chore(dev): Improve edge compatibility and some other small changes

- Split configs for edge and node specific configs
- Send nodemailer emails using payload email adapter
- Add payload email adapter
- Add discord provider
- Reject users with expired session in authorized callback
- Remove access_token from account
- Add session createdAtField depending on authjs session strategy

Author: CrawlerCode

packages/dev/.env.example

@@ -13,5 +13,5 @@ AUTH_KEYCLOAK_ISSUER=http://localhost:8080/realms/myrealm
 AUTH_KEYCLOAK_ID=client-id
 AUTH_KEYCLOAK_SECRET=
 
-EMAIL_SERVER=
-EMAIL_FROM=
+AUTH_DISCORD_ID=
+AUTH_DISCORD_SECRET=

packages/dev/package.json

@@ -5,6 +5,7 @@
   "private": true,
   "type": "module",
   "scripts": {
+    "dev": "next dev -p 5000",
     "dev:turbo": "next dev -p 5000 --turbopack",
     "payload": "payload",
     "generate:types": "payload generate:types",

packages/dev/project.json

@@ -3,11 +3,6 @@
   "sourceRoot": "packages/dev/src",
   "projectType": "application",
   "targets": {
-    "dev": {
-      "options": {
-        "port": 5000
-      }
-    },
     "start": {
       "options": {
         "port": 5000

packages/dev/src/auth.config.ts renamed to packages/dev/src/auth/base.config.ts

@@ -2,11 +2,8 @@ import jwt from "jsonwebtoken";
 import type { NextAuthConfig } from "next-auth";
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 import type { JWT } from "next-auth/jwt";
-import github from "next-auth/providers/github";
-import keycloak from "next-auth/providers/keycloak";
-import nodemailer from "next-auth/providers/nodemailer";
 import type { PayloadAuthjsUser } from "payload-authjs";
-import type { User as PayloadUser } from "./payload-types";
+import type { User as PayloadUser } from "../payload-types";
 
 declare module "next-auth" {
   // eslint-disable-next-line @typescript-eslint/no-empty-object-type
@@ -27,68 +24,16 @@ declare module "next-auth/jwt" {
     > {}
 }
 
+export const SESSION_STRATEGY: NonNullable<NonNullable<NextAuthConfig["session"]>["strategy"]> =
+  "jwt";
+
 export const authConfig: NextAuthConfig = {
   theme: { logo: "https://authjs.dev/img/logo-sm.png" },
-  providers: [
-    github({
-      allowDangerousEmailAccountLinking: true,
-      /**
-       * Add additional fields to the user on first sign in
-       */
-      profile(profile) {
-        return {
-          // Default fields (@see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts#L176)
-          id: profile.id.toString(),
-          name: profile.name ?? profile.login,
-          email: profile.email,
-          image: profile.avatar_url,
-          // Custom fields
-          additionalUserDatabaseField: `Create by github provider profile callback at ${new Date().toISOString()}`,
-        };
-      },
-      account(tokens) {
-        return {
-          ...tokens,
-          additionalAccountDatabaseField: `Create by github provider profile callback at ${new Date().toISOString()}`,
-        };
-      },
-    }),
-    keycloak({
-      allowDangerousEmailAccountLinking: true,
-      /**
-       * Add additional fields to the user on first sign in
-       */
-      profile(profile) {
-        return {
-          // Default fields
-          id: profile.sub,
-          name: profile.name,
-          email: profile.email,
-          image: profile.picture,
-          // Custom fields
-          locale: profile.locale,
-          additionalUserDatabaseField: `Create by keycloak provider profile callback at ${new Date().toISOString()}`,
-        };
-      },
-      account(tokens) {
-        return {
-          ...tokens,
-          additionalAccountDatabaseField: `Create by keycloak provider profile callback at ${new Date().toISOString()}`,
-        };
-      },
-    }),
-    nodemailer({
-      server: process.env.EMAIL_SERVER,
-      from: process.env.EMAIL_FROM,
-      sendVerificationRequest: ({ url }) => {
-        console.log("nodemailer:", url);
-      },
-    }),
-  ],
+  providers: [],
   session: {
-    strategy: "jwt",
-    //maxAge: 60 * 2 + 30, // 2.5 minutes
-    //updateAge: 60, // 1 minute
+    strategy: SESSION_STRATEGY,
+    maxAge: 60 * 15, // 15 minutes
+    updateAge: 60, // 1 minute
   },
   callbacks: {
     jwt: ({ token, user, account, trigger }) => {
@@ -164,8 +109,17 @@ export const authConfig: NextAuthConfig = {
       return session;
     },
     authorized: ({ auth }) => {
-      // Logged in users are authenticated, otherwise redirect to login page
-      return !!auth;
+      // User is authenticated
+      if (!auth?.user) {
+        return false;
+      }
+
+      // Session in not expired
+      if (new Date() >= new Date(auth.expires)) {
+        return false;
+      }
+
+      return true;
     },
   },
 };

packages/dev/src/auth/edge.config.ts

@@ -0,0 +1,15 @@
+import type { NextAuthConfig } from "next-auth";
+import { authConfig } from "./base.config";
+import { githubProvider } from "./providers/github";
+import { keycloakProvider } from "./providers/keycloak";
+import { discordProvider } from "./providers/discord";
+
+/**
+ * Edge compatible auth config
+ *
+ * @see https://authjs.dev/guides/edge-compatibility
+ */
+export const edgeAuthConfig: NextAuthConfig = {
+  ...authConfig,
+  providers: [githubProvider, keycloakProvider, discordProvider],
+};

packages/dev/src/auth.ts renamed to packages/dev/src/auth/index.ts

@@ -1,11 +1,12 @@
 import payloadConfig from "@payload-config";
 import NextAuth from "next-auth";
+import { getPayload } from "payload";
 import { withPayload } from "payload-authjs";
-import { authConfig } from "./auth.config";
+import { nodeAuthConfig } from "./node.config";
 
 export const { handlers, signIn, signOut, auth } = NextAuth(
-  withPayload(authConfig, {
-    payloadConfig,
+  withPayload(nodeAuthConfig, {
+    payload: getPayload({ config: payloadConfig }),
     events: {
       /**
        * Update user on every sign in

packages/dev/src/auth/node.config.ts

@@ -0,0 +1,11 @@
+import type { NextAuthConfig } from "next-auth";
+import { authConfig } from "./base.config";
+import { discordProvider } from "./providers/discord";
+import { githubProvider } from "./providers/github";
+import { keycloakProvider } from "./providers/keycloak";
+import { nodemailerProvider } from "./providers/nodemailer";
+
+export const nodeAuthConfig: NextAuthConfig = {
+  ...authConfig,
+  providers: [githubProvider, keycloakProvider, discordProvider, nodemailerProvider],
+};

packages/dev/src/auth/providers/discord.ts

@@ -0,0 +1,22 @@
+import discord from "next-auth/providers/discord";
+
+export const discordProvider = discord({
+  allowDangerousEmailAccountLinking: true,
+  /**
+   * Add additional fields to the user on first sign in
+   */
+  async profile(profile, tokens) {
+    return {
+      // Default fields from discord provider
+      ...(await discord({}).profile!(profile, tokens)),
+      // Custom fields
+      additionalUserDatabaseField: `Create by discord provider profile callback at ${new Date().toISOString()}`,
+    };
+  },
+  account(tokens) {
+    return {
+      ...tokens,
+      additionalAccountDatabaseField: `Create by discord provider profile callback at ${new Date().toISOString()}`,
+    };
+  },
+});

packages/dev/src/auth/providers/github.ts

@@ -0,0 +1,25 @@
+import github from "next-auth/providers/github";
+
+export const githubProvider = github({
+  allowDangerousEmailAccountLinking: true,
+  /**
+   * Add additional fields to the user on first sign in
+   */
+  profile(profile) {
+    return {
+      // Default fields (@see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/github.ts#L176)
+      id: profile.id.toString(),
+      name: profile.name ?? profile.login,
+      email: profile.email,
+      image: profile.avatar_url,
+      // Custom fields
+      additionalUserDatabaseField: `Create by github provider profile callback at ${new Date().toISOString()}`,
+    };
+  },
+  account(tokens) {
+    return {
+      ...tokens,
+      additionalAccountDatabaseField: `Create by github provider profile callback at ${new Date().toISOString()}`,
+    };
+  },
+});

packages/dev/src/auth/providers/keycloak.ts

@@ -0,0 +1,26 @@
+import keycloak from "next-auth/providers/keycloak";
+
+export const keycloakProvider = keycloak({
+  allowDangerousEmailAccountLinking: true,
+  /**
+   * Add additional fields to the user on first sign in
+   */
+  profile(profile) {
+    return {
+      // Default fields
+      id: profile.sub,
+      name: profile.name,
+      email: profile.email,
+      image: profile.picture,
+      // Custom fields
+      locale: profile.locale,
+      additionalUserDatabaseField: `Create by keycloak provider profile callback at ${new Date().toISOString()}`,
+    };
+  },
+  account(tokens) {
+    return {
+      ...tokens,
+      additionalAccountDatabaseField: `Create by keycloak provider profile callback at ${new Date().toISOString()}`,
+    };
+  },
+});