From af2faf8f41dead20c9b6f16d0cd1449e0ba98fa3 Mon Sep 17 00:00:00 2001
From: ilia <idobkin@gmail.com>
Date: Sun, 4 Jan 2026 09:27:37 -0500
Subject: [PATCH] feat: Enhance authentication error handling and secret
 validation

- Added validation for NEXTAUTH_SECRET to ensure it is set before authentication.
- Wrapped the authorization logic in a try-catch block to handle potential errors gracefully and log them for debugging.
---
 lib/auth.ts | 62 +++++++++++++++++++++++++++++++----------------------
 1 file changed, 36 insertions(+), 26 deletions(-)

diff --git a/lib/auth.ts b/lib/auth.ts
index bd63477..c3829f0 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -3,6 +3,11 @@ import Credentials from "next-auth/providers/credentials"
 import { prisma } from "./prisma"
 import bcrypt from "bcryptjs"
 
+const nextAuthSecret = process.env.NEXTAUTH_SECRET
+if (!nextAuthSecret) {
+  throw new Error("NEXTAUTH_SECRET is not set. Define it to enable authentication.")
+}
+
 export const { handlers, auth, signIn, signOut } = NextAuth({
   providers: [
     Credentials({
@@ -12,33 +17,38 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
         password: { label: "Password", type: "password" }
       },
       async authorize(credentials) {
-        if (!credentials?.email || !credentials?.password) {
+        try {
+          if (!credentials?.email || !credentials?.password) {
+            return null
+          }
+
+          const email = credentials.email as string
+          const password = credentials.password as string
+
+          const user = await prisma.user.findUnique({
+            where: { email }
+          })
+
+          if (!user || !user.passwordHash) {
+            return null
+          }
+
+          const isValid = await bcrypt.compare(password, user.passwordHash)
+
+          if (!isValid) {
+            return null
+          }
+
+          return {
+            id: user.id,
+            email: user.email,
+            name: user.name,
+            role: user.role,
+          }
+        } catch (err) {
+          console.error("Auth authorize error:", err)
           return null
         }
-
-        const email = credentials.email as string
-        const password = credentials.password as string
-
-        const user = await prisma.user.findUnique({
-          where: { email }
-        })
-
-        if (!user || !user.passwordHash) {
-          return null
-        }
-
-        const isValid = await bcrypt.compare(password, user.passwordHash)
-
-        if (!isValid) {
-          return null
-        }
-
-        return {
-          id: user.id,
-          email: user.email,
-          name: user.name,
-          role: user.role,
-        }
       }
     })
   ],
@@ -64,5 +74,5 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
   session: {
     strategy: "jwt",
   },
-  secret: process.env.NEXTAUTH_SECRET,
+  secret: nextAuthSecret,
 })