Initial commit

2026-04-08 16:30:44 +02:00
commit f9b17e9964
65 changed files with 7574 additions and 0 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -0,0 +1,87 @@
+import type { NextAuthOptions } from "next-auth";
+import CredentialsProvider from "next-auth/providers/credentials";
+import bcrypt from "bcryptjs";
+import { z } from "zod";
+
+import prisma from "@/lib/prisma";
+
+const credentialsSchema = z.object({
+  identifier: z.string().trim().min(2),
+  password: z.string().min(6)
+});
+
+export const authOptions: NextAuthOptions = {
+  session: {
+    strategy: "jwt"
+  },
+  pages: {
+    signIn: "/login"
+  },
+  providers: [
+    CredentialsProvider({
+      name: "Login und Passwort",
+      credentials: {
+        identifier: { label: "Login-Name", type: "text" },
+        password: { label: "Passwort", type: "password" }
+      },
+      async authorize(rawCredentials) {
+        const parsedCredentials = credentialsSchema.safeParse(rawCredentials);
+
+        if (!parsedCredentials.success) {
+          return null;
+        }
+
+        const normalizedIdentifier = parsedCredentials.data.identifier.toLowerCase();
+        const matchedUser = await prisma.user.findUnique({
+          where: {
+            username: normalizedIdentifier
+          }
+        });
+
+        if (!matchedUser) {
+          return null;
+        }
+
+        const isPasswordValid = await bcrypt.compare(parsedCredentials.data.password, matchedUser.passwordHash);
+
+        if (!isPasswordValid) {
+          return null;
+        }
+
+        return {
+          id: matchedUser.id,
+          name: matchedUser.username,
+          username: matchedUser.username,
+          email: matchedUser.email,
+          role: matchedUser.role,
+          workingGroupId: matchedUser.workingGroupId,
+          approvalPreference: matchedUser.approvalPreference
+        };
+      }
+    })
+  ],
+  callbacks: {
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id;
+        token.username = user.username;
+        token.role = user.role;
+        token.workingGroupId = user.workingGroupId;
+        token.approvalPreference = user.approvalPreference;
+      }
+
+      return token;
+    },
+    async session({ session, token }) {
+      if (session.user) {
+        session.user.id = token.id ?? "";
+        session.user.username = token.username ?? "";
+        session.user.role = token.role ?? "MEMBER";
+        session.user.workingGroupId = token.workingGroupId ?? null;
+        session.user.approvalPreference = token.approvalPreference ?? null;
+      }
+
+      return session;
+    }
+  }
+};