inlines secret fetching for auth to remove postinstall step

auth/index.ts

@@ -5,45 +5,36 @@ import Credentials from "next-auth/providers/credentials";
 import Discord from "next-auth/providers/discord";
 
 import bcrypt from "bcryptjs";
+import { SecretClient } from "@/lib/secret/init";
 
 const prisma = new PrismaClient();
 
-export const { handlers, signIn, signOut, auth } = NextAuth({
+export const { handlers, signIn, signOut, auth } = NextAuth(async () => {
-  providers: [
+  const sClient = SecretClient();
-    Discord({
-      clientId: process.env.DISCORD_CLIENT_ID,
-      clientSecret: process.env.DISCORD_CLIENT_SECRET,
-    }),
-    Credentials({
-      credentials: {
-        email: {},
-        password: {},
-      },
-      authorize: async (credentials) => {
-        let user = null;
 
-        const pwHash = await saltAndHashPassword(
+  const clientId = await sClient.fetchSecret("discord_client_id");
-          credentials.password as string
+  const clientSecret = await sClient.fetchSecret("discord_client_secret");
-        );
-        user = await prisma.user.findFirst({
-          where: {
-            email: credentials.email as string,
-          },
-          select: {
-            name: true,
-            image: true,
-            email: true,
-            emailVerified: true,
-            username: true,
-            passwordHash: true,
-          },
-        });
 
-        if (!user) {
+  return {
-          user = await prisma.user.create({
+    providers: [
-            data: {
+      Discord({
+        clientId,
+        clientSecret,
+      }),
+      Credentials({
+        credentials: {
+          email: {},
+          password: {},
+        },
+        authorize: async (credentials) => {
+          let user = null;
+
+          const pwHash = await saltAndHashPassword(
+            credentials.password as string
+          );
+          user = await prisma.user.findFirst({
+            where: {
               email: credentials.email as string,
-              passwordHash: pwHash,
             },
             select: {
               name: true,
@@ -51,18 +42,35 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
               email: true,
               emailVerified: true,
               username: true,
+              passwordHash: true,
             },
           });
+
+          if (!user) {
+            user = await prisma.user.create({
+              data: {
+                email: credentials.email as string,
+                passwordHash: pwHash,
+              },
+              select: {
+                name: true,
+                image: true,
+                email: true,
+                emailVerified: true,
+                username: true,
+              },
+            });
+            return user;
+          }
+
+          user.passwordHash = null;
+
           return user;
-        }
+        },
-
+      }),
-        user.passwordHash = null;
+    ],
-
+    adapter: PrismaAdapter(prisma),
-        return user;
+  };
-      },
-    }),
-  ],
-  adapter: PrismaAdapter(prisma),
 });
 async function saltAndHashPassword(password: string) {
   const hash = await bcrypt.hash(password, 10);

lib/secret/init.ts

@@ -5,8 +5,8 @@ if (!globalThis.Secrets) {
     "https://dragonshoard.cyborggrizzly.com",
     process.env.NODE_ENV === "development"
       ? "./.dragonshoard"
-      : "/.dragonshoard",
+      : "/.dragonshoard"
   );
 }
 
-export const SecretClient = () => globalThis.Secrets;
+export const SecretClient = (): DHSecretClient => globalThis.Secrets;