2023-02-13 12:41:30 +00:00
|
|
|
import { NextApiRequest, NextApiResponse } from "next";
|
|
|
|
|
import NextAuth from "next-auth";
|
|
|
|
|
import Google from "next-auth/providers/google";
|
|
|
|
|
import GitHub from "next-auth/providers/github";
|
|
|
|
|
import GitLab from "next-auth/providers/gitlab";
|
|
|
|
|
import Cognito from "next-auth/providers/cognito";
|
2023-03-15 12:17:43 +00:00
|
|
|
import { loadConfig, IAppConfig } from "@digiresilience/metamigo-config";
|
2023-02-13 12:41:30 +00:00
|
|
|
import { MetamigoAdapter } from "../../../lib/nextauth-adapter";
|
|
|
|
|
import { CloudflareAccessProvider } from "../../../lib/cloudflare";
|
|
|
|
|
|
|
|
|
|
const nextAuthOptions = (config: IAppConfig, req: NextApiRequest) => {
|
|
|
|
|
const { nextAuth, cfaccess } = config;
|
|
|
|
|
const adapter = MetamigoAdapter(config);
|
|
|
|
|
const providers = [];
|
|
|
|
|
|
|
|
|
|
const { audience, domain } = cfaccess;
|
|
|
|
|
const cloudflareAccessEnabled = audience && domain;
|
|
|
|
|
if (cloudflareAccessEnabled)
|
|
|
|
|
providers.push(CloudflareAccessProvider(audience, domain, adapter, req));
|
|
|
|
|
else {
|
|
|
|
|
if (nextAuth.google?.id)
|
|
|
|
|
providers.push(
|
|
|
|
|
Google({
|
|
|
|
|
clientId: nextAuth.google.id,
|
|
|
|
|
clientSecret: nextAuth.google.secret,
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (nextAuth.github?.id)
|
|
|
|
|
providers.push(
|
|
|
|
|
GitHub({
|
|
|
|
|
clientId: nextAuth.github.id,
|
|
|
|
|
clientSecret: nextAuth.github.secret,
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (nextAuth.gitlab?.id)
|
|
|
|
|
providers.push(
|
|
|
|
|
GitLab({
|
|
|
|
|
clientId: nextAuth.gitlab.id,
|
|
|
|
|
clientSecret: nextAuth.gitlab.secret,
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (nextAuth.cognito?.id)
|
|
|
|
|
providers.push(
|
|
|
|
|
Cognito({
|
|
|
|
|
clientId: nextAuth.cognito.id,
|
|
|
|
|
clientSecret: nextAuth.cognito.secret,
|
|
|
|
|
// domain: nextAuth.cognito.domain,
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (providers.length === 0)
|
|
|
|
|
throw new Error(
|
|
|
|
|
"No next-auth providers configured. See Metamigo configuration docs."
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
secret: nextAuth.secret,
|
|
|
|
|
session: {
|
|
|
|
|
jwt: true,
|
|
|
|
|
maxAge: 8 * 60 * 60, // 8 hours
|
|
|
|
|
},
|
|
|
|
|
jwt: {
|
|
|
|
|
secret: nextAuth.secret,
|
|
|
|
|
encryption: false,
|
|
|
|
|
signingKey: nextAuth.signingKey,
|
|
|
|
|
encryptionKey: nextAuth.encryptionKey,
|
|
|
|
|
},
|
|
|
|
|
providers,
|
|
|
|
|
adapter,
|
|
|
|
|
callbacks: {
|
2023-03-15 12:17:43 +00:00
|
|
|
async session(session: any, token: any) {
|
2023-02-13 12:41:30 +00:00
|
|
|
// make the user id available in the react client
|
|
|
|
|
session.user.id = token.userId;
|
|
|
|
|
return session;
|
|
|
|
|
},
|
2023-03-15 12:17:43 +00:00
|
|
|
async jwt(token: any, user: any) {
|
2023-02-13 12:41:30 +00:00
|
|
|
const isSignIn = Boolean(user);
|
|
|
|
|
// Add auth_time to token on signin in
|
|
|
|
|
if (isSignIn) {
|
|
|
|
|
// not sure what this does
|
|
|
|
|
// if (!token.aud) token.aud;
|
|
|
|
|
|
|
|
|
|
token.aud = nextAuth.audience;
|
|
|
|
|
token.picture = user.avatar;
|
|
|
|
|
token.userId = user.id;
|
|
|
|
|
token.role = user.userRole ? `app_${user.userRole}` : "app_anonymous";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return token;
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const nextAuth = async (
|
|
|
|
|
req: NextApiRequest,
|
|
|
|
|
res: NextApiResponse
|
|
|
|
|
): Promise<void> =>
|
|
|
|
|
// @ts-expect-error: Type mismatch
|
|
|
|
|
NextAuth(req, res, nextAuthOptions(await loadConfig(), req));
|
|
|
|
|
|
|
|
|
|
export default nextAuth;
|
