Oliver/dow-prod-tracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Auth.js v5 with Google + Microsoft Entra ID SSO

Browse source 
- NextAuth config with PrismaAdapter, database sessions
- Session callback enriches with role + organizationId
- Login page with Google and Microsoft sign-in buttons
- Cookie-based middleware for auth protection (Edge-compatible)
- Type augmentation for session user fields

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Leivur R. Djurhuus 2026-02-28 21:07:38 -06:00
parent c13dc9cacc
commit b4ae910cf5
5 changed files with 186 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
src/app/(auth)/login/page.tsx Normal file
View file

@ -0,0 +1,89 @@
import { auth, signIn } from "@/lib/auth";
import { redirect } from "next/navigation";
import { Button } from "@/components/ui/button";
import {
Card,
CardContent,
CardDescription,
CardHeader,
CardTitle,
} from "@/components/ui/card";
export default async function LoginPage() {
const session = await auth();
if (session) {
redirect("/dashboard");
}
return (
<div className="flex min-h-screen items-center justify-center bg-[var(--muted)]">
<Card className="w-full max-w-md">
<CardHeader className="text-center">
<CardTitle className="text-2xl font-bold">
HP CG Production Tracker
</CardTitle>
<CardDescription>Sign in to manage your production pipeline</CardDescription>
</CardHeader>
<CardContent className="flex flex-col gap-3">
<form
action={async () => {
"use server";
await signIn("google", { redirectTo: "/dashboard" });
}}
>
<Button type="submit" variant="outline" className="w-full">
<GoogleIcon />
Sign in with Google
</Button>
</form>
<form
action={async () => {
"use server";
await signIn("microsoft-entra-id", { redirectTo: "/dashboard" });
}}
>
<Button type="submit" variant="outline" className="w-full">
<MicrosoftIcon />
Sign in with Microsoft
</Button>
</form>
</CardContent>
</Card>
</div>
);
}
function GoogleIcon() {
return (
<svg className="mr-2 h-4 w-4" viewBox="0 0 24 24">
<path
d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z"
fill="#4285F4"
/>
<path
d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
fill="#34A853"
/>
<path
d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
fill="#FBBC05"
/>
<path
d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
fill="#EA4335"
/>
</svg>
);
}
function MicrosoftIcon() {
return (
<svg className="mr-2 h-4 w-4" viewBox="0 0 23 23">
<path fill="#f35325" d="M1 1h10v10H1z" />
<path fill="#81bc06" d="M12 1h10v10H12z" />
<path fill="#05a6f0" d="M1 12h10v10H1z" />
<path fill="#ffba08" d="M12 12h10v10H12z" />
</svg>
);
}

3
src/app/api/auth/[...nextauth]/route.ts Normal file
View file

@ -0,0 +1,3 @@
import { handlers } from "@/lib/auth";
export const { GET, POST } = handlers;

44
src/lib/auth.ts Normal file
View file

@ -0,0 +1,44 @@
import NextAuth from "next-auth";
import Google from "next-auth/providers/google";
import MicrosoftEntraID from "next-auth/providers/microsoft-entra-id";
import { PrismaAdapter } from "@auth/prisma-adapter";
import { prisma } from "@/lib/prisma";
import type { Role } from "@/generated/prisma/client";
export const { handlers, auth, signIn, signOut } = NextAuth({
adapter: PrismaAdapter(prisma),
providers: [
Google({
clientId: process.env.AUTH_GOOGLE_ID,
clientSecret: process.env.AUTH_GOOGLE_SECRET,
}),
MicrosoftEntraID({
clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID,
clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET,
issuer: `https://login.microsoftonline.com/${process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID}/v2.0`,
}),
],
session: {
strategy: "database",
},
callbacks: {
async session({ session, user }) {
// Fetch user with role and org from database
const dbUser = await prisma.user.findUnique({
where: { id: user.id },
select: { role: true, organizationId: true },
});
if (dbUser) {
session.user.id = user.id;
session.user.role = dbUser.role;
session.user.organizationId = dbUser.organizationId;
}
return session;
},
},
pages: {
signIn: "/login",
},
});

36
src/middleware.ts Normal file
View file

@ -0,0 +1,36 @@
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
export function middleware(request: NextRequest) {
const { pathname } = request.nextUrl;
const isAuthPage = pathname.startsWith("/login");
const isApiAuth = pathname.startsWith("/api/auth");
// Always allow auth API routes
if (isApiAuth) {
return NextResponse.next();
}
// Check for session cookie (Auth.js database sessions)
const sessionToken =
request.cookies.get("authjs.session-token")?.value ||
request.cookies.get("__Secure-authjs.session-token")?.value;
const isLoggedIn = !!sessionToken;
// Redirect logged-in users away from login page
if (isAuthPage && isLoggedIn) {
return NextResponse.redirect(new URL("/dashboard", request.url));
}
// Redirect unauthenticated users to login
if (!isAuthPage && !isLoggedIn) {
return NextResponse.redirect(new URL("/login", request.url));
}
return NextResponse.next();
}
export const config = {
matcher: ["/((?!_next/static|_next/image|favicon.ico).*)"],
};

14
src/types/next-auth.d.ts vendored Normal file
View file

@ -0,0 +1,14 @@
import type { Role } from "@/generated/prisma/client";
declare module "next-auth" {
interface Session {
user: {
id: string;
name?: string | null;
email?: string | null;
image?: string | null;
role: Role;
organizationId: string | null;
};
}
}