Hartmut
bf8577dbaf
- Split auth config into auth.config.ts (edge-safe, no argon2) and auth-edge.ts for middleware use; auth.ts now spreads the shared config - Middleware wraps with auth() to redirect unauthenticated requests to /auth/signin before any page render; passes through /auth/, /api/, /invite/ paths - SessionGuard client component watches useSession() and redirects on status=unauthenticated, closing the SPA navigation gap - QueryCache + MutationCache in TRPCProvider redirect on UNAUTHORIZED tRPC errors without retrying; SessionProvider polls session state every 5 minutes - Middleware tests updated for async auth wrapper and auth-edge mock Co-Authored-By: claude-flow <ruv@ruv.net>
46 lines
1.2 KiB
TypeScript
46 lines
1.2 KiB
TypeScript
import type { NextAuthConfig } from "next-auth";
|
|
|
|
// Edge-safe auth config — no native modules (no argon2, no prisma).
|
|
// Used by auth-edge.ts (middleware) to verify JWT sessions without
|
|
// pulling in Node.js-only packages into the Edge runtime.
|
|
export const authConfig = {
|
|
pages: {
|
|
signIn: "/auth/signin",
|
|
},
|
|
providers: [],
|
|
session: {
|
|
strategy: "jwt",
|
|
maxAge: 28800, // 8 hours absolute timeout
|
|
updateAge: 1800, // refresh token every 30 minutes
|
|
},
|
|
cookies: {
|
|
sessionToken: {
|
|
name: "authjs.session-token",
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "strict" as const,
|
|
path: "/",
|
|
secure: process.env.NODE_ENV === "production",
|
|
},
|
|
},
|
|
callbackUrl: {
|
|
name: "authjs.callback-url",
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "strict" as const,
|
|
path: "/",
|
|
secure: process.env.NODE_ENV === "production",
|
|
},
|
|
},
|
|
csrfToken: {
|
|
name: "authjs.csrf-token",
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "strict" as const,
|
|
path: "/",
|
|
secure: process.env.NODE_ENV === "production",
|
|
},
|
|
},
|
|
},
|
|
} satisfies NextAuthConfig;
|