feat: replace next-auth with quick auth

2025-12-07 18:02:33 -05:00 · 2025-07-14 13:01:46 -07:00
parent c713d53054
commit 86029b2bd9
33 changed files with 1260 additions and 797 deletions
--- a/src/app/api/auth/[...nextauth]/route.ts
+++ b/src/app/api/auth/[...nextauth]/route.ts
@@ -1,6 +0,0 @@
-import NextAuth from "next-auth"
-import { authOptions } from "~/auth"
-
-const handler = NextAuth(authOptions)
-
-export { handler as GET, handler as POST }
--- a/src/app/api/auth/update-session/route.ts
+++ b/src/app/api/auth/update-session/route.ts
@@ -1,46 +0,0 @@
-import { NextResponse } from 'next/server';
-import { getServerSession } from 'next-auth';
-import { authOptions } from '~/auth';
-
-export async function POST(request: Request) {
-  try {
-    const session = await getServerSession(authOptions);
-
-    if (!session?.user?.fid) {
-      return NextResponse.json(
-        { error: 'No authenticated session found' },
-        { status: 401 }
-      );
-    }
-
-    const body = await request.json();
-    const { signers, user } = body;
-
-    if (!signers || !user) {
-      return NextResponse.json(
-        { error: 'Signers and user are required' },
-        { status: 400 }
-      );
-    }
-
-    // For NextAuth to update the session, we need to trigger the JWT callback
-    // This is typically done by calling the session endpoint with updated data
-    // However, we can't directly modify the session token from here
-
-    // Instead, we'll store the data temporarily and let the client refresh the session
-    // The session will be updated when the JWT callback is triggered
-
-    return NextResponse.json({
-      success: true,
-      message: 'Session update prepared',
-      signers,
-      user,
-    });
-  } catch (error) {
-    console.error('Error preparing session update:', error);
-    return NextResponse.json(
-      { error: 'Failed to prepare session update' },
-      { status: 500 }
-    );
-  }
-}
--- a/src/app/api/auth/validate/route.ts
+++ b/src/app/api/auth/validate/route.ts
@@ -0,0 +1,52 @@
+import { NextResponse } from 'next/server';
+import { createClient, Errors } from '@farcaster/quick-auth';
+
+const client = createClient();
+
+export async function POST(request: Request) {
+  try {
+    const { token } = await request.json();
+
+    if (!token) {
+      return NextResponse.json(
+        { error: 'Token is required' },
+        { status: 400 }
+      );
+    }
+
+    // Get domain from environment or request
+    const domain = process.env.NEXT_PUBLIC_URL 
+      ? new URL(process.env.NEXT_PUBLIC_URL).hostname 
+      : request.headers.get('host') || 'localhost';
+
+    try {
+      // Use the official QuickAuth library to verify the JWT
+      const payload = await client.verifyJwt({
+        token,
+        domain,
+      });
+
+      return NextResponse.json({
+        success: true,
+        user: {
+          fid: payload.sub,
+        },
+      });
+    } catch (e) {
+      if (e instanceof Errors.InvalidTokenError) {
+        console.info('Invalid token:', e.message);
+        return NextResponse.json(
+          { error: 'Invalid token' },
+          { status: 401 }
+        );
+      }
+      throw e;
+    }
+  } catch (error) {
+    console.error('Token validation error:', error);
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    );
+  }
+}