feat: Enhance authentication error handling and secret validation
- Added validation for NEXTAUTH_SECRET to ensure it is set before authentication. - Wrapped the authorization logic in a try-catch block to handle potential errors gracefully and log them for debugging.
This commit is contained in:
parent
70c4c6ea9e
commit
af2faf8f41
62
lib/auth.ts
62
lib/auth.ts
@ -3,6 +3,11 @@ import Credentials from "next-auth/providers/credentials"
|
|||||||
import { prisma } from "./prisma"
|
import { prisma } from "./prisma"
|
||||||
import bcrypt from "bcryptjs"
|
import bcrypt from "bcryptjs"
|
||||||
|
|
||||||
|
const nextAuthSecret = process.env.NEXTAUTH_SECRET
|
||||||
|
if (!nextAuthSecret) {
|
||||||
|
throw new Error("NEXTAUTH_SECRET is not set. Define it to enable authentication.")
|
||||||
|
}
|
||||||
|
|
||||||
export const { handlers, auth, signIn, signOut } = NextAuth({
|
export const { handlers, auth, signIn, signOut } = NextAuth({
|
||||||
providers: [
|
providers: [
|
||||||
Credentials({
|
Credentials({
|
||||||
@ -12,33 +17,38 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
|
|||||||
password: { label: "Password", type: "password" }
|
password: { label: "Password", type: "password" }
|
||||||
},
|
},
|
||||||
async authorize(credentials) {
|
async authorize(credentials) {
|
||||||
if (!credentials?.email || !credentials?.password) {
|
try {
|
||||||
|
if (!credentials?.email || !credentials?.password) {
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
const email = credentials.email as string
|
||||||
|
const password = credentials.password as string
|
||||||
|
|
||||||
|
const user = await prisma.user.findUnique({
|
||||||
|
where: { email }
|
||||||
|
})
|
||||||
|
|
||||||
|
if (!user || !user.passwordHash) {
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
const isValid = await bcrypt.compare(password, user.passwordHash)
|
||||||
|
|
||||||
|
if (!isValid) {
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
return {
|
||||||
|
id: user.id,
|
||||||
|
email: user.email,
|
||||||
|
name: user.name,
|
||||||
|
role: user.role,
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
console.error("Auth authorize error:", err)
|
||||||
return null
|
return null
|
||||||
}
|
}
|
||||||
|
|
||||||
const email = credentials.email as string
|
|
||||||
const password = credentials.password as string
|
|
||||||
|
|
||||||
const user = await prisma.user.findUnique({
|
|
||||||
where: { email }
|
|
||||||
})
|
|
||||||
|
|
||||||
if (!user || !user.passwordHash) {
|
|
||||||
return null
|
|
||||||
}
|
|
||||||
|
|
||||||
const isValid = await bcrypt.compare(password, user.passwordHash)
|
|
||||||
|
|
||||||
if (!isValid) {
|
|
||||||
return null
|
|
||||||
}
|
|
||||||
|
|
||||||
return {
|
|
||||||
id: user.id,
|
|
||||||
email: user.email,
|
|
||||||
name: user.name,
|
|
||||||
role: user.role,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
],
|
],
|
||||||
@ -64,5 +74,5 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
|
|||||||
session: {
|
session: {
|
||||||
strategy: "jwt",
|
strategy: "jwt",
|
||||||
},
|
},
|
||||||
secret: process.env.NEXTAUTH_SECRET,
|
secret: nextAuthSecret,
|
||||||
})
|
})
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user