inlines secret fetching for auth to remove postinstall step

2024-08-20 08:25:02 -06:00 · 2024-08-20 08:25:02 -06:00 · 545656cf22
commit 545656cf22
parent 5f2243b49a
2 changed files with 52 additions and 44 deletions
--- a/auth/index.ts
+++ b/auth/index.ts
@ -5,45 +5,36 @@ import Credentials from "next-auth/providers/credentials";
 import Discord from "next-auth/providers/discord";

 import bcrypt from "bcryptjs";
+import { SecretClient } from "@/lib/secret/init";

 const prisma = new PrismaClient();

-export const { handlers, signIn, signOut, auth } = NextAuth({
-  providers: [
-    Discord({
-      clientId: process.env.DISCORD_CLIENT_ID,
-      clientSecret: process.env.DISCORD_CLIENT_SECRET,
-    }),
-    Credentials({
-      credentials: {
-        email: {},
-        password: {},
-      },
-      authorize: async (credentials) => {
-        let user = null;
+export const { handlers, signIn, signOut, auth } = NextAuth(async () => {
+  const sClient = SecretClient();

-        const pwHash = await saltAndHashPassword(
-          credentials.password as string
-        );
-        user = await prisma.user.findFirst({
-          where: {
-            email: credentials.email as string,
-          },
-          select: {
-            name: true,
-            image: true,
-            email: true,
-            emailVerified: true,
-            username: true,
-            passwordHash: true,
-          },
-        });
+  const clientId = await sClient.fetchSecret("discord_client_id");
+  const clientSecret = await sClient.fetchSecret("discord_client_secret");

-        if (!user) {
-          user = await prisma.user.create({
-            data: {
+  return {
+    providers: [
+      Discord({
+        clientId,
+        clientSecret,
+      }),
+      Credentials({
+        credentials: {
+          email: {},
+          password: {},
+        },
+        authorize: async (credentials) => {
+          let user = null;
+
+          const pwHash = await saltAndHashPassword(
+            credentials.password as string
+          );
+          user = await prisma.user.findFirst({
+            where: {
              email: credentials.email as string,
-              passwordHash: pwHash,
            },
            select: {
              name: true,
@ -51,18 +42,35 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
              email: true,
              emailVerified: true,
              username: true,
+              passwordHash: true,
            },
          });
+
+          if (!user) {
+            user = await prisma.user.create({
+              data: {
+                email: credentials.email as string,
+                passwordHash: pwHash,
+              },
+              select: {
+                name: true,
+                image: true,
+                email: true,
+                emailVerified: true,
+                username: true,
+              },
+            });
+            return user;
+          }
+
+          user.passwordHash = null;
+
          return user;
-        }
-
-        user.passwordHash = null;
-
-        return user;
-      },
-    }),
-  ],
-  adapter: PrismaAdapter(prisma),
+        },
+      }),
+    ],
+    adapter: PrismaAdapter(prisma),
+  };
 });
 async function saltAndHashPassword(password: string) {
  const hash = await bcrypt.hash(password, 10);
--- a/lib/secret/init.ts
+++ b/lib/secret/init.ts
@ -5,8 +5,8 @@ if (!globalThis.Secrets) {
    "https://dragonshoard.cyborggrizzly.com",
    process.env.NODE_ENV === "development"
      ? "./.dragonshoard"
-      : "/.dragonshoard",
+      : "/.dragonshoard"
  );
 }

-export const SecretClient = () => globalThis.Secrets;
+export const SecretClient = (): DHSecretClient => globalThis.Secrets;