完整性更新

现在已经实现了大部分基础功能

src/auth.ts

@@ -0,0 +1,61 @@
+import NextAuth from "next-auth"
+import Credentials from "next-auth/providers/credentials"
+
+export const { handlers, auth, signIn, signOut } = NextAuth({
+  session: { strategy: "jwt" },
+  pages: { signIn: "/login" },
+  providers: [
+    Credentials({
+      credentials: {
+        email: { label: "Email", type: "email" },
+        password: { label: "Password", type: "password" },
+      },
+      authorize: async (credentials) => {
+        const email = String(credentials?.email ?? "").trim().toLowerCase()
+        const password = String(credentials?.password ?? "")
+        if (!email || !password) return null
+
+        const [{ eq }, { db }, { users }] = await Promise.all([
+          import("drizzle-orm"),
+          import("@/shared/db"),
+          import("@/shared/db/schema"),
+        ])
+
+        const user = await db.query.users.findFirst({
+          where: eq(users.email, email),
+        })
+        if (!user) return null
+
+        const storedPassword = user.password ?? null
+        if (storedPassword) {
+          if (storedPassword !== password) return null
+        } else if (process.env.NODE_ENV === "production") {
+          return null
+        }
+
+        return {
+          id: user.id,
+          name: user.name ?? undefined,
+          email: user.email,
+          role: (user.role ?? "student") as string,
+        }
+      },
+    }),
+  ],
+  callbacks: {
+    jwt: async ({ token, user }) => {
+      if (user) {
+        token.id = (user as { id: string }).id
+        token.role = (user as { role?: string }).role ?? "student"
+      }
+      return token
+    },
+    session: async ({ session, token }) => {
+      if (session.user) {
+        session.user.id = String(token.id ?? "")
+        session.user.role = String(token.role ?? "student")
+      }
+      return session
+    },
+  },
+})