feat: 配置 NextAuth.js 认证系统

- 支持邮箱密码登录
- 支持 Magic Link 登录（Resend）
- 配置 Session Provider
- 添加 TypeScript 类型定义

.gitignore

@@ -39,8 +39,8 @@ dist/
 downloads/
 eggs/
 .eggs/
-lib/
-lib64/
+/lib/
+/lib64/
 parts/
 sdist/
 var/

src/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,6 @@
+import NextAuth from 'next-auth';
+import { authOptions } from '@/lib/auth';
+
+const handler = NextAuth(authOptions);
+
+export { handler as GET, handler as POST };

src/app/layout.tsx

@@ -6,6 +6,7 @@ import { WebVitals } from "@/components/analytics/web-vitals";
 import { OrganizationSchema, WebsiteSchema } from "@/components/seo/structured-data";
 import { MobileTabBar } from "@/components/layout/mobile-tab-bar";
 import { ErrorBoundary } from "@/components/ui/error-boundary";
+import { SessionProvider } from "@/providers/session-provider";
 
 const geistSans = Geist({
   variable: "--font-geist-sans",
@@ -136,11 +137,13 @@ export default function RootLayout({
         style={{ fontFamily: "'Noto Sans SC', 'Geist', -apple-system, BlinkMacSystemFont, sans-serif" }}
       >
         <WebVitals />
-        <ThemeProvider>
-          <ErrorBoundary>
-            {children}
-          </ErrorBoundary>
-        </ThemeProvider>
+        <SessionProvider>
+          <ThemeProvider>
+            <ErrorBoundary>
+              {children}
+            </ErrorBoundary>
+          </ThemeProvider>
+        </SessionProvider>
         <MobileTabBar />
       </body>
     </html>

src/lib/auth.ts

@@ -0,0 +1,106 @@
+import { NextAuthOptions } from 'next-auth';
+import CredentialsProvider from 'next-auth/providers/credentials';
+import EmailProvider from 'next-auth/providers/email';
+import { Resend } from 'resend';
+import { db } from '@/db';
+import { users } from '@/db/schema';
+import { eq } from 'drizzle-orm';
+import bcrypt from 'bcryptjs';
+
+const resend = new Resend(process.env.RESEND_API_KEY);
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    CredentialsProvider({
+      name: '邮箱密码',
+      credentials: {
+        email: { label: '邮箱', type: 'email' },
+        password: { label: '密码', type: 'password' },
+      },
+      async authorize(credentials) {
+        if (!credentials?.email || !credentials?.password) {
+          return null;
+        }
+
+        const user = await db
+          .select()
+          .from(users)
+          .where(eq(users.email, credentials.email))
+          .limit(1);
+
+        if (user.length === 0) {
+          return null;
+        }
+
+        const isValid = await bcrypt.compare(
+          credentials.password,
+          user[0].passwordHash || ''
+        );
+
+        if (!isValid) {
+          return null;
+        }
+
+        return {
+          id: user[0].id,
+          email: user[0].email,
+          name: user[0].name,
+          role: user[0].role,
+        };
+      },
+    }),
+    EmailProvider({
+      server: {},
+      from: process.env.EMAIL_FROM || 'noreply@novalon.cn',
+      sendVerificationRequest: async ({ identifier: email, url }) => {
+        try {
+          await resend.emails.send({
+            from: process.env.EMAIL_FROM || 'noreply@novalon.cn',
+            to: email,
+            subject: '睿新致遠 - 登录验证链接',
+            html: `
+              <div style="font-family: sans-serif; max-width: 600px; margin: 0 auto;">
+                <h2 style="color: #C41E3A;">睿新致遠管理后台登录</h2>
+                <p>您好！</p>
+                <p>您收到这封邮件是因为您请求登录睿新致遠管理后台。</p>
+                <p>请点击下方按钮完成登录：</p>
+                <a href="${url}" style="display: inline-block; padding: 12px 24px; background-color: #C41E3A; color: white; text-decoration: none; border-radius: 6px; margin: 16px 0;">
+                  立即登录
+                </a>
+                <p style="color: #666; font-size: 14px;">如果您没有请求此链接，请忽略此邮件。</p>
+                <hr style="margin: 24px 0; border: none; border-top: 1px solid #eee;" />
+                <p style="color: #999; font-size: 12px;">四川睿新致远科技有限公司</p>
+              </div>
+            `,
+          });
+        } catch (error) {
+          console.error('发送邮件失败:', error);
+          throw new Error('发送邮件失败');
+        }
+      },
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id;
+        token.role = user.role;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      if (session.user) {
+        session.user.id = token.id as string;
+        session.user.role = token.role as string;
+      }
+      return session;
+    },
+  },
+  pages: {
+    signIn: '/admin/login',
+    error: '/admin/login',
+  },
+  session: {
+    strategy: 'jwt',
+  },
+};

src/providers/session-provider.tsx

@@ -0,0 +1,8 @@
+'use client';
+
+import { SessionProvider as NextAuthSessionProvider } from 'next-auth/react';
+import { ReactNode } from 'react';
+
+export function SessionProvider({ children }: { children: ReactNode }) {
+  return <NextAuthSessionProvider>{children}</NextAuthSessionProvider>;
+}

src/types/next-auth.d.ts

@@ -0,0 +1,21 @@
+import { DefaultSession } from 'next-auth';
+
+declare module 'next-auth' {
+  interface Session {
+    user: {
+      id: string;
+      role: string;
+    } & DefaultSession['user'];
+  }
+
+  interface User {
+    role: string;
+  }
+}
+
+declare module 'next-auth/jwt' {
+  interface JWT {
+    id: string;
+    role: string;
+  }
+}