plebdevs/src/pages/api/auth/[...nextauth].js

import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import EmailProvider from "next-auth/providers/email";
import NDK from "@nostr-dev-kit/ndk";
import axios from "axios";
import { PrismaAdapter } from "@next-auth/prisma-adapter";
import prisma from "@/db/prisma";
import { findKind0Fields } from "@/utils/nostr";
import { generateSecretKey, getPublicKey } from 'nostr-tools/pure'
import { bytesToHex } from '@noble/hashes/utils'
import { updateUser } from "@/db/models/userModels";
import { createRole } from "@/db/models/roleModels";
import appConfig from "@/config/appConfig";

const BASE_URL = process.env.BASE_URL;

const ndk = new NDK({
    explicitRelayUrls: appConfig.defaultRelayUrls,
});

const authorize = async (pubkey) => {
    await ndk.connect();
    const user = ndk.getUser({ pubkey });

    try {
        const profile = await user.fetchProfile();

        // Check if user exists, create if not
        const response = await axios.get(`${BASE_URL}/api/users/${pubkey}`);
        if (response.status === 200 && response.data) {
            const fields = await findKind0Fields(profile);

            // Combine user object with kind0Fields, giving priority to kind0Fields
            const combinedUser = { ...fields, ...response.data };

            // Update the user on the backend if necessary
            // await axios.put(`${BASE_URL}/api/users/${combinedUser.id}`, combinedUser);

            return combinedUser;
        } else if (response.status === 204) {
            // Create user
            if (profile) {
                const fields = await findKind0Fields(profile);
                const payload = { pubkey, ...fields };

                const createUserResponse = await axios.post(`${BASE_URL}/api/users`, payload);
                return createUserResponse.data;
            }
        }
    } catch (error) {
        console.error("Nostr login error:", error);
    }
    return null;
}

export const authOptions = {
    adapter: PrismaAdapter(prisma),
    providers: [
        CredentialsProvider({
            id: "nostr",
            name: "Nostr",
            credentials: {
                pubkey: { label: "Public Key", type: "text" },
            },
            authorize: async (credentials) => {
                if (credentials?.pubkey) {
                    return await authorize(credentials.pubkey);
                }
                return null;
            },
        }),
        EmailProvider({
            server: {
                host: process.env.EMAIL_SERVER_HOST,
                port: process.env.EMAIL_SERVER_PORT,
                auth: {
                    user: process.env.EMAIL_SERVER_USER,
                    pass: process.env.EMAIL_SERVER_PASSWORD
                }
            },
            from: process.env.EMAIL_FROM
        }),
    ],
    callbacks: {
        async jwt({ token, trigger, user }) {
            if (trigger === "update") {
                // if we trigger an update call the authorize function again
                const newUser = await authorize(token.user.pubkey);
                token.user = newUser;
            }
            // if the user has no pubkey, generate a new key pair
            if (token && token?.user && token?.user?.id && !token.user?.pubkey) {
                try {
                    let sk = generateSecretKey() 
                    let pk = getPublicKey(sk)
                    let skHex = bytesToHex(sk)
                    const updatedUser = await updateUser(token.user.id, {pubkey: pk, privkey: skHex});
                    if (!updatedUser) {
                        console.error("Failed to update user");
                        return null;
                    }
                    token.user = updatedUser;
                } catch (error) {
                    console.error("Ephemeral key pair generation error:", error);
                    return null;
                }
            }

            // todo this does not work on first login only the second time
            if (user && appConfig.authorPubkeys.includes(user?.pubkey) && !user?.role) {
                // create a new author role for this user
                const role = await createRole({
                    userId: user.id,
                    admin: true,
                    subscribed: false,
                });

                console.log("role", role);

                if (!role) {
                    console.error("Failed to create role");
                    return null;
                }

                const updatedUser = await updateUser(user.id, {role: role.id});
                if (!updatedUser) {
                    console.error("Failed to update user");
                    return null;
                }
                token.user = updatedUser;
            }

            // Add combined user object to the token
            if (user) {
                token.user = user;
            }
            return token;
        },
        async session({ session, token }) {
            // Add user from token to session
            session.user = token.user;
            session.jwt = token;
            return session;
        },
        async redirect({ url, baseUrl }) {
            return baseUrl;
        },
        async signOut({ token, session }) {
            token = {}
            session = {}
            return true
          },
    },
    secret: process.env.NEXTAUTH_SECRET,
    session: { strategy: "jwt" },
    jwt: {
        signingKey: process.env.JWT_SECRET,
    },
    pages: {
        signIn: "/auth/signin",
    }
};

export default NextAuth(authOptions);
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`import NextAuth from "next-auth";`
			`import CredentialsProvider from "next-auth/providers/credentials";`
Email login is working 2024-09-06 12:32:23 -05:00			`import EmailProvider from "next-auth/providers/email";`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`import NDK from "@nostr-dev-kit/ndk";`
			`import axios from "axios";`
Email login is working 2024-09-06 12:32:23 -05:00			`import { PrismaAdapter } from "@next-auth/prisma-adapter";`
			`import prisma from "@/db/prisma";`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`import { findKind0Fields } from "@/utils/nostr";`
Email login is working 2024-09-06 12:32:23 -05:00			`import { generateSecretKey, getPublicKey } from 'nostr-tools/pure'`
			`import { bytesToHex } from '@noble/hashes/utils'`
			`import { updateUser } from "@/db/models/userModels";`
Added glow on profile, added isAdmin hook and blocked components / pages that nly admins should access 2024-09-11 16:48:56 -05:00			`import { createRole } from "@/db/models/roleModels";`
Good stuff 2024-09-17 13:55:51 -05:00			`import appConfig from "@/config/appConfig";`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00
			`const BASE_URL = process.env.BASE_URL;`

			`const ndk = new NDK({`
Good stuff 2024-09-17 13:55:51 -05:00			`explicitRelayUrls: appConfig.defaultRelayUrls,`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`});`

Payment flow for resources works 2024-08-12 17:27:47 -05:00			`const authorize = async (pubkey) => {`
			`await ndk.connect();`
			`const user = ndk.getUser({ pubkey });`

			`try {`
			`const profile = await user.fetchProfile();`

			`// Check if user exists, create if not`
			const response = await axios.get(`${BASE_URL}/api/users/${pubkey}`);
			`if (response.status === 200 && response.data) {`
			`const fields = await findKind0Fields(profile);`

			`// Combine user object with kind0Fields, giving priority to kind0Fields`
			`const combinedUser = { ...fields, ...response.data };`

			`// Update the user on the backend if necessary`
			// await axios.put(`${BASE_URL}/api/users/${combinedUser.id}`, combinedUser);

			`return combinedUser;`
			`} else if (response.status === 204) {`
			`// Create user`
			`if (profile) {`
			`const fields = await findKind0Fields(profile);`
			`const payload = { pubkey, ...fields };`

			const createUserResponse = await axios.post(`${BASE_URL}/api/users`, payload);
			`return createUserResponse.data;`
			`}`
			`}`
			`} catch (error) {`
			`console.error("Nostr login error:", error);`
			`}`
			`return null;`
			`}`

Signed authenticated video urls work through digital ocean, just a simple example down for now 2024-09-08 18:41:51 -05:00			`export const authOptions = {`
Email login is working 2024-09-06 12:32:23 -05:00			`adapter: PrismaAdapter(prisma),`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`providers: [`
			`CredentialsProvider({`
			`id: "nostr",`
			`name: "Nostr",`
			`credentials: {`
			`pubkey: { label: "Public Key", type: "text" },`
			`},`
			`authorize: async (credentials) => {`
			`if (credentials?.pubkey) {`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`return await authorize(credentials.pubkey);`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`}`
			`return null;`
			`},`
			`}),`
Email login is working 2024-09-06 12:32:23 -05:00			`EmailProvider({`
			`server: {`
			`host: process.env.EMAIL_SERVER_HOST,`
			`port: process.env.EMAIL_SERVER_PORT,`
			`auth: {`
			`user: process.env.EMAIL_SERVER_USER,`
			`pass: process.env.EMAIL_SERVER_PASSWORD`
			`}`
			`},`
			`from: process.env.EMAIL_FROM`
			`}),`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`],`
			`callbacks: {`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`async jwt({ token, trigger, user }) {`
			`if (trigger === "update") {`
			`// if we trigger an update call the authorize function again`
			`const newUser = await authorize(token.user.pubkey);`
			`token.user = newUser;`
			`}`
Email login is working 2024-09-06 12:32:23 -05:00			`// if the user has no pubkey, generate a new key pair`
			`if (token && token?.user && token?.user?.id && !token.user?.pubkey) {`
			`try {`
			`let sk = generateSecretKey()`
			`let pk = getPublicKey(sk)`
			`let skHex = bytesToHex(sk)`
			`const updatedUser = await updateUser(token.user.id, {pubkey: pk, privkey: skHex});`
			`if (!updatedUser) {`
			`console.error("Failed to update user");`
			`return null;`
			`}`
			`token.user = updatedUser;`
			`} catch (error) {`
			`console.error("Ephemeral key pair generation error:", error);`
			`return null;`
			`}`
			`}`

Implemented document progress tracking based on read time, got video progress tracking working with Youtube embeds 2024-09-19 17:33:22 -05:00			`// todo this does not work on first login only the second time`
Good stuff 2024-09-17 13:55:51 -05:00			`if (user && appConfig.authorPubkeys.includes(user?.pubkey) && !user?.role) {`
Added glow on profile, added isAdmin hook and blocked components / pages that nly admins should access 2024-09-11 16:48:56 -05:00			`// create a new author role for this user`
			`const role = await createRole({`
			`userId: user.id,`
			`admin: true,`
			`subscribed: false,`
			`});`

Small styling fixes, also tested auth with new appConfig with multiple author pubkeys, also added i tag to videos 2024-09-17 18:06:03 -05:00			`console.log("role", role);`

Added glow on profile, added isAdmin hook and blocked components / pages that nly admins should access 2024-09-11 16:48:56 -05:00			`if (!role) {`
			`console.error("Failed to create role");`
			`return null;`
			`}`

			`const updatedUser = await updateUser(user.id, {role: role.id});`
			`if (!updatedUser) {`
			`console.error("Failed to update user");`
			`return null;`
			`}`
			`token.user = updatedUser;`
			`}`

A lotta good stuff 2024-08-09 14:28:57 -05:00			`// Add combined user object to the token`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`if (user) {`
JWT in place 2024-08-07 17:06:53 -05:00			`token.user = user;`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`}`
			`return token;`
			`},`
			`async session({ session, token }) {`
JWT in place 2024-08-07 17:06:53 -05:00			`// Add user from token to session`
			`session.user = token.user;`
			`session.jwt = token;`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`return session;`
			`},`
			`async redirect({ url, baseUrl }) {`
JWT in place 2024-08-07 17:06:53 -05:00			`return baseUrl;`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`},`
Update ndk context to not initiate signer, add purchasedListItem for /profile data table 2024-08-13 16:28:25 -05:00			`async signOut({ token, session }) {`
			`token = {}`
			`session = {}`
			`return true`
			`},`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`},`
			`secret: process.env.NEXTAUTH_SECRET,`
JWT in place 2024-08-07 17:06:53 -05:00			`session: { strategy: "jwt" },`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`jwt: {`
			`signingKey: process.env.JWT_SECRET,`
			`},`
			`pages: {`
			`signIn: "/auth/signin",`
paid video flow with digital ocean cdn is working, just need to scope it by purchase / subscription now 2024-09-09 15:44:18 -05:00			`}`
Signed authenticated video urls work through digital ocean, just a simple example down for now 2024-09-08 18:41:51 -05:00			`};`

			`export default NextAuth(authOptions);`