feat(admin-auth): support username login and add dashboard logout
This commit is contained in:
@@ -14,6 +14,7 @@ const DEFAULT_SUPPORT_USERNAME = "support"
|
||||
const DEFAULT_SUPPORT_PASSWORD = "change-me-support-password"
|
||||
const DEFAULT_SUPPORT_NAME = "Technical Support"
|
||||
const DEFAULT_SUPPORT_LOGIN_KEY = "support-access"
|
||||
const USERNAME_MAX_LENGTH = 32
|
||||
|
||||
function resolveAuthSecret(): string {
|
||||
const value = process.env.BETTER_AUTH_SECRET
|
||||
@@ -88,6 +89,116 @@ function resolveBootstrapValue(
|
||||
return fallback
|
||||
}
|
||||
|
||||
function normalizeUsernameCandidate(input: string | null | undefined): string | null {
|
||||
if (!input) {
|
||||
return null
|
||||
}
|
||||
|
||||
const normalized = input
|
||||
.trim()
|
||||
.toLowerCase()
|
||||
.replace(/[^a-z0-9._-]+/g, "-")
|
||||
.replace(/^[._-]+|[._-]+$/g, "")
|
||||
.slice(0, USERNAME_MAX_LENGTH)
|
||||
|
||||
if (!normalized) {
|
||||
return null
|
||||
}
|
||||
|
||||
return normalized
|
||||
}
|
||||
|
||||
function extractEmailLocalPart(email: string): string {
|
||||
return email.split("@")[0] ?? email
|
||||
}
|
||||
|
||||
async function getAvailableUsername(base: string): Promise<string> {
|
||||
const normalizedBase = normalizeUsernameCandidate(base) ?? "user"
|
||||
|
||||
for (let suffix = 0; suffix < 1000; suffix += 1) {
|
||||
const candidate =
|
||||
suffix === 0 ? normalizedBase : `${normalizedBase}-${suffix}`.slice(0, USERNAME_MAX_LENGTH)
|
||||
const existing = await db.user.findUnique({
|
||||
where: { username: candidate },
|
||||
select: { id: true },
|
||||
})
|
||||
|
||||
if (!existing) {
|
||||
return candidate
|
||||
}
|
||||
}
|
||||
|
||||
throw new Error("Unable to allocate unique username")
|
||||
}
|
||||
|
||||
export async function ensureUserUsername(
|
||||
userId: string,
|
||||
options: {
|
||||
preferred?: string | null | undefined
|
||||
fallbackEmail?: string | null | undefined
|
||||
fallbackName?: string | null | undefined
|
||||
} = {},
|
||||
): Promise<string | null> {
|
||||
const user = await db.user.findUnique({
|
||||
where: { id: userId },
|
||||
select: { id: true, username: true, email: true, name: true },
|
||||
})
|
||||
|
||||
if (!user) {
|
||||
return null
|
||||
}
|
||||
|
||||
if (user.username) {
|
||||
return user.username
|
||||
}
|
||||
|
||||
const baseCandidate =
|
||||
normalizeUsernameCandidate(options.preferred) ??
|
||||
normalizeUsernameCandidate(
|
||||
options.fallbackEmail ? extractEmailLocalPart(options.fallbackEmail) : null,
|
||||
) ??
|
||||
normalizeUsernameCandidate(options.fallbackName) ??
|
||||
normalizeUsernameCandidate(extractEmailLocalPart(user.email)) ??
|
||||
normalizeUsernameCandidate(user.name) ??
|
||||
"user"
|
||||
|
||||
const username = await getAvailableUsername(baseCandidate)
|
||||
|
||||
await db.user.update({
|
||||
where: { id: user.id },
|
||||
data: { username },
|
||||
})
|
||||
|
||||
return username
|
||||
}
|
||||
|
||||
export async function resolveEmailFromLoginIdentifier(
|
||||
identifier: string | null | undefined,
|
||||
): Promise<string | null> {
|
||||
const value = identifier?.trim()
|
||||
|
||||
if (!value) {
|
||||
return null
|
||||
}
|
||||
|
||||
if (value.includes("@")) {
|
||||
return value.toLowerCase()
|
||||
}
|
||||
|
||||
const username = normalizeUsernameCandidate(value)
|
||||
|
||||
if (!username) {
|
||||
return null
|
||||
}
|
||||
|
||||
const user = await db.user.findUnique({
|
||||
where: { username },
|
||||
select: { email: true },
|
||||
})
|
||||
|
||||
return user?.email ?? null
|
||||
}
|
||||
|
||||
export const auth = betterAuth({
|
||||
appName: "CMS Admin",
|
||||
baseURL: process.env.BETTER_AUTH_URL ?? adminOrigin,
|
||||
@@ -110,6 +221,11 @@ export const auth = betterAuth({
|
||||
defaultValue: "editor",
|
||||
input: false,
|
||||
},
|
||||
username: {
|
||||
type: "string",
|
||||
required: false,
|
||||
input: false,
|
||||
},
|
||||
isBanned: {
|
||||
type: "boolean",
|
||||
required: true,
|
||||
@@ -146,6 +262,7 @@ let supportBootstrapPromise: Promise<void> | null = null
|
||||
|
||||
type BootstrapUserConfig = {
|
||||
email: string
|
||||
username: string
|
||||
name: string
|
||||
password: string
|
||||
role: Role
|
||||
@@ -187,13 +304,21 @@ async function ensureCredentialUser(config: BootstrapUserConfig): Promise<void>
|
||||
})
|
||||
}
|
||||
|
||||
await ensureUserUsername(existing.user.id, {
|
||||
preferred: config.username,
|
||||
fallbackEmail: existing.user.email,
|
||||
fallbackName: config.name,
|
||||
})
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
const availableUsername = await getAvailableUsername(config.username)
|
||||
const passwordHash = await ctx.password.hash(config.password)
|
||||
const createdUser = await ctx.internalAdapter.createUser({
|
||||
name: config.name,
|
||||
email: normalizedEmail,
|
||||
username: availableUsername,
|
||||
emailVerified: true,
|
||||
role: config.role,
|
||||
isBanned: false,
|
||||
@@ -220,6 +345,7 @@ async function bootstrapSystemUsers(): Promise<void> {
|
||||
|
||||
await ensureCredentialUser({
|
||||
email: supportEmail,
|
||||
username: supportUsername,
|
||||
name: supportName,
|
||||
password: supportPassword,
|
||||
role: "support",
|
||||
|
||||
Reference in New Issue
Block a user