Security: - Add auth + file type/size validation to upload API - Add admin auth to /api/admin/ endpoints - Add SSRF protection to scrape action - Whitelist fields in PUT /api/notes/[id] to prevent mass assignment - Protect /lab, /agents, /chat, /canvas, /notebooks routes in middleware AI provider fixes: - Add deepseek/openrouter to factory ProviderType (was silently falling back to ollama) - Fix title-suggestion.service.ts to use factory instead of hardcoded OpenAI - Fix getAIProvider→getChatProvider in memory-echo, notebook-summary, agent-executor - Fix getAIProvider→getTagsProvider in notebook-suggestion, title-suggestions, transform-markdown Functional bugs: - Fix ALLOW_REGISTRATION AND→OR logic - Fix note-editor.tsx passing stale props to useAutoTagging instead of local state - Fix stale Note.embedding type (migrated to NoteEmbedding table) - Remove hardcoded SQLite path from prisma.ts Frontend: - Add AbortController to useAutoTagging and useTitleSuggestions hooks - Add error rollback to optimistic UI in note-inline-editor - Remove stale closure over notebookId/language in useAutoTagging Cleanup: - Rename docker-compose from keepnotes→memento - Remove unused unstable_cache import from config.ts - Remove dead useUndoRedo hook - Fix TagSuggestion type (add isNewLabel, reasoning) - Remove dead AIConfig/AIProviderType types - Fix ghost-tags unused isEmpty var and as any cast - Fix note-editor titleSuggestions typed as any[] Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
58 lines
2.0 KiB
TypeScript
58 lines
2.0 KiB
TypeScript
import type { NextAuthConfig } from 'next-auth';
|
|
|
|
export const authConfig = {
|
|
pages: {
|
|
signIn: '/login',
|
|
newUser: '/register',
|
|
},
|
|
secret: process.env.NEXTAUTH_SECRET,
|
|
trustHost: true,
|
|
session: {
|
|
strategy: 'jwt',
|
|
},
|
|
callbacks: {
|
|
authorized({ auth, request: { nextUrl } }) {
|
|
const isLoggedIn = !!auth?.user;
|
|
const isAdmin = (auth?.user as any)?.role === 'ADMIN';
|
|
const isDashboardPage = nextUrl.pathname === '/' ||
|
|
nextUrl.pathname.startsWith('/reminders') ||
|
|
nextUrl.pathname.startsWith('/archive') ||
|
|
nextUrl.pathname.startsWith('/trash') ||
|
|
nextUrl.pathname.startsWith('/settings') ||
|
|
nextUrl.pathname.startsWith('/lab') ||
|
|
nextUrl.pathname.startsWith('/agents') ||
|
|
nextUrl.pathname.startsWith('/chat') ||
|
|
nextUrl.pathname.startsWith('/canvas') ||
|
|
nextUrl.pathname.startsWith('/notebooks') ||
|
|
nextUrl.pathname.startsWith('/note/');
|
|
const isAdminPage = nextUrl.pathname.startsWith('/admin');
|
|
|
|
if (isAdminPage) {
|
|
return isLoggedIn && isAdmin;
|
|
}
|
|
|
|
if (isDashboardPage) {
|
|
if (isLoggedIn) return true;
|
|
return false;
|
|
} else if (isLoggedIn && (nextUrl.pathname === '/login' || nextUrl.pathname === '/register')) {
|
|
return Response.redirect(new URL('/', nextUrl));
|
|
}
|
|
return true;
|
|
},
|
|
async jwt({ token, user }) {
|
|
if (user) {
|
|
token.id = user.id;
|
|
token.role = (user as any).role;
|
|
}
|
|
return token;
|
|
},
|
|
async session({ session, token }) {
|
|
if (token && session.user) {
|
|
(session.user as any).id = token.id;
|
|
(session.user as any).role = token.role;
|
|
}
|
|
return session;
|
|
},
|
|
},
|
|
providers: [],
|
|
} satisfies NextAuthConfig; |