plebdevs/src/pages/api/auth/[...nextauth].js

import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import EmailProvider from "next-auth/providers/email";
import NDK from "@nostr-dev-kit/ndk";
import { PrismaAdapter } from "@next-auth/prisma-adapter";
import prisma from "@/db/prisma";
import { findKind0Fields } from "@/utils/nostr";
import { generateSecretKey, getPublicKey } from 'nostr-tools/pure'
import { bytesToHex } from '@noble/hashes/utils'
import { updateUser, getUserByPubkey, createUser } from "@/db/models/userModels";
import { createRole } from "@/db/models/roleModels";
import appConfig from "@/config/appConfig";

// todo update EMAIL_FROM to be a plebdevs email
const ndk = new NDK({
    explicitRelayUrls: appConfig.defaultRelayUrls,
});

const authorize = async (pubkey) => {
    await ndk.connect();
    const user = ndk.getUser({ pubkey });

    try {
        const profile = await user.fetchProfile();

        // Check if user exists, create if not
        let dbUser = await getUserByPubkey(pubkey);

        if (dbUser) {
            const fields = await findKind0Fields(profile);
            // Only update 'avatar' or 'username' if they are different from kind0 fields on the dbUser
            const updatedFields = ['avatar', 'username'].reduce((acc, key) => {
                if (fields[key] !== dbUser[key]) {
                    acc[key] = fields[key];
                }
                return acc;
            }, {});

            // if there are updated fields, update the user only with the updated fields
            if (Object.keys(updatedFields).length > 0) {
                dbUser = await updateUser(dbUser.id, updatedFields);
            }

            // Combine user object with kind0Fields, giving priority to kind0Fields
            const combinedUser = { ...dbUser, kind0: fields };

            return combinedUser;
        } else {
            // Create user
            if (profile) {
                const fields = await findKind0Fields(profile);
                const payload = { pubkey, username: fields.username, avatar: fields.avatar };

                if (appConfig.authorPubkeys.includes(pubkey)) {
                    // create a new author role for this user
                    const createdUser = await createUser(payload);
                    const role = await createRole({
                        userId: createdUser.id,
                        admin: true,
                        subscribed: false,
                    });

                    if (!role) {
                        console.error("Failed to create role");
                        return null;
                    }

                    const updatedUser = await updateUser(createdUser.id, { role: role.id });
                    if (!updatedUser) {
                        console.error("Failed to update user");
                        return null;
                    }
                    
                    const fullUser = await getUserByPubkey(pubkey);

                    return { ...fullUser, kind0: fields };
                } else {
                    dbUser = await createUser(payload);
                    return { ...dbUser, kind0: fields };
                }
            }
        }
    } catch (error) {
        console.error("Nostr login error:", error);
    }
    return null;
}

export const authOptions = {
    adapter: PrismaAdapter(prisma),
    providers: [
        CredentialsProvider({
            id: "nostr",
            name: "Nostr",
            credentials: {
                pubkey: { label: "Public Key", type: "text" },
            },
            authorize: async (credentials) => {
                if (credentials?.pubkey) {
                    return await authorize(credentials.pubkey);
                }
                return null;
            },
        }),
        EmailProvider({
            server: {
                host: process.env.EMAIL_SERVER_HOST,
                port: process.env.EMAIL_SERVER_PORT,
                auth: {
                    user: process.env.EMAIL_SERVER_USER,
                    pass: process.env.EMAIL_SERVER_PASSWORD
                }
            },
            from: process.env.EMAIL_FROM
        }),
    ],
    callbacks: {
        async jwt({ token, trigger, user }) {
            if (trigger === "update") {
                // if we trigger an update call the authorize function again
                const newUser = await authorize(token.user.pubkey);
                token.user = newUser;
            }
            // if the user has no pubkey, generate a new key pair
            if (token && token?.user && token?.user?.id && !token.user?.pubkey) {
                try {
                    let sk = generateSecretKey()
                    let pk = getPublicKey(sk)
                    let skHex = bytesToHex(sk)
                    const updatedUser = await updateUser(token.user.id, { pubkey: pk, privkey: skHex });
                    if (!updatedUser) {
                        console.error("Failed to update user");
                        return null;
                    }
                    const fullUser = await getUserByPubkey(pk);
                    token.user = fullUser;
                } catch (error) {
                    console.error("Ephemeral key pair generation error:", error);
                    return null;
                }
            }
            
            if (user) {
                token.user = user;
            }
            return token;
        },
        async session({ session, token }) {
            // Add user from token to session
            session.user = token.user;
            session.jwt = token;
            return session;
        },
        async redirect({ url, baseUrl }) {
            return baseUrl;
        },
        async signOut({ token, session }) {
            token = {}
            session = {}
            return true
        },
    },
    secret: process.env.NEXTAUTH_SECRET,
    session: { strategy: "jwt" },
    jwt: {
        signingKey: process.env.JWT_SECRET,
    },
    pages: {
        signIn: "/auth/signin",
    }
};

export default NextAuth(authOptions);
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`import NextAuth from "next-auth";`
			`import CredentialsProvider from "next-auth/providers/credentials";`
Email login is working 2024-09-06 12:32:23 -05:00			`import EmailProvider from "next-auth/providers/email";`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`import NDK from "@nostr-dev-kit/ndk";`
Email login is working 2024-09-06 12:32:23 -05:00			`import { PrismaAdapter } from "@next-auth/prisma-adapter";`
			`import prisma from "@/db/prisma";`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`import { findKind0Fields } from "@/utils/nostr";`
Email login is working 2024-09-06 12:32:23 -05:00			`import { generateSecretKey, getPublicKey } from 'nostr-tools/pure'`
			`import { bytesToHex } from '@noble/hashes/utils'`
Secure user endponts with session, dont require calling endpoints from nextauth, call models instead so we can completely secure the endpoints 2024-10-02 16:58:36 -05:00			`import { updateUser, getUserByPubkey, createUser } from "@/db/models/userModels";`
Added glow on profile, added isAdmin hook and blocked components / pages that nly admins should access 2024-09-11 16:48:56 -05:00			`import { createRole } from "@/db/models/roleModels";`
Good stuff 2024-09-17 13:55:51 -05:00			`import appConfig from "@/config/appConfig";`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00
Preparing for deployment 2024-09-30 14:50:10 -05:00			`// todo update EMAIL_FROM to be a plebdevs email`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`const ndk = new NDK({`
Good stuff 2024-09-17 13:55:51 -05:00			`explicitRelayUrls: appConfig.defaultRelayUrls,`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`});`

Payment flow for resources works 2024-08-12 17:27:47 -05:00			`const authorize = async (pubkey) => {`
			`await ndk.connect();`
			`const user = ndk.getUser({ pubkey });`

			`try {`
			`const profile = await user.fetchProfile();`

			`// Check if user exists, create if not`
Secure user endponts with session, dont require calling endpoints from nextauth, call models instead so we can completely secure the endpoints 2024-10-02 16:58:36 -05:00			`let dbUser = await getUserByPubkey(pubkey);`
Fix auth bg 2024-10-04 16:41:49 -05:00
Secure user endponts with session, dont require calling endpoints from nextauth, call models instead so we can completely secure the endpoints 2024-10-02 16:58:36 -05:00			`if (dbUser) {`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`const fields = await findKind0Fields(profile);`
Add lud16 to kind0Fields, add kind0 as nested object on user in session, keep it from conflicting with lightningAddress 2024-10-05 16:13:01 -05:00			`// Only update 'avatar' or 'username' if they are different from kind0 fields on the dbUser`
			`const updatedFields = ['avatar', 'username'].reduce((acc, key) => {`
			`if (fields[key] !== dbUser[key]) {`
Fix auth bg 2024-10-04 16:41:49 -05:00			`acc[key] = fields[key];`
			`}`
			`return acc;`
			`}, {});`

			`// if there are updated fields, update the user only with the updated fields`
			`if (Object.keys(updatedFields).length > 0) {`
			`dbUser = await updateUser(dbUser.id, updatedFields);`
			`}`

Payment flow for resources works 2024-08-12 17:27:47 -05:00			`// Combine user object with kind0Fields, giving priority to kind0Fields`
Add lud16 to kind0Fields, add kind0 as nested object on user in session, keep it from conflicting with lightningAddress 2024-10-05 16:13:01 -05:00			`const combinedUser = { ...dbUser, kind0: fields };`
Payment flow for resources works 2024-08-12 17:27:47 -05:00
Fix auth bg 2024-10-04 16:41:49 -05:00			`return combinedUser;`
Secure user endponts with session, dont require calling endpoints from nextauth, call models instead so we can completely secure the endpoints 2024-10-02 16:58:36 -05:00			`} else {`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`// Create user`
			`if (profile) {`
			`const fields = await findKind0Fields(profile);`
Fix lnaddress issue on usercreation 2024-09-30 15:29:52 -05:00			`const payload = { pubkey, username: fields.username, avatar: fields.avatar };`
Payment flow for resources works 2024-08-12 17:27:47 -05:00
Fix auth bg 2024-10-04 16:41:49 -05:00			`if (appConfig.authorPubkeys.includes(pubkey)) {`
			`// create a new author role for this user`
			`const createdUser = await createUser(payload);`
			`const role = await createRole({`
			`userId: createdUser.id,`
			`admin: true,`
			`subscribed: false,`
			`});`

			`if (!role) {`
			`console.error("Failed to create role");`
			`return null;`
			`}`

			`const updatedUser = await updateUser(createdUser.id, { role: role.id });`
			`if (!updatedUser) {`
			`console.error("Failed to update user");`
			`return null;`
			`}`

			`const fullUser = await getUserByPubkey(pubkey);`

Add lud16 to kind0Fields, add kind0 as nested object on user in session, keep it from conflicting with lightningAddress 2024-10-05 16:13:01 -05:00			`return { ...fullUser, kind0: fields };`
Fix auth bg 2024-10-04 16:41:49 -05:00			`} else {`
			`dbUser = await createUser(payload);`
Add lud16 to kind0Fields, add kind0 as nested object on user in session, keep it from conflicting with lightningAddress 2024-10-05 16:13:01 -05:00			`return { ...dbUser, kind0: fields };`
Fix auth bg 2024-10-04 16:41:49 -05:00			`}`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`}`
			`}`
			`} catch (error) {`
			`console.error("Nostr login error:", error);`
			`}`
			`return null;`
			`}`

Signed authenticated video urls work through digital ocean, just a simple example down for now 2024-09-08 18:41:51 -05:00			`export const authOptions = {`
Email login is working 2024-09-06 12:32:23 -05:00			`adapter: PrismaAdapter(prisma),`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`providers: [`
			`CredentialsProvider({`
			`id: "nostr",`
			`name: "Nostr",`
			`credentials: {`
			`pubkey: { label: "Public Key", type: "text" },`
			`},`
			`authorize: async (credentials) => {`
			`if (credentials?.pubkey) {`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`return await authorize(credentials.pubkey);`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`}`
			`return null;`
			`},`
			`}),`
Email login is working 2024-09-06 12:32:23 -05:00			`EmailProvider({`
			`server: {`
			`host: process.env.EMAIL_SERVER_HOST,`
			`port: process.env.EMAIL_SERVER_PORT,`
			`auth: {`
			`user: process.env.EMAIL_SERVER_USER,`
			`pass: process.env.EMAIL_SERVER_PASSWORD`
			`}`
			`},`
			`from: process.env.EMAIL_FROM`
			`}),`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`],`
			`callbacks: {`
Payment flow for resources works 2024-08-12 17:27:47 -05:00			`async jwt({ token, trigger, user }) {`
			`if (trigger === "update") {`
			`// if we trigger an update call the authorize function again`
			`const newUser = await authorize(token.user.pubkey);`
			`token.user = newUser;`
			`}`
Email login is working 2024-09-06 12:32:23 -05:00			`// if the user has no pubkey, generate a new key pair`
			`if (token && token?.user && token?.user?.id && !token.user?.pubkey) {`
			`try {`
Fix auth bg 2024-10-04 16:41:49 -05:00			`let sk = generateSecretKey()`
Email login is working 2024-09-06 12:32:23 -05:00			`let pk = getPublicKey(sk)`
			`let skHex = bytesToHex(sk)`
Fix auth bg 2024-10-04 16:41:49 -05:00			`const updatedUser = await updateUser(token.user.id, { pubkey: pk, privkey: skHex });`
Email login is working 2024-09-06 12:32:23 -05:00			`if (!updatedUser) {`
			`console.error("Failed to update user");`
			`return null;`
			`}`
Add lud16 to kind0Fields, add kind0 as nested object on user in session, keep it from conflicting with lightningAddress 2024-10-05 16:13:01 -05:00			`const fullUser = await getUserByPubkey(pk);`
			`token.user = fullUser;`
Email login is working 2024-09-06 12:32:23 -05:00			`} catch (error) {`
			`console.error("Ephemeral key pair generation error:", error);`
			`return null;`
			`}`
			`}`
Add lud16 to kind0Fields, add kind0 as nested object on user in session, keep it from conflicting with lightningAddress 2024-10-05 16:13:01 -05:00
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`if (user) {`
JWT in place 2024-08-07 17:06:53 -05:00			`token.user = user;`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`}`
			`return token;`
			`},`
			`async session({ session, token }) {`
JWT in place 2024-08-07 17:06:53 -05:00			`// Add user from token to session`
			`session.user = token.user;`
			`session.jwt = token;`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`return session;`
			`},`
			`async redirect({ url, baseUrl }) {`
JWT in place 2024-08-07 17:06:53 -05:00			`return baseUrl;`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`},`
Update ndk context to not initiate signer, add purchasedListItem for /profile data table 2024-08-13 16:28:25 -05:00			`async signOut({ token, session }) {`
			`token = {}`
			`session = {}`
			`return true`
Fix auth bg 2024-10-04 16:41:49 -05:00			`},`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`},`
			`secret: process.env.NEXTAUTH_SECRET,`
JWT in place 2024-08-07 17:06:53 -05:00			`session: { strategy: "jwt" },`
Removed local storage and using next-auth with session for login and authentication 2024-08-07 16:02:13 -05:00			`jwt: {`
			`signingKey: process.env.JWT_SECRET,`
			`},`
			`pages: {`
			`signIn: "/auth/signin",`
paid video flow with digital ocean cdn is working, just need to scope it by purchase / subscription now 2024-09-09 15:44:18 -05:00			`}`
Signed authenticated video urls work through digital ocean, just a simple example down for now 2024-09-08 18:41:51 -05:00			`};`

			`export default NextAuth(authOptions);`