Pedro Gomes
1bc837e606
# O que mudou 1 Schema: failedAttempts + lockedUntil em User; migration auth_v0_2_lockout aplicada; crypto.ts com hashSecret/verifySecret (Node scrypt nativo, zero deps) 2 packages/api/src/auth.ts — authenticateCredential com lockout de 5 tentativas 3 Seed reescrito: admin hashed admin1234, operadores hashed 1111/2222/3333 4 Porta das traseiras fechada: AUTH_DEV_AUTOLOGIN ignorado quando NODE_ENV=production, em ambas as apps 5 operator-pwa: Credentials provider usa PIN + allowedRoles:['OPERATOR']; cookies fieldops-op.* 6 Picker em 2 estados: lista → teclado PIN (botões grandes, dots de progresso, mensagem de erro sem dar pistas) 7 admin-web: Auth.js completo (auth.config, auth.ts, route handler, middleware, /login page, AUTH_SECRET no env) com cookies fieldops-admin.* 8 scripts/auth-smoke.ts (11/11 ✓); .env.example e README atualizados
48 lines
1.7 KiB
TypeScript
48 lines
1.7 KiB
TypeScript
import type { NextAuthConfig } from 'next-auth';
|
|
|
|
/**
|
|
* Edge-safe portion of the Auth.js config. The middleware imports THIS, never
|
|
* the full `auth.ts` — Credentials providers and the Prisma client are not
|
|
* edge-compatible, so they live exclusively in auth.ts which runs in the
|
|
* Node.js runtime (route handlers).
|
|
*/
|
|
export const authConfig = {
|
|
trustHost: true,
|
|
session: { strategy: 'jwt' },
|
|
pages: {
|
|
signIn: '/select-operator',
|
|
},
|
|
// Distinct cookie names prevent session collision when both apps run on localhost
|
|
// (cookies are not isolated by port — only by name and domain).
|
|
cookies: {
|
|
sessionToken: { name: 'fieldops-op.session-token' },
|
|
callbackUrl: { name: 'fieldops-op.callback-url' },
|
|
csrfToken: { name: 'fieldops-op.csrf-token' },
|
|
},
|
|
callbacks: {
|
|
async jwt({ token, user }) {
|
|
if (user) {
|
|
// user is the value returned from `authorize()` in the Credentials provider.
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
const u = user as any;
|
|
token.id = u.id;
|
|
token.role = u.role;
|
|
token.tenantId = u.tenantId;
|
|
}
|
|
return token;
|
|
},
|
|
async session({ session, token }) {
|
|
if (token && session.user) {
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
(session.user as any).id = token.id;
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
(session.user as any).role = token.role;
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
(session.user as any).tenantId = token.tenantId;
|
|
}
|
|
return session;
|
|
},
|
|
},
|
|
providers: [],
|
|
} satisfies NextAuthConfig;
|