97 lines
3.1 KiB
TypeScript
97 lines
3.1 KiB
TypeScript
'use server'
|
|
|
|
import { infer as zInfer } from 'zod'
|
|
import { LoginSchema } from '@/schemas'
|
|
import { signIn } from '@/config/auth'
|
|
import { DEFAULT_LOGIN_REDIRECT } from '@/config/routes'
|
|
import { AuthError } from 'next-auth'
|
|
import { getUserByEmail } from '@/data/user'
|
|
import { sendTwoFactorTokenEmail, sendVerificationEmail } from '@/actions/send-verification-email'
|
|
import { generateTwoFactorToken } from '@/lib/tokens'
|
|
import { deleteTwoFactorToken, getTwoFactorTokenByEmail } from '@/data/two-factor-token'
|
|
import {
|
|
createTwoFactoComfirmation,
|
|
deleteTwoFactoComfirmation,
|
|
getTwoFactorConfirmationByUserId,
|
|
} from '@/data/two-factor-confirmation'
|
|
import journal from '@/actions/logger'
|
|
|
|
export const login = async (values: zInfer<typeof LoginSchema>) => {
|
|
const validatedFields = LoginSchema.safeParse(values)
|
|
|
|
if (!validatedFields.success) {
|
|
return { error: 'auth.form.error.invalid_fields' }
|
|
}
|
|
|
|
const { email, password, code } = validatedFields.data
|
|
|
|
const existingUser = await getUserByEmail(email)
|
|
|
|
if (!existingUser || !existingUser.email || !existingUser.password) {
|
|
return { error: 'auth.form.error.invalid_credentials' }
|
|
}
|
|
|
|
if (!existingUser.emailVerified) {
|
|
return await sendVerificationEmail(existingUser.email, existingUser.name)
|
|
}
|
|
|
|
if (existingUser.isTwoFactorEnabled && existingUser.email) {
|
|
if (code) {
|
|
const twoFactorToken = await getTwoFactorTokenByEmail(existingUser.email)
|
|
if (!twoFactorToken || twoFactorToken.token !== code) {
|
|
return { error: 'auth.form.error.invalid_code' }
|
|
}
|
|
|
|
const hasExpired = new Date(twoFactorToken.expires) < new Date()
|
|
if (hasExpired) {
|
|
return { error: 'auth.form.error.expired_token' }
|
|
}
|
|
|
|
await deleteTwoFactorToken(twoFactorToken.id)
|
|
|
|
const existingConfirmation = await getTwoFactorConfirmationByUserId(existingUser.id)
|
|
|
|
if (existingConfirmation) {
|
|
await deleteTwoFactoComfirmation(existingConfirmation.id)
|
|
}
|
|
|
|
await createTwoFactoComfirmation(existingUser.id)
|
|
|
|
} else {
|
|
const twoFactorToken = await generateTwoFactorToken(existingUser.email)
|
|
|
|
if (twoFactorToken) {
|
|
const isOk = await sendTwoFactorTokenEmail(twoFactorToken.email, twoFactorToken.token, existingUser.name)
|
|
return { twoFactor: isOk }
|
|
}
|
|
console.error('ERROR.TYPE: could not send token')
|
|
return { error: 'common.something_went_wrong' }
|
|
}
|
|
}
|
|
|
|
try {
|
|
await signIn('credentials', {
|
|
email, password, redirectTo: DEFAULT_LOGIN_REDIRECT,
|
|
})
|
|
} catch (error) {
|
|
if (error instanceof AuthError) {
|
|
switch (error.type) {
|
|
case 'CredentialsSignin':
|
|
return { error: 'auth.form.error.invalid_credentials' }
|
|
case 'AccessDenied':
|
|
return { error: 'auth.form.error.access_denied' }
|
|
default:
|
|
console.error('ERROR.TYPE:', error.type)
|
|
return { error: 'common.something_went_wrong' }
|
|
}
|
|
}
|
|
// TODO: logging must be implemented
|
|
throw error
|
|
}
|
|
}
|
|
|
|
export const SignInProvider = async (provider: 'google' | 'github') => {
|
|
await signIn(provider, {
|
|
redirectTo: DEFAULT_LOGIN_REDIRECT,
|
|
})
|
|
} |