UNPKG

next-auth

Version:

Authentication for Next.js

next-auth.js.org

nextauthjs/next-auth

100 lines (91 loc) 3.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import getAuthorizationUrl from "../lib/oauth/authorization-url" import emailSignin from "../lib/email/signin" import getAdapterUserFromEmail from "../lib/email/getUserFromEmail" import type { RequestInternal, ResponseInternal } from ".." import type { InternalOptions } from "../types" import type { Account } from "../.." /** Handle requests to /api/auth/signin */ export default async function signin(params: { options: InternalOptions<"oauth" | "email"> query: RequestInternal["query"] body: RequestInternal["body"] }): Promise<ResponseInternal> { const { options, query, body } = params const { url, callbacks, logger, provider } = options if (!provider.type) { return { status: 500, // @ts-expect-error text: `Error: Type not specified for ${provider.name}`, } } if (provider.type === "oauth") { try { const response = await getAuthorizationUrl({ options, query }) return response } catch (error) { logger.error("SIGNIN_OAUTH_ERROR", { error: error as Error, providerId: provider.id, }) return { redirect: `${url}/error?error=OAuthSignin` } } } else if (provider.type === "email") { let email: string = body?.email if (!email) return { redirect: `${url}/error?error=EmailSignin` } const normalizer: (identifier: string) => string = provider.normalizeIdentifier ?? ((identifier) => { // Get the first two elements only, // separated by `@` from user input. let [local, domain] = identifier.toLowerCase().trim().split("@") // The part before "@" can contain a "," // but we remove it on the domain part domain = domain.split(",")[0] return `${local}@${domain}` }) try { email = normalizer(body?.email) } catch (error) { logger.error("SIGNIN_EMAIL_ERROR", { error, providerId: provider.id }) return { redirect: `${url}/error?error=EmailSignin` } } const user = await getAdapterUserFromEmail({ email, adapter: options.adapter, }) const account: Account = { providerAccountId: email, userId: email, type: "email", provider: provider.id, } // Check if user is allowed to sign in try { const signInCallbackResponse = await callbacks.signIn({ user, account, email: { verificationRequest: true }, }) if (!signInCallbackResponse) { return { redirect: `${url}/error?error=AccessDenied` } } else if (typeof signInCallbackResponse === "string") { return { redirect: signInCallbackResponse } } } catch (error) { return { redirect: `${url}/error?${new URLSearchParams({ error: error as string, })}`, } } try { const redirect = await emailSignin(email, options) return { redirect } } catch (error) { logger.error("SIGNIN_EMAIL_ERROR", { error, providerId: provider.id }) return { redirect: `${url}/error?error=EmailSignin` } } } return { redirect: `${url}/signin` } }