Authentication & Authorization
NextAuth.js Configuration
The application uses NextAuth.js v5 with multiple authentication providers:
// src/auth.ts
export const authConfig = {
providers: [
Credentials({
async authorize(credentials) {
const validatedFields = loginSchema.safeParse(credentials);
if (validatedFields.success) {
const user = await authenticateUser(validatedFields.data);
return user?.accessToken ? user : null;
}
return null;
},
}),
Google({
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
}),
Github({
clientId: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
}),
],
callbacks: {
async jwt({ token, user, trigger, session }) {
// JWT token handling
},
async session({ session, token }) {
// Session data transformation
},
},
};Route Protection
Protected routes are secured using middleware:
// src/middleware.ts
export async function middleware(request: NextRequest) {
const { user } = (await auth()) || {};
const isAuth = !!user?.accessToken;
const pathname = request.nextUrl.pathname;
// Public routes
const publicUrls = ["/login", "/register", "/verify", "/forgot-password"];
if (publicUrls.some((url) => pathname.startsWith(url))) {
return isAuth
? NextResponse.redirect(new URL("/", request.url))
: NextResponse.next();
}
// Redirect to login if not authenticated
if (!isAuth) {
const from = encodeURIComponent(
request.nextUrl.pathname + request.nextUrl.search
);
return NextResponse.redirect(new URL(`/login?from=${from}`, request.url));
}
return NextResponse.next();
}User Roles & Permissions
The application implements role-based access control:
- Owner: Full access to organization and all projects
- Admin: Can manage projects and members within organization
- Editor: Can edit content but not manage users
Last updated on