arifal
93 lines
2.9 KiB
TypeScript
93 lines
2.9 KiB
TypeScript
import { AuthOptions } from "next-auth";
|
|
import CredentialsProvider from "next-auth/providers/credentials";
|
|
import GoogleProvider from "next-auth/providers/google";
|
|
import { PrismaAdapter } from "@next-auth/prisma-adapter";
|
|
import bcrypt from "bcryptjs";
|
|
import { prisma } from "@/lib/prisma";
|
|
|
|
// Adapter dipakai untuk persist User + Account saat OAuth (Google).
|
|
// Session tetap pakai JWT supaya kompatibel dengan CredentialsProvider.
|
|
export const authOptions: AuthOptions = {
|
|
adapter: PrismaAdapter(prisma),
|
|
providers: [
|
|
GoogleProvider({
|
|
clientId: process.env.GOOGLE_CLIENT_ID!,
|
|
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
|
|
// Auto-link kalau email Google sama dengan email user yang sudah register
|
|
// via Credentials. Aman karena Google selalu memverifikasi email pemilik akun.
|
|
allowDangerousEmailAccountLinking: true,
|
|
}),
|
|
CredentialsProvider({
|
|
name: "credentials",
|
|
credentials: {
|
|
email: { label: "Email", type: "email" },
|
|
password: { label: "Password", type: "password" },
|
|
},
|
|
async authorize(credentials) {
|
|
if (!credentials?.email || !credentials?.password) {
|
|
throw new Error("Email dan password harus diisi");
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: credentials.email },
|
|
});
|
|
|
|
if (!user) {
|
|
throw new Error("Email tidak ditemukan");
|
|
}
|
|
|
|
if (!user.password) {
|
|
throw new Error("Akun ini terdaftar via Google. Silakan login dengan Google.");
|
|
}
|
|
|
|
const isPasswordValid = await bcrypt.compare(
|
|
credentials.password,
|
|
user.password
|
|
);
|
|
|
|
if (!isPasswordValid) {
|
|
throw new Error("Password salah");
|
|
}
|
|
|
|
return {
|
|
id: user.id,
|
|
name: user.name,
|
|
email: user.email,
|
|
image: user.image,
|
|
};
|
|
},
|
|
}),
|
|
],
|
|
session: {
|
|
strategy: "jwt",
|
|
},
|
|
callbacks: {
|
|
async jwt({ token, user, trigger }) {
|
|
if (user) {
|
|
token.id = user.id;
|
|
}
|
|
// Hidrasi `acceptedTermsAndPrivacy` dari DB pada login pertama dan setiap
|
|
// kali client memanggil `useSession().update()` (setelah user accept).
|
|
if (token.id && (trigger === "update" || token.acceptedTermsAndPrivacy === undefined)) {
|
|
const dbUser = await prisma.user.findUnique({
|
|
where: { id: token.id as string },
|
|
select: { acceptedTermsAndPrivacy: true },
|
|
});
|
|
token.acceptedTermsAndPrivacy = dbUser?.acceptedTermsAndPrivacy ?? false;
|
|
}
|
|
return token;
|
|
},
|
|
async session({ session, token }) {
|
|
if (session.user) {
|
|
session.user.id = token.id as string;
|
|
session.user.acceptedTermsAndPrivacy = token.acceptedTermsAndPrivacy ?? false;
|
|
}
|
|
return session;
|
|
},
|
|
},
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
secret: process.env.NEXTAUTH_SECRET,
|
|
};
|