Authentication

Setup

Authentication is securely handled by NextAuth.js. The configuration is located in app/api/auth/[...nextauth]/route.ts.

Email/Password: Uses bcrypt for password hashing.

OAuth: Built-in support for Google and GitHub. Configurable via .env variables:

GOOGLE_CLIENT_ID

GOOGLE_CLIENT_SECRET

We use Next.js Middleware to protect the /cms dashboard routes. Any request to /cms/* without a valid session token is redirected to /login.

// middleware.ts

export { auth as middleware } from "./auth"

export const config = {

matcher: ["/cms/:path*"],

}