feat(core): setup postgres, minio, and authentik next-auth

2026-02-27 10:29:54 +02:00
parent 3b1ba589f0
commit 0ad7e835bd
18 changed files with 1654 additions and 105 deletions
@@ -1,7 +1,8 @@
-'use client';
+"use client";

-import { createContext, useContext, useMemo, useCallback } from 'react';
-import type { AuthContextValue, User, Role } from './types';
+import { createContext, useContext, useMemo, useCallback } from "react";
+import { SessionProvider, useSession } from "next-auth/react";
+import type { AuthContextValue, User, Role, CompanyId } from "./types";

 const ROLE_HIERARCHY: Record<Role, number> = {
  admin: 4,
@@ -13,55 +14,76 @@ const ROLE_HIERARCHY: Record<Role, number> = {

 const AuthContext = createContext<AuthContextValue | null>(null);

-// Stub user for development (no auth required)
+// Stub user for development fallback
 const STUB_USER: User = {
-  id: 'dev-user',
-  name: 'Utilizator Intern',
-  email: 'dev@architools.local',
-  role: 'admin',
-  company: 'beletage',
+  id: "dev-user",
+  name: "Utilizator Intern",
+  email: "dev@architools.local",
+  role: "admin",
+  company: "beletage",
 };

 interface AuthProviderProps {
  children: React.ReactNode;
 }

-export function AuthProvider({ children }: AuthProviderProps) {
-  // In the current phase, always return the stub user
-  // Future: replace with Authentik OIDC token resolution
-  const user = STUB_USER;
+function AuthProviderInner({ children }: AuthProviderProps) {
+  const { data: session, status } = useSession();
+
+  // Use session user if available, otherwise fallback to stub in dev mode
+  // In production, we should probably force login if no session
+  const user: User | null = session?.user
+    ? {
+        id: (session.user as any).id || "unknown",
+        name: session.user.name || "Unknown User",
+        email: session.user.email || "",
+        role: ((session.user as any).role as Role) || "user",
+        company: ((session.user as any).company as CompanyId) || "group",
+      }
+    : process.env.NODE_ENV === "development"
+      ? STUB_USER
+      : null;

  const hasRole = useCallback(
    (requiredRole: Role) => {
+      if (!user) return false;
      return ROLE_HIERARCHY[user.role] >= ROLE_HIERARCHY[requiredRole];
    },
-    [user.role]
+    [user],
  );

  const canAccessModule = useCallback(
    (_moduleId: string) => {
      // Future: check module-level permissions
-      return true;
+      return !!user;
    },
-    []
+    [user],
  );

  const value: AuthContextValue = useMemo(
    () => ({
      user,
-      role: user.role,
-      isAuthenticated: true,
+      role: user?.role || "guest",
+      isAuthenticated: !!user,
      hasRole,
      canAccessModule,
    }),
-    [user, hasRole, canAccessModule]
+    [user, hasRole, canAccessModule],
  );

  return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
 }

+export function AuthProvider({ children }: AuthProviderProps) {
+  return (
+    <SessionProvider>
+      <AuthProviderInner>{children}</AuthProviderInner>
+    </SessionProvider>
+  );
+}
+
 export function useAuth(): AuthContextValue {
  const ctx = useContext(AuthContext);
-  if (!ctx) throw new Error('useAuth must be used within AuthProvider');
+  if (!ctx) throw new Error("useAuth must be used within AuthProvider");
  return ctx;
 }