switch next-auth for lucia-auth

syhner · Nov 29, 2023 · fb39b15 · fb39b15
1 parent 8cb404b
commit fb39b15
Show file tree

Hide file tree

Showing 19 changed files with 433 additions and 232 deletions.
diff --git a/README.md b/README.md
@@ -22,11 +22,9 @@ Some features depend on environment variables (indicated in features list with
 - ⚙️ [**T3 Env**](https://github.com/t3-oss/t3-env) - Environment variable validation
 - 🌐 [**tRPC**](https://trpc.io/) - Create end-to-end type-safe APIs that work in both client and server components
 - ⚡💡 [**WebSockets**](https://pusher.com) - Real-time communication (using Pusher, but can be swapped out for alternatives)
-  - ❗️ using [pusher-http-edge](https://www.npmjs.com/package/pusher-http-edge) to run on edge, use the [nodejs runtime](src/app/api/trpc/[trpc]/route.ts) with a [stable version](https://www.npmjs.com/package/pusher) if desired
   - 🔗 integrates with tRPC for end-to-end type-safe events
 - 💽💡 [**Drizzle**](https://orm.drizzle.team/) - ORM with maximal type safety
-- 🔒💡 [**NextAuth**](https://next-auth.js.org/) - Flexible and secure authentication
-  - ❗️ using [next-auth@experimental](https://www.npmjs.com/package/next-auth/v/0.0.0-manual.ffd05533) to run on edge. use the [nodejs runtime](src/app/api/auth/[...nextauth]/route.ts) with a [stable version](https://www.npmjs.com/package/next-auth) if desired
+- 🔒💡 [**Lucia Auth**](https://lucia-auth.com/) - Authentication, simple and clean
   - 🔗💡 integrates with Drizzle to store auth data
 
 ### Development
@@ -101,6 +99,21 @@ Some features depend on environment variables (indicated in features list with
 
 - [`.github/workflows/ci.yml`](.github/workflows/ci.yml) - type-checking and linting (hence these errors are ignored in [`next.config.mjs`](next.config.mjs))
 
+### [Lucia Auth](https://lucia-auth.com/)
+
+💡 (requires enabling)
+
+- [`src/app/api/auth`](src/app/api/auth)
+- [`src/app/auth`](src/app/auth)
+- [`src/components/auth.tsx`](src/components/auth.tsx)
+- [`src/db/schemas/auth.ts)`](src/db/schemas/auth.ts) store auth data in database
+- [`src/lib/auth.ts`](src/lib/auth.ts)
+- [`types/lucia.d.ts`](types/lucia.d.ts)
+
+#### Examples
+
+- [`src/app/examples/profile/page.tsx`](src/app/examples/profile/page.tsx)
+
 ### [MDX](https://mdxjs.com/)
 
 - [`mdx-components.tsx`](mdx-components.tsx)
@@ -111,15 +124,6 @@ Some features depend on environment variables (indicated in features list with
 - [`public/manifest.json`](public/manifest.json)
 - [`next.config.mjs`](next.config.mjs)
 
-### [NextAuth](https://next-auth.js.org/)
-
-💡 (requires enabling)
-
-- [`src/app/api/auth/[...nextauth]/route.ts`](src/app/api/auth/[...nextauth]/route.ts)
-- [`src/components/auth.tsx`](src/components/auth.tsx)
-- [`src/db/schemas/auth.ts`](src/db/schemas/auth.ts) — store auth data (users, accounts, sessions, verification tokens) in database
-- [`src/lib/auth.ts`](src/lib/auth.ts)
-
 ### [Playwright](https://playwright.dev/)
 
 - [`e2e/`](e2e/)

diff --git a/package.json b/package.json
@@ -25,9 +25,9 @@
     "db:view": "drizzle-kit studio"
   },
   "dependencies": {
-    "@auth/core": "0.0.0-manual.59d8da33",
-    "@auth/drizzle-adapter": "^0.2.1",
     "@hookform/resolvers": "^3.3.0",
+    "@lucia-auth/adapter-mysql": "^2.1.0",
+    "@lucia-auth/oauth": "^3.5.0",
     "@mdx-js/loader": "^2.3.0",
     "@mdx-js/react": "^2.3.0",
     "@next/mdx": "^13.4.19",
@@ -46,9 +46,9 @@
     "client-only": "^0.0.1",
     "clsx": "^2.0.0",
     "drizzle-orm": "^0.28.2",
+    "lucia": "^2.7.4",
     "lucide-react": "^0.261.0",
     "next": "14.0.3",
-    "next-auth": "0.0.0-manual.ffd05533",
     "next-themes": "^0.2.1",
     "pusher-http-edge": "^0.4.0",
     "pusher-js": "^8.3.0",
@@ -88,10 +88,5 @@
     "typescript": "^5",
     "vitest": "^0.34.2",
     "vitest-dom": "^0.1.0"
-  },
-  "pnpm": {
-    "overrides": {
-      "@auth/core": "0.12.0"
-    }
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/app/api/auth/[...nextauth]/route.ts b/src/app/api/auth/[...nextauth]/route.ts
diff --git a/src/app/api/auth/logout/route.ts b/src/app/api/auth/logout/route.ts
@@ -0,0 +1,23 @@
+import * as context from 'next/headers';
+import type { NextRequest } from 'next/server';
+import { auth, authRedirects } from '~/lib/auth';
+
+export const POST = async (request: NextRequest) => {
+  const authRequest = auth.handleRequest(request.method, context);
+
+  // Check if user is authenticated
+  const session = await authRequest.validate();
+  if (!session) {
+    return new Response(null, { status: 401 });
+  }
+
+  // Invalidate the current session
+  await auth.invalidateSession(session.sessionId);
+
+  // Delete session cookie
+  authRequest.setSession(null);
+  return new Response(null, {
+    status: 302,
+    headers: { Location: authRedirects.afterLogout },
+  });
+};