Ethan Posts - Answer Overflow

Ethan

•Created by Ethan on 12/21/2023 in #questions

Using next-auth v5 and prisma role based authentication

Please consider the following auth.ts file located in the root of my project.

// auth.ts
export const {
  handlers: { GET, POST },
  auth,
} = NextAuth({
  secret: process.env.NEXTAUTH_SECRET,
  adapter: PrismaAdapter(prisma),
  providers: [
    Discord({
      clientId: process.env.DISCORD_CLIENT_ID ?? "",
      clientSecret: process.env.DISCORD_CLIENT_SECRET ?? "",
    }),
  ],
  callbacks: {
    authorized(params) {
      return !!params.auth?.user;
    },
  },
});

// auth.ts
export const {
  handlers: { GET, POST },
  auth,
} = NextAuth({
  secret: process.env.NEXTAUTH_SECRET,
  adapter: PrismaAdapter(prisma),
  providers: [
    Discord({
      clientId: process.env.DISCORD_CLIENT_ID ?? "",
      clientSecret: process.env.DISCORD_CLIENT_SECRET ?? "",
    }),
  ],
  callbacks: {
    authorized(params) {
      return !!params.auth?.user;
    },
  },
});

When using the session from auth() in my front end, I only get access to the user's email, name, image - but I would like to have access to a database column isMember as defined in my Prisma Schema here:

model Session {
  id           String   @id @default(cuid())
  sessionToken String   @unique
  userId       String
  expires      DateTime
  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model User {
  id            String    @id @default(cuid())
  name          String?
  email         String?   @unique
  emailVerified DateTime?
  image         String?
  accounts      Account[]
  sessions      Session[]
  isMember Boolean @default(false)
}

model Session {
  id           String   @id @default(cuid())
  sessionToken String   @unique
  userId       String
  expires      DateTime
  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model User {
  id            String    @id @default(cuid())
  name          String?
  email         String?   @unique
  emailVerified DateTime?
  image         String?
  accounts      Account[]
  sessions      Session[]
  isMember Boolean @default(false)
}

Does anyone know how I can extend the sessions provider to be able to have access to the isMember value in my database? I hope to access this column value in middleware.ts to only allow users access. Please let me know if I can provide any other information. Thank you.

3 replies

TTCTheo's Typesafe Cult

•Created by Ethan on 5/11/2023 in #questions

Using GithubAPI + NextAuth Github Provider to access a User's repo information.

I am building an app where will allow users to login with Github and view their Github accounts data ( Repos and issues ). A good example would be vercel or netlify, which accesses a user's public repos. I currently have Github Auth Configured...

// auth.ts
 providers: [
    GithubProvider({
      clientId: env.GITHUB_CLIENT_ID,
      clientSecret: env.GITHUB_CLIENT_SECRET,
      // Notice the scope of user here
      authorization: {params: {scope: 'user'}}
    })

// auth.ts
 providers: [
    GithubProvider({
      clientId: env.GITHUB_CLIENT_ID,
      clientSecret: env.GITHUB_CLIENT_SECRET,
      // Notice the scope of user here
      authorization: {params: {scope: 'user'}}
    })

// user.ts

  getUserGithub: protectedProcedure.query(async ({ ctx }) => {
 
    const account = await ctx.prisma.account.findFirst({
      where: {
        userId: ctx.session.user.id,
      },
     include: {
      user: true
     },
    })

    const accessToken = account?.access_token;
    
    const response = await fetch(`https://api.github.com/user`, {
      headers: {Authentication: `Bearer ${accessToken}`}
    });

    const userData = response.json()

    return userData;

  }),

// user.ts

  getUserGithub: protectedProcedure.query(async ({ ctx }) => {
 
    const account = await ctx.prisma.account.findFirst({
      where: {
        userId: ctx.session.user.id,
      },
     include: {
      user: true
     },
    })

    const accessToken = account?.access_token;
    
    const response = await fetch(`https://api.github.com/user`, {
      headers: {Authentication: `Bearer ${accessToken}`}
    });

    const userData = response.json()

    return userData;

  }),

and when attempting to print out the result...

  {JSON.stringify(userAccount.data)}

  {JSON.stringify(userAccount.data)}

...I get the message

"message":"Requires authentication","documentation_url":"https://docs.github.com/rest/reference/users#get-the-authenticated-user"}

I am not sure where I am going wrong. I would attempt to hit the api.github.com/users/{username} endpoint, but I do not have access to the user's {username}. I would appreciate any help and direction others could provide. Thanks !

9 replies

Gaming

Programming