore
211
- session.user.id = token?.id;
212
- //@ts-ignore
213
- session.user = token.profile;
214
-
215
- return session;
216
- },
217
- //@ts-ignore
218
- async signIn({ user, account }: { user: any; account: Account | null }) {
219
- /* if (account?.provider === "credentials" || account?.provider === "token") {
220
- // check if user's email is verified or not
221
- if (!user.emailVerified && !EMAIL_VERIFICATION_DISABLED) {
222
- throw new Error("Email Verification is Pending");
223
- }
224
- return true;
225
- }
226
- if (ENTERPRISE_LICENSE_KEY) {
227
- return handleSSOCallback({ user, account });
228
- } */
229
- return true;
230
- },
231
- },
232
- pages: {
233
- signIn: "/auth/login",
234
- signOut: "/auth/logout",
235
- error: "/auth/login", // Error code passed in query string as ?error=
236
- },
237
- };
250
+ }
251
+ }
252
+ return options;
253
+ }
254
+ })();