Merge pull request #25 from GreenEarthX/feat/userRegistration

Feat/user registration

Author: MohamedKedim

package-lock.json

@@ -22,6 +22,7 @@
     "next-auth": "^4.24.11",
     "nodemailer": "^6.10.1",
     "oauth2": "^0.0.1",
+    "pg": "^8.16.3",
     "prisma": "^6.10.1",
     "qrcode": "^1.5.4",
     "qrcode.react": "^4.2.0",
@@ -41,6 +42,7 @@
     "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "20.19.9",
     "@types/nodemailer": "^6.4.17",
+    "@types/pg": "^8.16.0",
     "@types/qrcode": "^1.5.5",
     "@types/qrcode.react": "^1.0.5",
     "@types/react": "19.1.8",

package.json

@@ -6,6 +6,7 @@ import bcrypt from 'bcryptjs';
 import { db } from '@/app/lib/prisma';
 import { v4 as uuid } from 'uuid';
 import { sendVerificationEmail } from '@/app/lib/email/email';
+import { upsertCertificationUser, upsertCert2User } from '@/app/lib/user-provisioning';
 import speakeasy from 'speakeasy';
 
 // Extend NextAuth types
@@ -42,6 +43,9 @@ declare module 'next-auth/jwt' {
   }
 }
 
+const isProd = process.env.NODE_ENV === 'production';
+const cookieDomain = process.env.NEXTAUTH_COOKIE_DOMAIN;
+
 export const authOptions: AuthOptions = {
   providers: [
     GoogleProvider({
@@ -74,9 +78,10 @@ export const authOptions: AuthOptions = {
           // Register new user
           const hashedPassword = await bcrypt.hash(credentials.password, 10);
           const verificationToken = uuid();
-          const newUser = await db.user.create({
+          const userId = uuid();
+          await db.user.create({
             data: {
-              id: uuid(),
+              id: userId,
               email: credentials.email,
               name: credentials.name,
               password: hashedPassword,
@@ -86,6 +91,14 @@ export const authOptions: AuthOptions = {
               twoFactorSecret: null,
             },
           });
+          try {
+            await upsertCertificationUser({ email: credentials.email, name: credentials.name, authId: userId });
+            await upsertCert2User({ email: credentials.email, name: credentials.name, authId: userId });
+          } catch (err) {
+            console.error('Provisioning to certification/cert2 failed:', err);
+            await db.user.delete({ where: { id: userId } }).catch(() => null);
+            throw new Error('Signup failed while provisioning accounts. Please try again.');
+          }
           await sendVerificationEmail(credentials.email, verificationToken);
           return null; // must verify before login
         }
@@ -122,6 +135,19 @@ export const authOptions: AuthOptions = {
     strategy: 'jwt',
     maxAge: 60 * 60 * 24 * 30,
   },
+  useSecureCookies: isProd,
+  cookies: {
+    sessionToken: {
+      name: `${isProd ? '__Secure-' : ''}next-auth.session-token`,
+      options: {
+        httpOnly: true,
+        sameSite: 'lax',
+        path: '/',
+        secure: isProd,
+        ...(cookieDomain ? { domain: cookieDomain } : {}),
+      },
+    },
+  },
   callbacks: {
     async jwt({ token, user, account }) {
       if (account?.provider) {
@@ -134,21 +160,44 @@ export const authOptions: AuthOptions = {
         });
 
         if (!existingUser) {
+          const userId = uuid();
           const newUser = await db.user.create({
             data: {
-              id: uuid(),
+              id: userId,
               email: user.email as string,
-              name: user.name as string,
+              name: (user.name as string) ?? '',
               emailVerified: true,
               twoFactorEnabled: false,
               twoFactorSecret: null,
             },
           });
+          try {
+            await upsertCertificationUser({ email: newUser.email, name: newUser.name ?? '', authId: userId });
+            await upsertCert2User({ email: newUser.email, name: newUser.name ?? '', authId: userId });
+          } catch (err) {
+            console.error('Provisioning to certification/cert2 failed:', err);
+            await db.user.delete({ where: { id: userId } }).catch(() => null);
+            throw new Error('Signup failed while provisioning accounts. Please try again.');
+          }
           token.id = newUser.id;
           token.twoFactorEnabled = false;
         } else {
           token.id = existingUser.id;
           token.twoFactorEnabled = existingUser.twoFactorEnabled;
+          try {
+            await upsertCertificationUser({
+              email: existingUser.email,
+              name: existingUser.name ?? '',
+              authId: existingUser.id,
+            });
+            await upsertCert2User({
+              email: existingUser.email,
+              name: existingUser.name ?? '',
+              authId: existingUser.id,
+            });
+          } catch (err) {
+            console.error('Provisioning to certification/cert2 failed for existing user:', err);
+          }
         }
       } else if (user) {
         token.id = user.id;

src/app/lib/auth/nextAuth.ts

@@ -0,0 +1,36 @@
+import { Pool, PoolConfig } from "pg";
+
+function normalizeConnectionString(url: string, preferExplicitSsl: boolean) {
+  if (!preferExplicitSsl) {
+    return url;
+  }
+
+  try {
+    const parsed = new URL(url);
+    if (parsed.searchParams.has("sslmode")) {
+      parsed.searchParams.delete("sslmode");
+      return parsed.toString();
+    }
+  } catch {
+    return url;
+  }
+
+  return url;
+}
+
+function makePool(url: string | undefined, name: string, extraConfig: Partial<PoolConfig> = {}) {
+  if (!url) throw new Error(`${name} is not defined`);
+  const connectionString = normalizeConnectionString(url, Boolean(extraConfig.ssl));
+  return new Pool({
+    connectionString,
+    ...extraConfig,
+    max: 5,
+    idleTimeoutMillis: 30_000,
+    connectionTimeoutMillis: 10_000,
+  });
+}
+
+export const certificationPool = makePool(process.env.CERTIFICATION_DB_URL, "CERTIFICATION_DB_URL");
+export const cert2Pool = makePool(process.env.CERT2_DB_URL, "CERT2_DB_URL", {
+  ssl: { rejectUnauthorized: false },
+});