ekzyis
/
stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
stacker.news/pages/api/auth/[...nextauth].js

200 lines
6.9 KiB
JavaScript
Raw Normal View History

begin working on db schema
2021-03-25 19:29:24 +00:00
import NextAuth from 'next-auth'
import Providers from 'next-auth/providers'
import Adapters from 'next-auth/adapters'
import prisma from '../../../api/models'
provide 'plain text' email login link for users using embedded browsers in their mobile email clients
2022-03-10 22:47:00 +00:00
import nodemailer from 'nodemailer'
begin working on db schema
2021-03-25 19:29:24 +00:00
export default (req, res) => NextAuth(req, res, options)
const options = {
lnurl-auth
2021-06-27 03:09:39 +00:00
callbacks: {
/**
* @param {object} token Decrypted JSON Web Token
* @param {object} user User object (only available on sign in)
* @param {object} account Provider account (only available on sign in)
* @param {object} profile Provider profile (only available on sign in)
* @param {boolean} isNewUser True if new user (only available on sign in)
* @return {object} JSON Web Token that will be saved
*/
async jwt (token, user, account, profile, isNewUser) {
// Add additional session params
if (user?.id) {
token.id = user.id
}
create invite page
2021-10-15 17:56:54 +00:00
lnurl-auth
2021-06-27 03:09:39 +00:00
// XXX We need to update the user name incase they update it ... kind of hacky
// better if we use user id everywhere an ignore the username ...
if (token?.id) {
const { name } = await prisma.user.findUnique({ where: { id: token.id } })
token.name = name
}
return token
},
async session (session, token) {
// we need to add additional session params here
session.user.id = token.id
session.user.name = token.name
return session
}
},
begin working on db schema
2021-03-25 19:29:24 +00:00
providers: [
lnurl-auth
2021-06-27 03:09:39 +00:00
Providers.Credentials({
// The name to display on the sign in form (e.g. 'Sign in with...')
name: 'Lightning',
// The credentials is used to generate a suitable form on the sign in page.
// You can specify whatever fields you are expecting to be submitted.
// e.g. domain, username, password, 2FA token, etc.
credentials: {
pubkey: { label: 'publickey', type: 'text' },
k1: { label: 'k1', type: 'text' }
},
async authorize (credentials, req) {
const { k1, pubkey } = credentials
try {
const lnauth = await prisma.lnAuth.findUnique({ where: { k1 } })
if (lnauth.pubkey === pubkey) {
let user = await prisma.user.findUnique({ where: { pubkey } })
if (!user) {
user = await prisma.user.create({ data: { name: pubkey.slice(0, 10), pubkey } })
}
await prisma.lnAuth.delete({ where: { k1 } })
return user
}
} catch (error) {
console.log(error)
}
return null
}
}),
begin working on db schema
2021-03-25 19:29:24 +00:00
Providers.GitHub({
clientId: process.env.GITHUB_ID,
force unique user name
2021-05-21 19:34:40 +00:00
clientSecret: process.env.GITHUB_SECRET,
don't request email from gh
2022-01-19 23:14:45 +00:00
authorization: 'https://github.com/login/oauth/authorize?scope=read:user',
force unique user name
2021-05-21 19:34:40 +00:00
profile: profile => {
return {
...profile,
name: profile.login
}
}
custom auth page
2021-04-24 21:05:07 +00:00
}),
Providers.Twitter({
clientId: process.env.TWITTER_ID,
force unique user name
2021-05-21 19:34:40 +00:00
clientSecret: process.env.TWITTER_SECRET,
profile: profile => {
return {
...profile,
name: profile.screen_name
}
}
begin working on db schema
2021-03-25 19:29:24 +00:00
}),
Providers.Email({
prepare for deployment
2021-06-02 14:23:30 +00:00
server: process.env.LOGIN_EMAIL_SERVER,
from: process.env.LOGIN_EMAIL_FROM,
provide 'plain text' email login link for users using embedded browsers in their mobile email clients
2022-03-10 22:47:00 +00:00
sendVerificationRequest,
force unique user name
2021-05-21 19:34:40 +00:00
profile: profile => {
return profile
}
begin working on db schema
2021-03-25 19:29:24 +00:00
})
],
adapter: Adapters.Prisma.Adapter({ prisma }),
add forgetten lnurl-auth files
2021-06-27 03:18:32 +00:00
secret: process.env.NEXTAUTH_SECRET,
lnurl-auth
2021-06-27 03:09:39 +00:00
session: { jwt: true },
jwt: {
signingKey: process.env.JWT_SIGNING_PRIVATE_KEY
},
custom auth page
2021-04-24 21:05:07 +00:00
pages: {
signIn: '/login'
}
}
provide 'plain text' email login link for users using embedded browsers in their mobile email clients
2022-03-10 22:47:00 +00:00
function sendVerificationRequest ({
identifier: email,
url,
token,
baseUrl,
provider
}) {
return new Promise((resolve, reject) => {
const { server, from } = provider
// Strip protocol from URL and use domain as site name
const site = baseUrl.replace(/^https?:\/\//, '')
nodemailer.createTransport(server).sendMail(
{
to: email,
from,
subject: `login to ${site}`,
text: text({ url, site, email }),
html: html({ url, site, email })
},
(error) => {
if (error) {
return reject(new Error('SEND_VERIFICATION_EMAIL_ERROR', error))
}
return resolve()
}
)
})
}
// Email HTML body
const html = ({ url, site, email }) => {
// Insert invisible space into domains and email address to prevent both the
// email address and the domain from being turned into a hyperlink by email
// clients like Outlook and Apple mail, as this is confusing because it seems
// like they are supposed to click on their email address to sign in.
const escapedEmail = `${email.replace(/\./g, '​.')}`
const escapedSite = `${site.replace(/\./g, '​.')}`
// Some simple styling options
const backgroundColor = '#f5f5f5'
const textColor = '#212529'
const mainBackgroundColor = '#ffffff'
const buttonBackgroundColor = '#FADA5E'
const buttonBorderColor = '#FADA5E'
const buttonTextColor = '#212529'
// Uses tables for layout and inline CSS due to email client limitations
return `
<body style="background: ${backgroundColor};">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="center" style="padding: 10px 0px 20px 0px; font-size: 22px; font-family: Helvetica, Arial, sans-serif; color: ${textColor};">
<strong>${escapedSite}</strong>
</td>
</tr>
</table>
<table width="100%" border="0" cellspacing="20" cellpadding="0" style="background: ${mainBackgroundColor}; max-width: 600px; margin: auto; border-radius: 10px;">
<tr>
<td align="center" style="padding: 10px 0px 0px 0px; font-size: 18px; font-family: Helvetica, Arial, sans-serif; color: ${textColor};">
login as <strong>${escapedEmail}</strong>
</td>
</tr>
<tr>
<td align="center" style="padding: 20px 0;">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="center" style="border-radius: 5px;" bgcolor="${buttonBackgroundColor}"><a href="${url}" target="_blank" style="font-size: 18px; font-family: Helvetica, Arial, sans-serif; color: ${buttonTextColor}; text-decoration: none; text-decoration: none;border-radius: 5px; padding: 10px 20px; border: 1px solid ${buttonBorderColor}; display: inline-block; font-weight: bold;">login</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" style="padding: 0px 0px 10px 0px; font-size: 16px; line-height: 22px; font-family: Helvetica, Arial, sans-serif; color: ${textColor};">
Or copy and paste this link: <a href="#" style="text-decoration:none; color:${textColor}">${url}</a>
</td>
</tr>
<tr>
<td align="center" style="padding: 0px 0px 10px 0px; font-size: 10px; line-height: 22px; font-family: Helvetica, Arial, sans-serif; color: ${textColor};">
If you did not request this email you can safely ignore it.
</td>
</tr>
</table>
</body>
`
}
// Email text body fallback for email clients that don't render HTML
const text = ({ url, site }) => `Sign in to ${site}\n${url}\n\n`