feat(core): setup postgres, minio, and authentik next-auth

2026-02-27 10:29:54 +02:00
parent 3b1ba589f0
commit 0ad7e835bd
18 changed files with 1654 additions and 105 deletions
@@ -0,0 +1,55 @@
+import NextAuth, { NextAuthOptions } from "next-auth";
+import AuthentikProvider from "next-auth/providers/authentik";
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    AuthentikProvider({
+      clientId: process.env.AUTHENTIK_CLIENT_ID || "",
+      clientSecret: process.env.AUTHENTIK_CLIENT_SECRET || "",
+      issuer: process.env.AUTHENTIK_ISSUER || "",
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, user, profile }) {
+      if (user) {
+        token.id = user.id;
+      }
+      if (profile) {
+        // Map Authentik groups/roles to our internal roles
+        // This assumes Authentik sends groups in the profile
+        const groups = (profile as any).groups || [];
+        let role = "user";
+        if (groups.includes("architools-admin")) role = "admin";
+        else if (groups.includes("architools-manager")) role = "manager";
+
+        token.role = role;
+
+        // Map company based on groups or attributes
+        let company = "group";
+        if (groups.includes("company-beletage")) company = "beletage";
+        else if (groups.includes("company-urban-switch"))
+          company = "urban-switch";
+        else if (groups.includes("company-studii-de-teren"))
+          company = "studii-de-teren";
+
+        token.company = company;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      if (session.user) {
+        (session.user as any).id = token.id;
+        (session.user as any).role = token.role || "user";
+        (session.user as any).company = token.company || "group";
+      }
+      return session;
+    },
+  },
+  pages: {
+    // We can add custom sign-in pages later if needed
+  },
+};
+
+const handler = NextAuth(authOptions);
+
+export { handler as GET, handler as POST };