3a16d6e9b1
- Replace next-auth v5 beta with better-auth v1.6.2 (stable releases)
- Add multi-provider OAuth support with admin UI configuration
- New oauthProviders table with encrypted secrets (AES-256-GCM)
- Env var bootstrap (OAUTH_*) syncs to DB, UI-created providers fully editable
- OAuth provider REST API: GET/POST/PUT/DELETE /api/v1/oauth-providers
- Settings page "Authentication Providers" section for admin management
- Account linking uses new accounts table (multi-provider per user)
- Username plugin for credentials sign-in (replaces email@localhost pattern)
- bcrypt password compatibility (existing hashes work)
- Database-backed sessions via Kysely adapter (bun:sqlite direct)
- Configurable rate limiting via AUTH_RATE_LIMIT_* env vars
- All DB columns migrated from snake_case to camelCase
- All TypeScript types/models migrated to camelCase properties
- Removed casing: "snake_case" from Drizzle config
- Callback URL format: {baseUrl}/api/auth/oauth2/callback/{providerId}
- package-lock.json removed and gitignored (using bun.lock)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
20 lines
613 B
TypeScript
20 lines
613 B
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { requireApiAdmin, apiErrorResponse } from "@/src/lib/api-auth";
|
|
import { listUsers } from "@/src/lib/models/user";
|
|
|
|
function stripPasswordHash(user: Record<string, unknown>) {
|
|
const { passwordHash: _, ...rest } = user;
|
|
void _;
|
|
return rest;
|
|
}
|
|
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
await requireApiAdmin(request);
|
|
const users = await listUsers();
|
|
return NextResponse.json(users.map(u => stripPasswordHash(u as unknown as Record<string, unknown>)));
|
|
} catch (error) {
|
|
return apiErrorResponse(error);
|
|
}
|
|
}
|