mirror of
https://github.com/documenso/documenso.git
synced 2025-11-21 12:11:29 +10:00
113 lines
2.6 KiB
TypeScript
113 lines
2.6 KiB
TypeScript
import { compare, hash } from '@node-rs/bcrypt';
|
|
import { betterAuth } from 'better-auth';
|
|
import { prismaAdapter } from 'better-auth/adapters/prisma';
|
|
import { twoFactor } from 'better-auth/plugins';
|
|
|
|
import { getAuthenticatorOptions } from '@documenso/lib/utils/authenticator';
|
|
import { prisma } from '@documenso/prisma';
|
|
|
|
import { passkeyPlugin } from './auth/passkey-plugin';
|
|
|
|
// todo: import from @documenso/lib/constants/auth
|
|
export const SALT_ROUNDS = 12;
|
|
|
|
const passkeyOptions = getAuthenticatorOptions();
|
|
|
|
export const auth = betterAuth({
|
|
appName: 'Documenso',
|
|
plugins: [
|
|
twoFactor({
|
|
issuer: 'Documenso',
|
|
skipVerificationOnEnable: true,
|
|
// totpOptions: {
|
|
|
|
// },
|
|
schema: {
|
|
twoFactor: {
|
|
modelName: 'TwoFactor',
|
|
fields: {
|
|
userId: 'userId',
|
|
secret: 'secret',
|
|
backupCodes: 'backupCodes',
|
|
},
|
|
},
|
|
},
|
|
// todo: add options
|
|
}),
|
|
passkeyPlugin(),
|
|
// passkey({
|
|
// rpID: passkeyOptions.rpId,
|
|
// rpName: passkeyOptions.rpName,
|
|
// origin: passkeyOptions.origin,
|
|
// schema: {
|
|
// passkey: {
|
|
// fields: {
|
|
// publicKey: 'credentialPublicKey',
|
|
// credentialID: 'credentialId',
|
|
// deviceType: 'credentialDeviceType',
|
|
// backedUp: 'credentialBackedUp',
|
|
// // transports: '',
|
|
// },
|
|
// },
|
|
// },
|
|
// }),
|
|
],
|
|
secret: 'secret', // todo
|
|
database: prismaAdapter(prisma, {
|
|
provider: 'postgresql',
|
|
}),
|
|
databaseHooks: {
|
|
account: {
|
|
create: {
|
|
before: (session) => {
|
|
return {
|
|
data: {
|
|
...session,
|
|
accountId: session.accountId.toString(),
|
|
},
|
|
};
|
|
},
|
|
},
|
|
},
|
|
},
|
|
session: {
|
|
fields: {
|
|
token: 'sessionToken',
|
|
expiresAt: 'expires',
|
|
},
|
|
},
|
|
user: {
|
|
fields: {
|
|
emailVerified: 'isEmailVerified',
|
|
},
|
|
},
|
|
account: {
|
|
fields: {
|
|
providerId: 'provider',
|
|
accountId: 'providerAccountId',
|
|
refreshToken: 'refresh_token',
|
|
accessToken: 'access_token',
|
|
idToken: 'id_token',
|
|
},
|
|
},
|
|
advanced: {
|
|
generateId: false,
|
|
},
|
|
socialProviders: {
|
|
google: {
|
|
clientId: '',
|
|
clientSecret: '',
|
|
},
|
|
},
|
|
emailAndPassword: {
|
|
enabled: true,
|
|
requireEmailVerification: false,
|
|
// maxPasswordLength: 128,
|
|
// minPasswordLength: 8,
|
|
password: {
|
|
hash: async (password) => hash(password, SALT_ROUNDS),
|
|
verify: async ({ hash, password }) => compare(password, hash),
|
|
},
|
|
},
|
|
});
|