mirror of
https://github.com/kjanat/livedash-node.git
synced 2026-01-16 16:32:08 +01:00
Kaj Kowalski
38aff21c3a
Security Enhancements: - Implemented proper rate limiting with automatic cleanup for /register and /forgot-password endpoints - Added memory usage protection with MAX_ENTRIES limit (10000) - Fixed rate limiter memory leaks by adding cleanup intervals - Improved IP extraction with x-real-ip and x-client-ip header support Code Quality Improvements: - Refactored ProcessingStatusManager from individual functions to class-based architecture - Maintained backward compatibility with singleton instance pattern - Fixed TypeScript strict mode violations across the codebase - Resolved all build errors and type mismatches UI Component Fixes: - Removed unused chart components (Charts.tsx, DonutChart.tsx) - Fixed calendar component type issues by removing unused custom implementations - Resolved theme provider type imports - Fixed confetti component default options handling - Corrected pointer component coordinate type definitions Type System Improvements: - Extended NextAuth types to support dual auth systems (regular and platform users) - Fixed nullable type handling throughout the codebase - Resolved Prisma JSON field type compatibility issues - Corrected SessionMessage and ImportRecord interface definitions - Fixed ES2015 iteration compatibility issues Database & Performance: - Updated database pool configuration for Prisma adapter compatibility - Fixed pagination response structure in user management endpoints - Improved error handling with proper error class usage Testing & Build: - All TypeScript compilation errors resolved - ESLint warnings remain but no errors - Build completes successfully with proper static generation
129 lines
3.0 KiB
TypeScript
129 lines
3.0 KiB
TypeScript
import bcrypt from "bcryptjs";
|
|
import type { NextAuthOptions } from "next-auth";
|
|
import CredentialsProvider from "next-auth/providers/credentials";
|
|
import { prisma } from "./prisma";
|
|
|
|
// Define the shape of the JWT token
|
|
declare module "next-auth/jwt" {
|
|
interface JWT {
|
|
companyId?: string;
|
|
role?: string;
|
|
isPlatformUser?: boolean;
|
|
platformRole?: string;
|
|
}
|
|
}
|
|
|
|
// Define the shape of the session object
|
|
declare module "next-auth" {
|
|
interface Session {
|
|
user: {
|
|
id?: string;
|
|
name?: string;
|
|
email?: string;
|
|
image?: string;
|
|
companyId?: string;
|
|
role?: string;
|
|
isPlatformUser?: boolean;
|
|
platformRole?: string;
|
|
};
|
|
}
|
|
|
|
interface User {
|
|
id: string;
|
|
email: string;
|
|
name?: string;
|
|
companyId?: string;
|
|
role?: string;
|
|
isPlatformUser?: boolean;
|
|
platformRole?: string;
|
|
}
|
|
}
|
|
|
|
export const authOptions: NextAuthOptions = {
|
|
providers: [
|
|
CredentialsProvider({
|
|
name: "credentials",
|
|
credentials: {
|
|
email: { label: "Email", type: "email" },
|
|
password: { label: "Password", type: "password" },
|
|
},
|
|
async authorize(credentials) {
|
|
if (!credentials?.email || !credentials?.password) {
|
|
return null;
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email: credentials.email },
|
|
include: { company: true },
|
|
});
|
|
|
|
if (!user || !user.password) {
|
|
return null;
|
|
}
|
|
|
|
const isPasswordValid = await bcrypt.compare(
|
|
credentials.password,
|
|
user.password
|
|
);
|
|
|
|
if (!isPasswordValid) {
|
|
return null;
|
|
}
|
|
|
|
// Check if company is active
|
|
if (user.company.status !== "ACTIVE") {
|
|
return null;
|
|
}
|
|
|
|
return {
|
|
id: user.id,
|
|
email: user.email,
|
|
name: user.name || undefined,
|
|
companyId: user.companyId,
|
|
role: user.role,
|
|
};
|
|
},
|
|
}),
|
|
],
|
|
session: {
|
|
strategy: "jwt",
|
|
maxAge: 24 * 60 * 60, // 24 hours for regular users
|
|
},
|
|
cookies: {
|
|
sessionToken: {
|
|
name: "app-auth.session-token",
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "lax",
|
|
path: "/",
|
|
secure: process.env.NODE_ENV === "production",
|
|
},
|
|
},
|
|
},
|
|
callbacks: {
|
|
async jwt({ token, user }) {
|
|
if (user) {
|
|
token.companyId = user.companyId;
|
|
token.role = user.role;
|
|
token.isPlatformUser = user.isPlatformUser;
|
|
token.platformRole = user.platformRole;
|
|
}
|
|
return token;
|
|
},
|
|
async session({ session, token }) {
|
|
if (token && session.user) {
|
|
session.user.companyId = token.companyId;
|
|
session.user.role = token.role;
|
|
session.user.isPlatformUser = token.isPlatformUser;
|
|
session.user.platformRole = token.platformRole;
|
|
}
|
|
return session;
|
|
},
|
|
},
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
secret: process.env.NEXTAUTH_SECRET,
|
|
debug: process.env.NODE_ENV === "development",
|
|
};
|