chunzhi/cf-ssh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 全站登录保护 + 邮箱白名单 (ALLOWED_EMAILS)

Browse Source
This commit is contained in:
chunzhimoe 2026-04-12 16:56:51 +08:00
parent 28a6f4bc45
commit c42392d9df
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/lib/authOptions.ts
View File

@ -1,6 +1,11 @@
import type { NextAuthOptions } from "next-auth"; import type { NextAuthOptions } from "next-auth";
import GithubProvider from "next-auth/providers/github"; import GithubProvider from "next-auth/providers/github";
const allowedEmails = (process.env.ALLOWED_EMAILS ?? "")
.split(",")
.map((e) => e.trim().toLowerCase())
.filter(Boolean);
export const authOptions: NextAuthOptions = { export const authOptions: NextAuthOptions = {
providers: [ providers: [
GithubProvider({ GithubProvider({
@ -13,6 +18,10 @@ export const authOptions: NextAuthOptions = {
signIn: "/login", signIn: "/login",
}, },
callbacks: { callbacks: {
async signIn({ user }) {
if (allowedEmails.length === 0) return true;
return allowedEmails.includes((user.email ?? "").toLowerCase());
},
async session({ session, token }) { async session({ session, token }) {
if (session.user && token.sub) { if (session.user && token.sub) {
(session.user as { id?: string }).id = token.sub; (session.user as { id?: string }).id = token.sub;

14
src/middleware.ts Normal file
View File

@ -0,0 +1,14 @@
export { default } from "next-auth/middleware";
export const config = {
matcher: [
/*
*
* - /login
* - /api/auth/* NextAuth
* - /_next/* Next.js
* - /favicon.ico
*/
"/((?!login|api/auth|_next/static|_next/image|favicon\\.ico).*)",
],
};