All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 1m35s
MCP Server: - Fix validateApiKey: O(1) direct lookup by shortId instead of loading all keys - Add trashedAt:null filter to ALL note queries (trashed notes leaked in results) - Compact JSON output (~40% smaller responses) - Bounded session cache (Map with MAX_SESSIONS=500) to prevent memory leaks - PostgreSQL connection pooling (connection_limit=10) - Rewrite all 22 tool descriptions in clear English - Fix /sse fallback to proper 307 redirect memento-note Performance: - loading=lazy on all note images - Split notebooksRefreshKey from global refreshKey (note CRUD no longer re-fetches notebooks) - Remove searchKey from trash count deps (no re-fetch on every keystroke) - Server-side notebookId filter in getAllNotes() (biggest win) - Skip collaborator fetch for non-shared notes (eliminates N+1 API calls) - next/dynamic for MarkdownContent + 4 modals (code-split remark/rehype/KaTeX) - Memoize DOMPurify sanitize with useMemo Security: - XSS: DOMPurify sanitize in note-card and note-history-modal - Auth anti-enumeration: uniform errors in auth.ts - CRON_SECRET mandatory on cron endpoints - Rate limiting on login (5 attempts/min per email) - Centralized API auth helpers (requireAuth/requireAdmin) - randomize-labels changed GET→POST - Removed debug endpoints (/api/debug/config, /api/debug/test-chat) Cleanup: - Removed dead code: .backup-keep, settings-backup, fix-*.js, debug-theme, fix-labels route - Removed sensitive console.error in auth.ts - Ollama fetchWithTimeout (30s/60s AbortController) - i18n: full Arabic translation, Farsi missing keys - Masonry drag-and-drop fix (localOrderMap, cross-section block) - Sidebar notebook tooltip on truncation
57 lines
1.4 KiB
TypeScript
57 lines
1.4 KiB
TypeScript
import NextAuth from 'next-auth';
|
|
import { authConfig } from './auth.config';
|
|
import Credentials from 'next-auth/providers/credentials';
|
|
import { z } from 'zod';
|
|
import prisma from '@/lib/prisma';
|
|
import bcrypt from 'bcryptjs';
|
|
import { rateLimit } from '@/lib/rate-limit';
|
|
|
|
export const { auth, signIn, signOut, handlers } = NextAuth({
|
|
...authConfig,
|
|
providers: [
|
|
Credentials({
|
|
async authorize(credentials) {
|
|
try {
|
|
const parsedCredentials = z
|
|
.object({ email: z.string().email(), password: z.string().min(6) })
|
|
.safeParse(credentials);
|
|
|
|
if (!parsedCredentials.success) {
|
|
return null;
|
|
}
|
|
|
|
const { email, password } = parsedCredentials.data;
|
|
|
|
const { allowed } = rateLimit(`login:${email.toLowerCase()}`)
|
|
if (!allowed) {
|
|
return null;
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: email.toLowerCase() }
|
|
});
|
|
|
|
if (!user || !user.password) {
|
|
return null;
|
|
}
|
|
|
|
const passwordsMatch = await bcrypt.compare(password, user.password);
|
|
|
|
if (passwordsMatch) {
|
|
return {
|
|
id: user.id,
|
|
email: user.email,
|
|
name: user.name,
|
|
role: user.role,
|
|
};
|
|
}
|
|
|
|
return null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
},
|
|
}),
|
|
],
|
|
});
|