79 lines
1.8 KiB
TypeScript
79 lines
1.8 KiB
TypeScript
import { db } from "@/lib/db/index";
|
|
import { DrizzleAdapter } from "@auth/drizzle-adapter";
|
|
import { DefaultSession, getServerSession, NextAuthOptions } from "next-auth";
|
|
import { Adapter } from "next-auth/adapters";
|
|
import { redirect } from "next/navigation";
|
|
import { z } from "zod";
|
|
import AzureADProvider from "next-auth/providers/azure-ad";
|
|
|
|
declare module "next-auth" {
|
|
interface Session {
|
|
user: DefaultSession["user"] & {
|
|
id: string;
|
|
};
|
|
accessToken?: string;
|
|
}
|
|
}
|
|
|
|
export type AuthSession = {
|
|
session: {
|
|
user: {
|
|
id: string;
|
|
name?: string;
|
|
email?: string;
|
|
};
|
|
} | null;
|
|
};
|
|
|
|
const envSchema = z.object({
|
|
AZURE_AD_CLIENT_ID: z.string().min(1),
|
|
AZURE_AD_CLIENT_SECRET: z.string().min(1),
|
|
});
|
|
|
|
export const env = envSchema.parse(process.env);
|
|
|
|
export const authOptions: NextAuthOptions = {
|
|
adapter: DrizzleAdapter(db) as Adapter,
|
|
callbacks: {
|
|
jwt: async ({ token, account }) => {
|
|
if (account) {
|
|
token.accessToken = account.access_token;
|
|
}
|
|
return token;
|
|
},
|
|
session: ({ session, token, user }) => {
|
|
if (user) {
|
|
session.user.id = user.id;
|
|
}
|
|
if (token?.accessToken) {
|
|
session.accessToken = token.accessToken as string;
|
|
}
|
|
return session;
|
|
},
|
|
},
|
|
providers: [
|
|
AzureADProvider({
|
|
clientId: env.AZURE_AD_CLIENT_ID,
|
|
clientSecret: env.AZURE_AD_CLIENT_SECRET,
|
|
tenantId: "common", // Multi-Tenancy Support
|
|
authorization: {
|
|
params: {
|
|
scope: "openid profile email offline_access User.Read",
|
|
},
|
|
},
|
|
}),
|
|
],
|
|
};
|
|
|
|
|
|
export const getUserAuth = async () => {
|
|
const session = await getServerSession(authOptions);
|
|
return { session } as AuthSession;
|
|
};
|
|
|
|
export const checkAuth = async () => {
|
|
const { session } = await getUserAuth();
|
|
if (!session) redirect("/api/auth/signin");
|
|
};
|
|
|