import Google from 'next-auth/providers/google'; import Credentials from 'next-auth/providers/credentials'; import { z } from 'zod'; import bcrypt from 'bcryptjs'; import prisma from '@/lib/prisma'; import { rateLimit } from '@/lib/rate-limit'; export function buildAuthProviders() { const providers = []; if (process.env.AUTH_GOOGLE_ID && process.env.AUTH_GOOGLE_SECRET) { const googlePrompt = process.env.AUTH_GOOGLE_PROMPT === 'login' ? 'login' : 'select_account'; providers.push( Google({ clientId: process.env.AUTH_GOOGLE_ID, clientSecret: process.env.AUTH_GOOGLE_SECRET, authorization: { params: { prompt: googlePrompt, access_type: 'online', }, }, }), ); } providers.push( Credentials({ async authorize(credentials) { try { const parsedCredentials = z .object({ email: z.string().email(), password: z.string().min(6) }) .safeParse(credentials); if (!parsedCredentials.success) { return null; } const { email, password } = parsedCredentials.data; const { allowed } = rateLimit(`login:${email.toLowerCase()}`); if (!allowed) { return null; } const user = await prisma.user.findUnique({ where: { email: email.toLowerCase() }, }); if (!user || !user.password) { return null; } const passwordsMatch = await bcrypt.compare(password, user.password); if (passwordsMatch) { return { id: user.id, email: user.email, name: user.name, role: user.role, }; } return null; } catch { return null; } }, }), ); return providers; } export function isGoogleAuthEnabled() { return Boolean(process.env.AUTH_GOOGLE_ID && process.env.AUTH_GOOGLE_SECRET); }