forked from CommunityOfCoders/COC_Landing
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.ts
More file actions
123 lines (114 loc) · 3.87 KB
/
auth.ts
File metadata and controls
123 lines (114 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import { NextAuthOptions } from "next-auth"
import GoogleProvider from "next-auth/providers/google"
import { supabaseAdmin } from "./supabase-admin"
export const authOptions: NextAuthOptions = {
providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID!,
clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
}),
],
session: {
strategy: "jwt",
},
pages: {
signIn: "/auth/signin",
error: "/auth/error",
},
callbacks: {
async signIn({ account, profile, user }) {
console.log('SignIn attempt for:', profile?.email);
if (account?.provider === "google" && profile?.email) {
// Check if email ends with .vjti.ac.in
if (!profile.email.endsWith('.vjti.ac.in')) {
return false;
}
//extract dep and year from email
const dep = profile.email.split('@')[1].split('.')[0];
const match = profile.email.match(/_?b(\d+)@/);
const year = match ? parseInt(match[1], 10) + 2000 : null;
// console.log(`Extracted department: ${dep}, year: ${year} from email: ${profile.email}`);
// Sync user to Supabase
try {
const { data: existingUser } = await supabaseAdmin
.from('users')
.select('uid, is_admin')
.eq('email', profile.email)
.single();
if (!existingUser) {
// Create new user in Supabase with explicit is_admin = 0
await supabaseAdmin
.from('users')
.insert([{
email: profile.email,
name: profile.name || user.name,
picture: profile.image || user.image,
branch:dep,
year: year,
is_admin: 0, // Explicitly set to 0, can only be changed via Supabase
}]);
} else {
// Update existing user
await supabaseAdmin
.from('users')
.update({
name: profile.name || user.name,
picture: profile.image || user.image,
branch:dep,
year: year,
})
.eq('email', profile.email);
}
} catch (error) {
console.error('Error syncing user to Supabase:', error);
// Don't block sign in if Supabase sync fails
}
return true;
}
return false;
},
async jwt({ token, user, trigger, session }) {
// Fetch user's admin status from Supabase only on initial sign in
// Subsequent requests will use the cached value in the JWT token
if (user) {
// Initial sign in - fetch admin status
try {
const { data: userData } = await supabaseAdmin
.from('users')
.select('is_admin')
.eq('email', token.email)
.single();
if (userData) {
token.isAdmin = userData.is_admin === 1;
}
} catch (error) {
console.error('Error fetching user admin status:', error);
token.isAdmin = false;
}
}
// Handle session updates (e.g., when admin status changes)
if (session && trigger === 'update') {
token.isAdmin = session.isAdmin;
}
return token;
},
async session({ session, token }) {
// Add isAdmin to session
if (session.user) {
session.user.isAdmin = token.isAdmin || false;
}
return session;
},
async redirect({ url, baseUrl }) {
// For callback redirects after sign in, redirect to dashboard
// The middleware will handle routing admins to admin-dashboard
if (url.includes('/api/auth/callback')) {
return baseUrl + "/dashboard";
}
// Handle other redirects
if (url.startsWith(baseUrl)) return url;
else if (url.startsWith("/")) return new URL(url, baseUrl).toString();
return baseUrl + "/dashboard";
},
},
}