79 lines
2.5 KiB
TypeScript
79 lines
2.5 KiB
TypeScript
import { NextAuthOptions } from "next-auth";
|
|
import DiscordProvider from "next-auth/providers/discord";
|
|
import CredentialsProvider from "next-auth/providers/credentials";
|
|
import { PrismaAdapter } from "@next-auth/prisma-adapter";
|
|
import bcrypt from "bcryptjs";
|
|
import { prisma } from "./prisma";
|
|
|
|
export const authOptions: NextAuthOptions = {
|
|
adapter: PrismaAdapter(prisma),
|
|
session: { strategy: "jwt" },
|
|
providers: [
|
|
DiscordProvider({
|
|
clientId: process.env.DISCORD_CLIENT_ID!,
|
|
clientSecret: process.env.DISCORD_CLIENT_SECRET!,
|
|
authorization: {
|
|
params: {
|
|
// guilds scope zodat we kunnen controleren of de user lid is
|
|
scope: "identify email guilds",
|
|
},
|
|
},
|
|
}),
|
|
CredentialsProvider({
|
|
name: "credentials",
|
|
credentials: {
|
|
username: { label: "Gebruikersnaam", type: "text" },
|
|
password: { label: "Wachtwoord", type: "password" },
|
|
},
|
|
async authorize(credentials) {
|
|
if (!credentials?.username || !credentials?.password) return null;
|
|
const user = await prisma.user.findUnique({
|
|
where: { username: credentials.username },
|
|
});
|
|
if (!user?.password) return null;
|
|
const valid = await bcrypt.compare(credentials.password, user.password);
|
|
if (!valid) return null;
|
|
return { id: user.id, name: user.name, email: user.email, image: user.image };
|
|
},
|
|
}),
|
|
],
|
|
callbacks: {
|
|
async signIn({ account, profile }) {
|
|
// Credentials login: altijd toegestaan
|
|
if (account?.provider !== "discord") return true;
|
|
|
|
const guildId = process.env.DISCORD_GUILD_ID;
|
|
|
|
// Geen DISCORD_GUILD_ID ingesteld → geen beperking
|
|
if (!guildId) return true;
|
|
|
|
// Haal de guilds op van de ingelogde Discord gebruiker
|
|
const res = await fetch("https://discord.com/api/users/@me/guilds", {
|
|
headers: { Authorization: `Bearer ${account.access_token}` },
|
|
});
|
|
|
|
if (!res.ok) return false;
|
|
|
|
const guilds: { id: string }[] = await res.json();
|
|
const isMember = guilds.some((g) => g.id === guildId);
|
|
|
|
if (!isMember) {
|
|
// Stuur door naar login met foutmelding
|
|
return "/login?error=not_in_server";
|
|
}
|
|
|
|
return true;
|
|
},
|
|
jwt({ token, user }) {
|
|
if (user) token.id = user.id;
|
|
return token;
|
|
},
|
|
session({ session, token }) {
|
|
if (session.user) session.user.id = token.id as string;
|
|
return session;
|
|
},
|
|
},
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
}; |