import type { NextAuthConfig } from 'next-auth'; export const authConfig = { pages: { signIn: '/login', newUser: '/register', }, secret: process.env.NEXTAUTH_SECRET, trustHost: true, session: { strategy: 'jwt', maxAge: 60 * 60 * 24 * 7, updateAge: 60 * 60 * 12, }, callbacks: { authorized({ auth, request: { nextUrl } }) { const isLoggedIn = !!auth?.user; const isAdmin = (auth?.user as any)?.role === 'ADMIN'; const isDashboardPage = nextUrl.pathname === '/home' || nextUrl.pathname.startsWith('/reminders') || nextUrl.pathname.startsWith('/archive') || nextUrl.pathname.startsWith('/trash') || nextUrl.pathname.startsWith('/settings') || nextUrl.pathname.startsWith('/lab') || nextUrl.pathname.startsWith('/agents') || nextUrl.pathname.startsWith('/chat') || nextUrl.pathname.startsWith('/canvas') || nextUrl.pathname.startsWith('/notebooks') || nextUrl.pathname.startsWith('/note/') || nextUrl.pathname.startsWith('/brainstorm') || nextUrl.pathname.startsWith('/insights') || nextUrl.pathname.startsWith('/graph') || nextUrl.pathname.startsWith('/revision') || nextUrl.pathname.startsWith('/support'); const isAdminPage = nextUrl.pathname.startsWith('/admin'); const isPublicPage = nextUrl.pathname === '/' || nextUrl.pathname === '/login' || nextUrl.pathname === '/register' || nextUrl.pathname === '/forgot-password' || nextUrl.pathname.startsWith('/reset-password'); if (isAdminPage) { return isLoggedIn && isAdmin; } if (isDashboardPage) { if (isLoggedIn) return true; return false; } if (isLoggedIn && (nextUrl.pathname === '/login' || nextUrl.pathname === '/register')) { return Response.redirect(new URL('/home', nextUrl)); } return true; }, async jwt({ token, user, trigger, session }) { if (trigger === 'update' && session && 'aiSessionConsent' in session) { token.aiSessionConsent = session.aiSessionConsent === true; return token; } if (user) { token.id = user.id; token.role = (user as any).role; token.aiSessionConsent = false; } return token; }, async session({ session, token }) { if (token && session.user) { (session.user as any).id = token.id; (session.user as any).role = token.role; session.aiSessionConsent = token.aiSessionConsent === true; (session.user as any).onboardingCompleted = token.onboardingCompleted === true; } return session; }, }, providers: [], } satisfies NextAuthConfig;