From c0a1ed146fb27da746a6163dffffadeb90822153 Mon Sep 17 00:00:00 2001
From: ilia <idobkin@gmail.com>
Date: Sun, 4 Jan 2026 11:33:17 -0500
Subject: [PATCH] feat: Enhance session management in authentication

- Added email and name to the token during the sign-in process for improved user context.
- Updated session callback to ensure session.user is populated with token data, including id, email, name, and role, while maintaining existing session data.
- Added a warning for non-production environments when the token is missing or invalid.
---
 lib/auth.ts | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/auth.ts b/lib/auth.ts
index 1c1afcc..872c99b 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -58,13 +58,23 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
       if (user) {
         token.id = user.id
         token.role = (user as { role: string }).role
+        token.email = user.email
+        token.name = user.name
       }
       return token
     },
     async session({ session, token }) {
-      if (session.user) {
-        session.user.id = token.id as string
-        session.user.role = token.role as string
+      // Always ensure session.user exists when token exists
+      if (token && (token.id || token.email)) {
+        session.user = {
+          ...session.user,
+          id: token.id as string,
+          email: (token.email as string) || session.user?.email || "",
+          name: (token.name as string) || session.user?.name || "",
+          role: token.role as string,
+        }
+      } else if (process.env.NODE_ENV !== "production") {
+        console.warn("Session callback: token missing or invalid", { token, session })
       }
       return session
     }