authorization pretty

ls1intum · Nov 29, 2024 · aff1a6f · aff1a6f
1 parent 41f357b
commit aff1a6f
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 20 deletions.
diff --git a/atlas-metrics/.env.example b/atlas-metrics/.env.example
@@ -0,0 +1,17 @@
+# Influx db setup
+INFLUXDB_TOKEN=atlas-influxdb-token
+INFLUXDB_ORG=atlas
+INFLUXDB_BUCKET=atlas-metrics
+DOCKER_INFLUXDB_INIT_USERNAME=admin
+DOCKER_INFLUXDB_INIT_PASSWORD=password
+
+# Auth Config
+NEXTAUTH_SECRET=myjwtsecretkey # `npx auth secret` or `openssl rand -hex 32`
+NEXTAUTH_URL=http://localhost:3000
+
+# Auth Provider
+GITHUB_ID=provider-id
+GITHUB_SECRET=provider-secret
+
+# Github Repository
+ADMINS=[email protected]
diff --git a/atlas-metrics/app/api/auth/[...nextauth]/route.ts b/atlas-metrics/app/api/auth/[...nextauth]/route.ts
@@ -1,5 +1,26 @@
-import NextAuth from "next-auth";
 import GithubProvider from "next-auth/providers/github";
+import NextAuth, { type DefaultSession, type DefaultUser, NextAuthOptions } from "next-auth";
+
+// Extend the default User interface
+declare module "next-auth" {
+  interface Session {
+    user: {
+      /** Custom properties */
+      isAdmin?: boolean;
+    } & DefaultSession["user"];
+  }
+
+  interface User extends DefaultUser {
+    isAdmin?: boolean;
+  }
+}
+
+// Extend the default JWT interface
+declare module "next-auth/jwt" {
+  interface JWT {
+    isAdmin?: boolean;
+  }
+}
 
 const providers = [
   GithubProvider({
@@ -8,18 +29,18 @@ const providers = [
   }),
 ];
 
-const authOptions = {
+const authOptions: NextAuthOptions = {
   providers: providers,
   callbacks: {
     async session({ session, token }) {
+      // Ensure `isAdmin` is included in the session
       session.user.isAdmin = token.isAdmin || false;
       return session;
     },
-    async jwt({ token, account, user }) {
+    async jwt({ token, account }) {
       if (account?.access_token) {
         try {
           const admins = process.env.ADMINS?.split(",") || [];
-
           // Store admin status in the token
           token.isAdmin = admins.some((admin) => admin === token.email);
           // eslint-disable-next-line @typescript-eslint/no-unused-vars

diff --git a/atlas-metrics/app/layout.tsx b/atlas-metrics/app/layout.tsx
@@ -1,11 +1,11 @@
 import type { Metadata } from "next";
 import localFont from "next/font/local";
 import "./globals.css";
-import { Session } from "next-auth";
 
 import { Header } from "@components/custom/Header";
 import { Footer } from "@components/custom/Footer";
 import NextAuthProvider from "./next-auth-provider";
+import { Session } from "next-auth";
 
 const geistSans = localFont({
   src: "./fonts/GeistVF.woff",

diff --git a/atlas-metrics/middleware.ts b/atlas-metrics/middleware.ts
@@ -1,20 +1,20 @@
-import { withAuth } from "next-auth/middleware"
-import {NextResponse} from "next/server";
+import { withAuth } from "next-auth/middleware";
+import { NextResponse } from "next/server";
 
 export default withAuth(
-    function middleware(req) {
-        const token = req.nextauth?.token;
-        if (!token || !token.isAdmin) {
-            return NextResponse.redirect(new URL("/unauthorized", req.url));
-        }
+  function middleware(req) {
+    const token = req.nextauth?.token;
+    if (!token || !token.isAdmin) {
+      return NextResponse.redirect(new URL("/unauthorized", req.url));
+    }
 
-        return NextResponse.next();
+    return NextResponse.next();
+  },
+  {
+    callbacks: {
+      authorized: ({ token }) => !!token?.isAdmin,
     },
-    {
-      callbacks: {
-        authorized: ({ token }) => !! token?.isAdmin,
-      },
-    },
-)
+  },
+);
 
-export const config = { matcher: ["/admin"] }
+export const config = { matcher: ["/admin"] };