import { NextAuthOptions } from "next-auth"; import GoogleProvider from "next-auth/providers/google"; import { PrismaAdapter } from "@next-auth/prisma-adapter"; import { PrismaClient } from "@prisma/client"; import { query } from "@/lib/db-postgres"; const prisma = new PrismaClient(); export const authOptions: NextAuthOptions = { adapter: PrismaAdapter(prisma), providers: [ GoogleProvider({ clientId: process.env.GOOGLE_CLIENT_ID || "", clientSecret: process.env.GOOGLE_CLIENT_SECRET || "", }), ], pages: { signIn: "/auth", error: "/auth", }, callbacks: { async session({ session, user }) { if (session.user) { session.user.id = user.id; } return session; }, async signIn({ user }) { if (!user?.email) return true; try { const workspace = user.email.split("@")[0].toLowerCase().replace(/[^a-z0-9]+/g, "-") + "-account"; const data = JSON.stringify({ email: user.email, name: user.name, image: user.image, workspace, }); // Two-step upsert avoids relying on ON CONFLICT expression matching const existing = await query<{ id: string }>( `SELECT id FROM fs_users WHERE data->>'email' = $1 LIMIT 1`, [user.email] ); if (existing.length === 0) { await query( `INSERT INTO fs_users (id, user_id, data) VALUES (gen_random_uuid()::text, $1, $2::jsonb)`, [user.id, data] ); } else { await query( `UPDATE fs_users SET user_id = $1, data = data || $2::jsonb, updated_at = NOW() WHERE id = $3`, [user.id, data, existing[0].id] ); } } catch (e) { console.error("[signIn] Failed to upsert fs_user:", e); } return true; }, }, session: { strategy: "database", maxAge: 30 * 24 * 60 * 60, // 30 days }, secret: process.env.NEXTAUTH_SECRET, cookies: { sessionToken: { name: `__Secure-next-auth.session-token`, options: { httpOnly: true, sameSite: "lax", path: "/", secure: true, domain: ".vibnai.com", // share across all subdomains (theia.vibnai.com, etc.) }, }, }, };