98 lines
3.3 KiB
TypeScript
98 lines
3.3 KiB
TypeScript
import { betterAuth } from 'better-auth'
|
|
import Database from 'better-sqlite3'
|
|
import { organization, jwt } from 'better-auth/plugins'
|
|
import { resend } from './mail'
|
|
import {
|
|
accessControl,
|
|
employerRole,
|
|
worksCouncilMemberRole,
|
|
employeeRole,
|
|
adminRole,
|
|
ROLES,
|
|
type LegalRole
|
|
} from './permissions'
|
|
|
|
export const auth = betterAuth({
|
|
database: new Database('./sqlite.db'),
|
|
emailAndPassword: { enabled: true, autoSignIn: false },
|
|
trustedOrigins: ['http://localhost:3001'],
|
|
plugins: [
|
|
jwt({
|
|
jwt: {
|
|
issuer: 'http://192.168.178.114:3001',
|
|
expirationTime: '1yr'
|
|
},
|
|
jwks: {
|
|
keyPairConfig: {
|
|
// Supported by NimbusJwtDecoder
|
|
alg: 'ES512'
|
|
}
|
|
}
|
|
}),
|
|
organization({
|
|
// Pass the access control instance and roles
|
|
ac: accessControl,
|
|
roles: {
|
|
[ROLES.EMPLOYER]: employerRole,
|
|
[ROLES.WORKS_COUNCIL_MEMBER]: worksCouncilMemberRole,
|
|
[ROLES.EMPLOYEE]: employeeRole,
|
|
[ROLES.ADMIN]: adminRole
|
|
},
|
|
|
|
// Creator gets admin role by default
|
|
creatorRole: ROLES.ADMIN,
|
|
|
|
async sendInvitationEmail(data) {
|
|
console.log('Sending invitation email', data)
|
|
const inviteLink = `http://192.168.178.114:3001/accept-invitation/${data.id}`
|
|
|
|
const roleDisplayNames = {
|
|
[ROLES.EMPLOYER]: 'Arbeitgeber',
|
|
[ROLES.EMPLOYEE]: 'Arbeitnehmer',
|
|
[ROLES.WORKS_COUNCIL_MEMBER]: 'Betriebsrat',
|
|
[ROLES.ADMIN]: 'Administrator'
|
|
}
|
|
|
|
const roleDisplayName = roleDisplayNames[data.role as LegalRole] || data.role
|
|
|
|
try {
|
|
const result = await resend.emails.send({
|
|
from: 'Acme <onboarding@resend.dev>',
|
|
to: data.email,
|
|
subject: `Einladung als ${roleDisplayName} - ${data.organization.name}`,
|
|
html: `
|
|
<h2>Einladung zur Organisation ${data.organization.name}</h2>
|
|
<p>Sie wurden als <strong>${roleDisplayName}</strong> eingeladen.</p>
|
|
<p><a href="${inviteLink}" style="background: #007bff; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px;">Einladung annehmen</a></p>
|
|
<p>Diese Einladung läuft ab am: ${new Date(data.invitation.expiresAt).toLocaleDateString('de-DE')}</p>
|
|
`
|
|
})
|
|
|
|
if (result.error) {
|
|
throw new Error(`Email sending failed: ${result.error?.statusCode} ${result.error?.error}`)
|
|
}
|
|
|
|
console.log('Email invite link:', inviteLink)
|
|
console.log('Invitation email sent successfully to:', data.email, 'with ID:', result.data?.id)
|
|
} catch (error) {
|
|
console.error('Failed to send invitation email:', error)
|
|
|
|
// Log specific error details for debugging
|
|
const errorObj = error as { response?: { status: number; data: unknown }; message?: string }
|
|
if (errorObj.response) {
|
|
console.error('HTTP Status:', errorObj.response.status)
|
|
console.error('Response data:', errorObj.response.data)
|
|
}
|
|
|
|
// Re-throw the error so BetterAuth knows the email failed
|
|
const message = errorObj.message || String(error)
|
|
throw new Error(`Email sending failed: ${message}`)
|
|
}
|
|
}
|
|
})
|
|
]
|
|
})
|
|
|
|
export { ROLES }
|
|
export type { LegalRole }
|