QuickBite-POS/auth.ts at main · devjenko/QuickBite-POS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import NextAuth, { User } from "next-auth";
import Credentials from "next-auth/providers/credentials";
import prisma from "@/lib/prisma";
import bcrypt from "bcryptjs";

declare module "next-auth" {
  interface User {
    businessId?: string;
  }
  interface Session {
    user: User & {
      id?: string;
      businessId?: string;
    };
  }
}

export const { handlers, signIn, signOut, auth } = NextAuth({
  session: {
    strategy: "jwt",
  },
  providers: [
    Credentials({
      name: "Credentials",
      credentials: {
        businessId: { label: "Business ID", type: "text" },
        password: { label: "Password", type: "password" },
      },
      async authorize(credentials) {
        // Validate that credentials exist
        if (!credentials?.businessId || !credentials?.password) {
          return null;
        }

        // Find user in database by businessId
        const user = await prisma.user.findUnique({
          where: {
            businessId: credentials.businessId as string,
          },
        });

        // If user doesn't exist, return null
        if (!user) {
          return null;
        }

        // Compare the provided password with the hashed password in database
        const isPasswordValid = await bcrypt.compare(
          credentials.password as string,
          user.password
        );

        // If password is invalid, return null
        if (!isPasswordValid) {
          return null;
        }

        // If everything is valid, remove the password and return the full user object
        delete (user as unknown as { password?: string }).password;
        return user as unknown as User | null;
      },
    }),
  ],
  callbacks: {
    async jwt({ token, user }) {
      // When user signs in, add their data to the token
      if (user) {
        token.id = user.id;
        token.businessId = user.businessId;
      }
      return token;
    },
    async session({ session, token }) {
      // Add user data from token to the session object
      if (token) {
        session.user.id = token.id as string;
        session.user.businessId = token.businessId as string;
      }
      return session;
    },
  },
  pages: {
    signIn: "/login",
  },
});