feat(auth): add role guards and protect admin routes

This commit is contained in:
2026-06-04 21:57:39 +02:00
parent 601dea9526
commit 12cbec92a0
8 changed files with 114 additions and 27 deletions
+5 -3
View File
@@ -4,12 +4,11 @@ import { ZodError } from "zod"
import type { UserRole } from "@/generated/prisma/client"
import { SIGN_IN_URL, TOKEN_EXPIRATION_SECONDS } from "@/lib/constants"
import { signInSchema } from "@/lib/schemas/auth.schemas"
import { verifyPassword } from "@/lib/security"
import { signInSchema } from "@/schemas/auth.schema"
import { getUserByUsername } from "@/services/user.service"
declare module "next-auth" {
// eslint-disable-next-line no-unused-vars
interface Session {
user: {
id: string
@@ -17,7 +16,6 @@ declare module "next-auth" {
} & DefaultSession["user"]
}
// eslint-disable-next-line no-unused-vars
interface User {
role: UserRole
}
@@ -46,6 +44,10 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
throw new Error("Invalid username or password")
}
if (!user.isActive) {
throw new Error("Invalid username or password")
}
if (!(await verifyPassword(data.password, user.password)))
throw new Error("Invalid username or password")