pfadi-bussle/pages/api/auth/[...nextauth].ts

import { NextApiRequest, NextApiResponse } from 'next'
import NextAuth from 'next-auth'
import EmailProvider from 'next-auth/providers/email'
import GitHubProvider from 'next-auth/providers/github'

import { MongoDBAdapter } from '@next-auth/mongodb-adapter'
import { MONGO_URI } from '../../../db'
import { MongoClient } from 'mongodb'

let client: MongoClient

const ADMIN_EMAIL = process.env.ADMIN_EMAIL
const GITHUB_USERS_GRANTED = ['111471']

async function getMongoClient() {
  if (!client) {
    client = new MongoClient(MONGO_URI)
    await client.connect()
  }

  return client
}

export default async function auth(req: NextApiRequest, res: NextApiResponse) {
  return await NextAuth(req, res, {
    secret: process.env.NEXTAUTH_SECRET,
    adapter: MongoDBAdapter(getMongoClient()),
    providers: [
      GitHubProvider({
        clientId: process.env.GITHUB_CLIENT_ID,
        clientSecret: process.env.GITHUB_CLIENT_SECRET,
      }),
      EmailProvider({
        server: {
          host: 'smtp.sendgrid.net',
          port: 587,
          auth: {
            user: 'apikey',
            pass: process.env.SENDGRID_API_KEY,
          },
        },
        from: process.env.FROM_EMAIL,
      }),
    ],
    callbacks: {
      async signIn({ account, email }) {
        // if user sigin requested magic link via EmailProvider
        if (account.provider === 'email') {
          if (email.verificationRequest) {
            // only allow admins by email entered
            return account.providerAccountId === ADMIN_EMAIL
          }

          // if user accesses with magic link, also only allow admin
          return account.providerAccountId === ADMIN_EMAIL
        } else if (account.provider === 'github') {
          // only one and only one user
          return GITHUB_USERS_GRANTED.includes(account.providerAccountId)
        }
        return false
      },
    },
  })
}