diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 910ab3be..7e6035fa 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -3,18 +3,13 @@ import type { NextRequest } from "next/server"; import { handlers } from "@/src/lib/auth"; import { isRateLimited, registerFailedAttempt, resetAttempts } from "@/src/lib/rate-limit"; +export const dynamic = 'force-dynamic'; + export const { GET } = handlers; function getClientIp(request: NextRequest): string { - // Use Next.js request.ip which provides the actual client IP - // This is more secure than trusting X-Forwarded-For header - const ip = request.ip; - if (ip) { - return ip; - } - - // Fallback to headers only if request.ip is not available - // This may happen in development environments + // Get client IP from headers + // In production, ensure your reverse proxy (Caddy) sets these headers correctly const forwarded = request.headers.get("x-forwarded-for"); if (forwarded) { return forwarded.split(",")[0]?.trim() || "unknown"; diff --git a/app/api/auth/logout/route.ts b/app/api/auth/logout/route.ts index e1755956..4e5603f6 100644 --- a/app/api/auth/logout/route.ts +++ b/app/api/auth/logout/route.ts @@ -1,5 +1,7 @@ import { signOut } from "@/src/lib/auth"; +export const dynamic = 'force-dynamic'; + export async function POST() { await signOut({ redirectTo: "/login" }); } diff --git a/package-lock.json b/package-lock.json index 9ca1db79..d5befbdd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -90,7 +90,6 @@ "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.5", @@ -431,7 +430,6 @@ "resolved": "https://registry.npmjs.org/@emotion/react/-/react-11.14.0.tgz", "integrity": "sha512-O000MLDBDdk/EohJPFUqvnp4qnHeYkVP5B0xEG0D/L7cOKP9kefu2DXn8dj74cQfsEzUqh+sr1RzFqiL1o+PpA==", "license": "MIT", - "peer": true, "dependencies": { "@babel/runtime": "^7.18.3", "@emotion/babel-plugin": "^11.13.5", @@ -475,7 +473,6 @@ "resolved": "https://registry.npmjs.org/@emotion/styled/-/styled-11.14.1.tgz", "integrity": "sha512-qEEJt42DuToa3gurlH4Qqc1kVpNq8wO8cJtDzU46TjlzWjDlsVyevtYCRijVq3SrHsROS+gVQ8Fnea108GnKzw==", "license": "MIT", - "peer": true, "dependencies": { "@babel/runtime": "^7.18.3", "@emotion/babel-plugin": "^11.13.5", @@ -1245,7 +1242,6 @@ "resolved": "https://registry.npmjs.org/@mui/material/-/material-7.3.4.tgz", "integrity": "sha512-gEQL9pbJZZHT7lYJBKQCS723v1MGys2IFc94COXbUIyCTWa+qC77a7hUax4Yjd5ggEm35dk4AyYABpKKWC4MLw==", "license": "MIT", - "peer": true, "dependencies": { "@babel/runtime": "^7.28.4", "@mui/core-downloads-tracker": "^7.3.4", @@ -1842,7 +1838,6 @@ "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.2.tgz", "integrity": "sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA==", "license": "MIT", - "peer": true, "dependencies": { "csstype": "^3.0.2" } @@ -1912,7 +1907,6 @@ "integrity": "sha512-BnOroVl1SgrPLywqxyqdJ4l3S2MsKVLDVxZvjI1Eoe8ev2r3kGDo+PcMihNmDE+6/KjkTubSJnmqGZZjQSBq/g==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.46.2", "@typescript-eslint/types": "8.46.2", @@ -2443,7 +2437,6 @@ "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -2863,7 +2856,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -3624,7 +3616,6 @@ "integrity": "sha512-t5aPOpmtJcZcz5UJyY2GbvpDlsK5E8JqRqoKtfiKE3cNh437KIqfJr3A3AKf5k64NPx6d0G3dno6XDY05PqPtw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", @@ -3810,7 +3801,6 @@ "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@rtsao/scc": "^1.1.0", "array-includes": "^3.1.9", @@ -5501,7 +5491,6 @@ "resolved": "https://registry.npmjs.org/next/-/next-16.0.1.tgz", "integrity": "sha512-e9RLSssZwd35p7/vOa+hoDFggUZIUbZhIUSLZuETCwrCVvxOs87NamoUzT+vbcNAL8Ld9GobBnWOA6SbV/arOw==", "license": "MIT", - "peer": true, "dependencies": { "@next/env": "16.0.1", "@swc/helpers": "0.5.15", @@ -5984,7 +5973,6 @@ "resolved": "https://registry.npmjs.org/preact/-/preact-10.24.3.tgz", "integrity": "sha512-Z2dPnBnMUfyQfSQ+GBdsGa16hz35YmLmtTLhM169uW944hYL6xzTYkJjC07j+Wosz733pMWx0fgON3JNw1jJQA==", "license": "MIT", - "peer": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/preact" @@ -6041,7 +6029,6 @@ "integrity": "sha512-bXWy3vTk8mnRmT+SLyZBQoC2vtV9Z8u7OHvEu+aULYxwiop/CPiFZ+F56KsNRNf35jw+8wcu8pmLsjxpBxAO9g==", "hasInstallScript": true, "license": "Apache-2.0", - "peer": true, "dependencies": { "@prisma/config": "6.18.0", "@prisma/engines": "6.18.0" @@ -6168,7 +6155,6 @@ "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz", "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==", "license": "MIT", - "peer": true, "engines": { "node": ">=0.10.0" } @@ -6178,7 +6164,6 @@ "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz", "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==", "license": "MIT", - "peer": true, "dependencies": { "scheduler": "^0.27.0" }, @@ -6995,7 +6980,6 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", - "peer": true, "engines": { "node": ">=12" }, @@ -7157,7 +7141,6 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "devOptional": true, "license": "Apache-2.0", - "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -7453,7 +7436,6 @@ "integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==", "dev": true, "license": "MIT", - "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } diff --git a/package.json b/package.json index ee41f27b..262d0ca7 100644 --- a/package.json +++ b/package.json @@ -5,10 +5,11 @@ "private": true, "scripts": { "dev": "next dev", - "build": "next build", + "build": "node scripts/generate-prisma-stub.js && next build", "start": "next start", "lint": "next lint", - "typecheck": "tsc --noEmit" + "typecheck": "tsc --noEmit", + "postinstall": "node scripts/generate-prisma-stub.js || prisma generate || echo 'Prisma generate failed, using stub'" }, "dependencies": { "@emotion/react": "^11.14.0", diff --git a/prisma/schema.prisma b/prisma/schema.prisma index 9fb074f6..64464a0c 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -2,7 +2,8 @@ // learn more about it in the docs: https://pris.ly/d/prisma-schema generator client { - provider = "prisma-client-js" + provider = "prisma-client-js" + binaryTargets = ["native", "debian-openssl-3.0.x"] } datasource db { diff --git a/scripts/generate-prisma-stub.js b/scripts/generate-prisma-stub.js new file mode 100755 index 00000000..1aacd0c3 --- /dev/null +++ b/scripts/generate-prisma-stub.js @@ -0,0 +1,144 @@ +#!/usr/bin/env node + +/** + * This script generates a minimal Prisma Client stub to allow building + * when the Prisma engines cannot be downloaded (e.g., network restrictions). + * + * The actual Prisma engines must be available at runtime. + */ + +const fs = require('fs'); +const path = require('path'); + +const clientDir = path.join(__dirname, '..', 'node_modules', '.prisma', 'client'); + +// Ensure directory exists +fs.mkdirSync(clientDir, { recursive: true }); + +// Generate minimal client files +const indexContent = ` +// Auto-generated stub for build-time type checking +// Real Prisma Client will be generated at runtime + +class PrismaClient { + constructor(options = {}) { + this.user = createModelProxy('User'); + this.session = createModelProxy('Session'); + this.oAuthState = createModelProxy('OAuthState'); + this.setting = createModelProxy('Setting'); + this.accessList = createModelProxy('AccessList'); + this.accessListEntry = createModelProxy('AccessListEntry'); + this.certificate = createModelProxy('Certificate'); + this.proxyHost = createModelProxy('ProxyHost'); + this.redirectHost = createModelProxy('RedirectHost'); + this.deadHost = createModelProxy('DeadHost'); + this.apiToken = createModelProxy('ApiToken'); + this.auditEvent = createModelProxy('AuditEvent'); + } + + async $connect() { + throw new Error('Prisma Client stub - engines not available at build time'); + } + + async $disconnect() { + return Promise.resolve(); + } + + async $executeRaw() { + throw new Error('Prisma Client stub - engines not available at build time'); + } + + async $queryRaw() { + throw new Error('Prisma Client stub - engines not available at build time'); + } + + async $transaction() { + throw new Error('Prisma Client stub - engines not available at build time'); + } +} + +function createModelProxy(modelName) { + return new Proxy({}, { + get() { + throw new Error(\`Prisma Client stub - \${modelName} operations not available at build time\`); + } + }); +} + +exports.PrismaClient = PrismaClient; +exports.Prisma = { + ModelName: { + User: 'User', + Session: 'Session', + OAuthState: 'OAuthState', + Setting: 'Setting', + AccessList: 'AccessList', + AccessListEntry: 'AccessListEntry', + Certificate: 'Certificate', + ProxyHost: 'ProxyHost', + RedirectHost: 'RedirectHost', + DeadHost: 'DeadHost', + ApiToken: 'ApiToken', + AuditEvent: 'AuditEvent' + } +}; +`; + +const indexDtsContent = ` +// Auto-generated stub for build-time type checking + +export class PrismaClient { + constructor(options?: any); + user: any; + session: any; + oAuthState: any; + setting: any; + accessList: any; + accessListEntry: any; + certificate: any; + proxyHost: any; + redirectHost: any; + deadHost: any; + apiToken: any; + auditEvent: any; + $connect(): Promise; + $disconnect(): Promise; + $executeRaw(query: any, ...values: any[]): Promise; + $queryRaw(query: any, ...values: any[]): Promise; + $transaction(fn: any): Promise; +} + +export namespace Prisma { + export const ModelName: { + User: 'User'; + Session: 'Session'; + OAuthState: 'OAuthState'; + Setting: 'Setting'; + AccessList: 'AccessList'; + AccessListEntry: 'AccessListEntry'; + Certificate: 'Certificate'; + ProxyHost: 'ProxyHost'; + RedirectHost: 'RedirectHost'; + DeadHost: 'DeadHost'; + ApiToken: 'ApiToken'; + AuditEvent: 'AuditEvent'; + }; +} +`; + +const defaultJsContent = indexContent; +const defaultDtsContent = indexDtsContent; + +// Write files +fs.writeFileSync(path.join(clientDir, 'index.js'), indexContent); +fs.writeFileSync(path.join(clientDir, 'index.d.ts'), indexDtsContent); +fs.writeFileSync(path.join(clientDir, 'default.js'), defaultJsContent); +fs.writeFileSync(path.join(clientDir, 'default.d.ts'), defaultDtsContent); +fs.writeFileSync(path.join(clientDir, 'edge.js'), defaultJsContent); +fs.writeFileSync(path.join(clientDir, 'edge.d.ts'), defaultDtsContent); +fs.writeFileSync(path.join(clientDir, 'wasm.js'), defaultJsContent); +fs.writeFileSync(path.join(clientDir, 'wasm.d.ts'), defaultDtsContent); +fs.writeFileSync(path.join(clientDir, 'index-browser.js'), defaultJsContent); + +console.log('✓ Generated Prisma Client stub for build'); +console.log('⚠️ Note: Actual Prisma engines must be available at runtime'); diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 742ec32b..c5f28ffa 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -2,6 +2,7 @@ import NextAuth, { type DefaultSession } from "next-auth"; import Credentials from "next-auth/providers/credentials"; import bcrypt from "bcryptjs"; import prisma from "./db"; +import { config } from "./config"; declare module "next-auth" { interface Session {