-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.ts
99 lines (78 loc) · 2.56 KB
/
auth.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import type { PrismaClient } from '@prisma/client'
import type { APIGatewayProxyEvent, Context } from 'aws-lambda'
import { DbAuthHandler } from '@redwoodjs/auth-dbauth-api'
import type { DbAuthHandlerOptions } from '@redwoodjs/auth-dbauth-api'
import { bypassDb } from 'src/lib/db'
export const handler = (event: APIGatewayProxyEvent, context: Context) => {
const forgotPasswordOptions: DbAuthHandlerOptions['forgotPassword'] = {
handler: (user) => user,
expires: 60 * 60 * 24,
errors: {
usernameNotFound: 'Username not found',
usernameRequired: 'Username is required',
},
}
const loginOptions: DbAuthHandlerOptions['login'] = {
handler: (user) => user,
expires: 60 * 60 * 24 * 365 * 10,
errors: {
usernameOrPasswordMissing: 'Both username and password are required',
usernameNotFound: 'Username ${username} not found',
incorrectPassword: 'Username ${username} not found',
},
}
const resetPasswordOptions: DbAuthHandlerOptions['resetPassword'] = {
handler: (_user) => true,
allowReusedPassword: false,
errors: {
resetTokenExpired: 'resetToken is expired',
resetTokenInvalid: 'resetToken is invalid',
resetTokenRequired: 'resetToken is required',
reusedPassword: 'Must choose a new password',
},
}
const signupOptions: DbAuthHandlerOptions['signup'] = {
handler: async ({ username, hashedPassword, salt }) => {
return bypassDb.user.create({
data: {
hashedPassword,
salt,
username,
},
})
},
passwordValidation: (_password) => {
return true
},
errors: {
// `field` will be either "username" or "password"
fieldMissing: '${field} is required',
usernameTaken: 'Username `${username}` already in use',
},
}
const authHandler = new DbAuthHandler(event, context, {
db: bypassDb as PrismaClient,
authModelAccessor: 'user',
authFields: {
id: 'id',
username: 'username',
hashedPassword: 'hashedPassword',
salt: 'salt',
resetToken: 'resetToken',
resetTokenExpiresAt: 'resetTokenExpiresAt',
},
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
cookie: {
HttpOnly: true,
Path: '/',
SameSite: 'Strict',
Secure: process.env.NODE_ENV !== 'development',
// Domain: 'example.com',
},
forgotPassword: forgotPasswordOptions,
login: loginOptions,
resetPassword: resetPasswordOptions,
signup: signupOptions,
})
return authHandler.invoke()
}