Initial commit

auth.ts

@@ -0,0 +1,64 @@
+import NextAuth from 'next-auth'
+import Credentials from 'next-auth/providers/credentials'
+import { db } from '@/lib/db'
+import { users } from '@/lib/db/schema'
+import { eq } from 'drizzle-orm'
+import bcrypt from 'bcryptjs'
+
+export const { handlers, signIn, signOut, auth } = NextAuth({
+  providers: [
+    Credentials({
+      credentials: {
+        email: { label: 'Email', type: 'email' },
+        password: { label: 'Password', type: 'password' },
+      },
+      authorize: async (credentials) => {
+        const email = credentials?.email as string
+        const password = credentials?.password as string
+
+        if (!email || !password) return null
+
+        const result = await db
+          .select()
+          .from(users)
+          .where(eq(users.email, email.toLowerCase().trim()))
+          .limit(1)
+
+        const user = result[0]
+        if (!user) return null
+
+        const valid = await bcrypt.compare(password, user.passwordHash)
+        if (!valid) return null
+
+        return {
+          id: user.id,
+          email: user.email,
+          name: user.fullName ?? user.email.split('@')[0],
+          role: user.role,
+        }
+      },
+    }),
+  ],
+  callbacks: {
+    jwt({ token, user }) {
+      if (user) {
+        token.id = user.id
+        token.role = (user as { role: string }).role
+      }
+      return token
+    },
+    session({ session, token }) {
+      if (session.user) {
+        session.user.id = token.id as string
+        ;(session.user as { role: string }).role = token.role as string
+      }
+      return session
+    },
+  },
+  pages: {
+    signIn: '/auth/login',
+    error: '/auth/error',
+  },
+  session: { strategy: 'jwt' },
+  trustHost: true,
+})