157 lines
3.9 KiB
TypeScript
157 lines
3.9 KiB
TypeScript
import { NextAuthOptions } from 'next-auth'
|
|
import CredentialsProvider from 'next-auth/providers/credentials'
|
|
import { JWT } from 'next-auth/jwt'
|
|
|
|
declare module 'next-auth' {
|
|
interface Session {
|
|
user: {
|
|
name?: string | null
|
|
surname?: string | null
|
|
email?: string | null
|
|
phone_number?: string | null
|
|
image?: string | null
|
|
}
|
|
accessToken?: string
|
|
refreshToken?: string
|
|
expiresAt?: number
|
|
}
|
|
|
|
interface User {
|
|
id: string
|
|
email: string
|
|
name?: string
|
|
accessToken?: string
|
|
refreshToken?: string
|
|
}
|
|
|
|
interface JWT {
|
|
accessToken?: string
|
|
refreshToken?: string
|
|
expiresAt?: number
|
|
error?: string
|
|
}
|
|
}
|
|
|
|
interface GoogleToken extends JWT {
|
|
accessToken?: string
|
|
refreshToken?: string
|
|
expiresAt?: number | undefined
|
|
error?: string
|
|
}
|
|
|
|
async function refreshAccessToken(token: GoogleToken): Promise<GoogleToken> {
|
|
try {
|
|
const response = await fetch(`${process.env.BACKEND_URL}/auth/refresh/`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
},
|
|
body: JSON.stringify({
|
|
refresh: token.refreshToken,
|
|
}),
|
|
})
|
|
|
|
if (!response.ok) {
|
|
const errorData = await response.json()
|
|
throw errorData
|
|
}
|
|
|
|
const refreshedTokens = await response.json()
|
|
|
|
return {
|
|
...token,
|
|
accessToken: refreshedTokens.access,
|
|
refreshToken: refreshedTokens.refresh ?? token.refreshToken,
|
|
expiresAt: refreshedTokens.expires_at,
|
|
}
|
|
} catch (error) {
|
|
console.error('Refresh error:', error)
|
|
return {
|
|
...token,
|
|
error: 'RefreshAccessTokenError',
|
|
}
|
|
}
|
|
}
|
|
|
|
export const authOptions: NextAuthOptions = {
|
|
providers: [
|
|
//логин
|
|
CredentialsProvider({
|
|
id: 'credentials',
|
|
name: 'Credentials',
|
|
credentials: {
|
|
login: { label: 'Login', type: 'text' },
|
|
password: { label: 'Password', type: 'password' },
|
|
},
|
|
async authorize(credentials) {
|
|
try {
|
|
const res = await fetch(`${process.env.BACKEND_URL}/auth/login/`, {
|
|
method: 'POST',
|
|
headers: { 'Content-Type': 'application/json' },
|
|
body: JSON.stringify({
|
|
login: credentials?.login,
|
|
password: credentials?.password,
|
|
}),
|
|
})
|
|
|
|
const data = await res.json()
|
|
|
|
if (!res.ok) {
|
|
throw new Error(data.error || 'Authentication failed')
|
|
}
|
|
|
|
return {
|
|
id: data.user.id.toString(),
|
|
email: data.user.email,
|
|
name: data.user.firstName,
|
|
accessToken: data.access,
|
|
refreshToken: data.refresh,
|
|
}
|
|
} catch (error) {
|
|
console.error('Login error:', error)
|
|
return null
|
|
}
|
|
},
|
|
}),
|
|
],
|
|
callbacks: {
|
|
async jwt({ token, user, account }) {
|
|
if (user && account) {
|
|
if (account.type === 'credentials') {
|
|
return {
|
|
...token,
|
|
accessToken: user.accessToken,
|
|
refreshToken: user.refreshToken,
|
|
expiresAt: Math.floor(Date.now() / 1000) + 15 * 60, // 15 минут
|
|
}
|
|
} else {
|
|
return {
|
|
...token,
|
|
accessToken: account.access_token,
|
|
refreshToken: account.refresh_token,
|
|
expiresAt: account.expires_at,
|
|
}
|
|
}
|
|
}
|
|
|
|
// проверяем не истекает ли токен в ближайшие 5 минут
|
|
const expiresAt = token.expiresAt as number | undefined
|
|
if (
|
|
typeof expiresAt === 'number' &&
|
|
Date.now() < (expiresAt - 5 * 60) * 1000 // обновляем за 5 минут до истечения
|
|
) {
|
|
return token
|
|
}
|
|
|
|
return refreshAccessToken(token as GoogleToken)
|
|
},
|
|
async session({ session, token }) {
|
|
if (token) {
|
|
session.accessToken = token.accessToken as string
|
|
session.refreshToken = token.refreshToken as string
|
|
}
|
|
return session
|
|
},
|
|
},
|
|
}
|