Files
Momento/memento-note/auth.ts
Antigravity e2672cd2c2
Some checks failed
CI / Lint, Test & Build (push) Failing after 1m19s
CI / Deploy production (on server) (push) Has been skipped
feat(notes): liens internes, onglet Réseau, living blocks et consentement IA
Rend les liens entre notes visibles et persistants (sync NoteLink au save, auto-save, graphe réseau rafraîchi), ajoute living blocks, Memory Echo, recherche globale, consentement IA explicite et consolide les prototypes design en architectural-grid.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-24 14:27:29 +00:00

92 lines
2.9 KiB
TypeScript

import NextAuth from 'next-auth';
import { PrismaAdapter } from '@auth/prisma-adapter';
import { authConfig } from './auth.config';
import prisma from '@/lib/prisma';
import { buildAuthProviders } from '@/lib/auth-providers';
export const { auth, signIn, signOut, handlers } = NextAuth({
...authConfig,
adapter: PrismaAdapter(prisma),
providers: buildAuthProviders(),
events: {
async createUser({ user }) {
const adminEmail = process.env.ADMIN_EMAIL?.toLowerCase();
if (!adminEmail || !user.id || user.email?.toLowerCase() !== adminEmail) {
return;
}
await prisma.user.update({
where: { id: user.id },
data: { role: 'ADMIN', emailVerified: new Date() },
});
},
async signOut(message) {
const userId =
'token' in message && message.token?.sub
? message.token.sub
: 'session' in message && message.session?.userId
? message.session.userId
: null;
if (!userId) return;
await prisma.$transaction([
prisma.user.update({
where: { id: userId },
data: { sessionVersion: { increment: 1 } },
}),
prisma.session.deleteMany({ where: { userId } }),
]);
},
},
callbacks: {
...authConfig.callbacks,
async signIn({ user, account }) {
if (account?.provider === 'google' && user.email) {
const email = user.email.toLowerCase();
const adminEmail = process.env.ADMIN_EMAIL?.toLowerCase();
const existing = await prisma.user.findUnique({ where: { email } });
if (existing && adminEmail && email === adminEmail && existing.role !== 'ADMIN') {
await prisma.user.update({
where: { id: existing.id },
data: { role: 'ADMIN', emailVerified: new Date() },
});
}
}
return true;
},
async jwt({ token, user, trigger, session }) {
if (trigger === 'update' && session && 'aiSessionConsent' in session) {
token.aiSessionConsent = session.aiSessionConsent === true;
return token;
}
if (user?.id) {
token.id = user.id;
token.aiSessionConsent = false;
const dbUser = await prisma.user.findUnique({
where: { id: user.id },
select: { role: true, sessionVersion: true },
});
if (!dbUser) return null;
token.role = dbUser.role;
token.sessionVersion = dbUser.sessionVersion;
} else if (token.sub) {
const dbUser = await prisma.user.findUnique({
where: { id: token.sub },
select: { role: true, sessionVersion: true },
});
if (!dbUser) return null;
if (
typeof token.sessionVersion === 'number' &&
token.sessionVersion !== dbUser.sessionVersion
) {
return null;
}
token.id = token.sub;
token.role = dbUser.role;
token.sessionVersion = dbUser.sessionVersion;
}
return token;
},
},
});