added mail service

config/auth.ts

@@ -0,0 +1,75 @@
+import NextAuth from 'next-auth'
+import { UserRole } from '@prisma/client'
+import { PrismaAdapter } from '@auth/prisma-adapter'
+import { db } from '@/lib/db'
+import authConfig from '@/auth.config'
+import { getUserById } from '@/data/user'
+import { AUTH_ERROR_URL, AUTH_LOGIN_URL } from '@/config/routes'
+
+declare module 'next-auth' {
+  interface Session {
+    user: { role: UserRole }
+  }
+}
+
+export const VERIFICATION_TOKEN_EXPIRATION_DURATION = 3_600_000
+
+export const {
+  handlers: { GET, POST },
+  auth,
+  signIn,
+  signOut,
+} = NextAuth({
+  pages: {
+    signIn: AUTH_LOGIN_URL,
+    error: AUTH_ERROR_URL,
+  },
+  events: {
+    async linkAccount ({ user }) {
+      await db.user.update({
+        where: { id: user.id as string },
+        data: { emailVerified: new Date() },
+      })
+    },
+  },
+  callbacks: {
+    async signIn ({ user, account }) {
+      // Bypass email verification when Oauth are being used
+      if (account?.provider !== 'credentials') return true
+
+      const existingUser = await getUserById(user.id as string)
+
+      // Prevent sign in without email verification
+      if (!existingUser?.emailVerified) return false
+
+      // TODO: Add 2FA check
+
+      return true
+    },
+    async session ({ token, session }) {
+      if (token.sub && session.user) {
+        session.user.id = token.sub
+      }
+
+      if (token.role && session.user) {
+        session.user.role = token.role as UserRole
+      }
+
+      return session
+    },
+    async jwt ({ token }) {
+      if (!token.sub) return token
+
+      const existingUser = await getUserById(token.sub)
+      
+      if (!existingUser) return token
+
+      token.role = existingUser.role
+
+      return token
+    },
+  },
+  adapter: PrismaAdapter(db),
+  session: { strategy: 'jwt' },
+  ...authConfig,
+})