feat: 配置 NextAuth.js 认证系统

- 支持邮箱密码登录 - 支持 Magic Link 登录（Resend） - 配置 Session Provider - 添加 TypeScript 类型定义
2026-03-08 21:11:58 +08:00
parent 8ac9933ba4
commit 62e251c6f3
6 changed files with 151 additions and 7 deletions
@@ -0,0 +1,106 @@
+import { NextAuthOptions } from 'next-auth';
+import CredentialsProvider from 'next-auth/providers/credentials';
+import EmailProvider from 'next-auth/providers/email';
+import { Resend } from 'resend';
+import { db } from '@/db';
+import { users } from '@/db/schema';
+import { eq } from 'drizzle-orm';
+import bcrypt from 'bcryptjs';
+
+const resend = new Resend(process.env.RESEND_API_KEY);
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    CredentialsProvider({
+      name: '邮箱密码',
+      credentials: {
+        email: { label: '邮箱', type: 'email' },
+        password: { label: '密码', type: 'password' },
+      },
+      async authorize(credentials) {
+        if (!credentials?.email || !credentials?.password) {
+          return null;
+        }
+
+        const user = await db
+          .select()
+          .from(users)
+          .where(eq(users.email, credentials.email))
+          .limit(1);
+
+        if (user.length === 0) {
+          return null;
+        }
+
+        const isValid = await bcrypt.compare(
+          credentials.password,
+          user[0].passwordHash || ''
+        );
+
+        if (!isValid) {
+          return null;
+        }
+
+        return {
+          id: user[0].id,
+          email: user[0].email,
+          name: user[0].name,
+          role: user[0].role,
+        };
+      },
+    }),
+    EmailProvider({
+      server: {},
+      from: process.env.EMAIL_FROM || 'noreply@novalon.cn',
+      sendVerificationRequest: async ({ identifier: email, url }) => {
+        try {
+          await resend.emails.send({
+            from: process.env.EMAIL_FROM || 'noreply@novalon.cn',
+            to: email,
+            subject: '睿新致遠 - 登录验证链接',
+            html: `
+              <div style="font-family: sans-serif; max-width: 600px; margin: 0 auto;">
+                <h2 style="color: #C41E3A;">睿新致遠管理后台登录</h2>
+                <p>您好！</p>
+                <p>您收到这封邮件是因为您请求登录睿新致遠管理后台。</p>
+                <p>请点击下方按钮完成登录：</p>
+                <a href="${url}" style="display: inline-block; padding: 12px 24px; background-color: #C41E3A; color: white; text-decoration: none; border-radius: 6px; margin: 16px 0;">
+                  立即登录
+                </a>
+                <p style="color: #666; font-size: 14px;">如果您没有请求此链接，请忽略此邮件。</p>
+                <hr style="margin: 24px 0; border: none; border-top: 1px solid #eee;" />
+                <p style="color: #999; font-size: 12px;">四川睿新致远科技有限公司</p>
+              </div>
+            `,
+          });
+        } catch (error) {
+          console.error('发送邮件失败:', error);
+          throw new Error('发送邮件失败');
+        }
+      },
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, user }) {
+      if (user) {
+        token.id = user.id;
+        token.role = user.role;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      if (session.user) {
+        session.user.id = token.id as string;
+        session.user.role = token.role as string;
+      }
+      return session;
+    },
+  },
+  pages: {
+    signIn: '/admin/login',
+    error: '/admin/login',
+  },
+  session: {
+    strategy: 'jwt',
+  },
+};