b4ae910cf5
- NextAuth config with PrismaAdapter, database sessions - Session callback enriches with role + organizationId - Login page with Google and Microsoft sign-in buttons - Cookie-based middleware for auth protection (Edge-compatible) - Type augmentation for session user fields Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
44 lines
1.3 KiB
TypeScript
44 lines
1.3 KiB
TypeScript
import NextAuth from "next-auth";
|
|
import Google from "next-auth/providers/google";
|
|
import MicrosoftEntraID from "next-auth/providers/microsoft-entra-id";
|
|
import { PrismaAdapter } from "@auth/prisma-adapter";
|
|
import { prisma } from "@/lib/prisma";
|
|
import type { Role } from "@/generated/prisma/client";
|
|
|
|
export const { handlers, auth, signIn, signOut } = NextAuth({
|
|
adapter: PrismaAdapter(prisma),
|
|
providers: [
|
|
Google({
|
|
clientId: process.env.AUTH_GOOGLE_ID,
|
|
clientSecret: process.env.AUTH_GOOGLE_SECRET,
|
|
}),
|
|
MicrosoftEntraID({
|
|
clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID,
|
|
clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET,
|
|
issuer: `https://login.microsoftonline.com/${process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID}/v2.0`,
|
|
}),
|
|
],
|
|
session: {
|
|
strategy: "database",
|
|
},
|
|
callbacks: {
|
|
async session({ session, user }) {
|
|
// Fetch user with role and org from database
|
|
const dbUser = await prisma.user.findUnique({
|
|
where: { id: user.id },
|
|
select: { role: true, organizationId: true },
|
|
});
|
|
|
|
if (dbUser) {
|
|
session.user.id = user.id;
|
|
session.user.role = dbUser.role;
|
|
session.user.organizationId = dbUser.organizationId;
|
|
}
|
|
|
|
return session;
|
|
},
|
|
},
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
});
|