feat: Enhance Discourse OAuth authentication with flexible credential handling

src/app/(oauth)/q58/callback/page.tsx

@@ -1,5 +1,6 @@
 import { Suspense } from "react";
 import { redirect } from "next/navigation";
+import { signIn } from "@/auth";
 
 import { discourseCallbackVerify } from "@/lib/discourse/verify";
 import { findAuthorization } from "@/lib/dto/authorization";
@@ -33,6 +34,19 @@ export default async function DiscourseCallbackPage({
     searchParams.sig,
   );
 
+  // 设置用户会话
+  await signIn("credentials", {
+    id: user.id,
+    username: user.username,
+    email: user.email,
+    name: user.name,
+    avatarUrl: user.avatarUrl,
+    role: user.role,
+    moderator: user.moderator,
+    groups: JSON.stringify(user.groups),
+    redirect: false,
+  });
+
   // check authorization
   const authorization = await findAuthorization(user.id, client.id);
 

src/auth.config.ts

@@ -1,3 +1,4 @@
+import { UserRole } from "@prisma/client";
 import type { NextAuthConfig } from "next-auth";
 import Credentials from "next-auth/providers/credentials";
 
@@ -8,14 +9,47 @@ export default {
   providers: [
     Credentials({
       credentials: {
-        sso: {},
+        id: { type: "text" },
-        sig: {},
+        username: { type: "text" },
+        email: { type: "text" },
+        name: { type: "text" },
+        avatarUrl: { type: "text" },
+        role: { type: "text" },
+        moderator: { type: "text" },
+        groups: { type: "text" },
+        sso: { type: "text" },
+        sig: { type: "text" },
       },
-      authorize: async (credentials) => {
+      async authorize(credentials) {
-        const sso = credentials.sso as string;
+        if (!credentials) return null;
-        const sig = credentials.sig as string;
+
-        const user = await discourseCallbackVerify(sso, sig);
+        // 如果是 SSO 登录
-        return user;
+        if (credentials.sso && credentials.sig) {
+          return await discourseCallbackVerify(
+            credentials.sso as string,
+            credentials.sig as string,
+          );
+        }
+
+        // 如果是直接传入用户数据
+        if (credentials.id && credentials.username && credentials.email) {
+          return {
+            id: credentials.id as string,
+            username: credentials.username as string,
+            email: credentials.email as string,
+            name: (credentials.name as string) || null,
+            avatarUrl: (credentials.avatarUrl as string) || null,
+            role: ((credentials.role as string) || "USER") as UserRole,
+            moderator: credentials.moderator === "true",
+            groups: credentials.groups
+              ? JSON.parse(credentials.groups as string)
+              : [],
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          };
+        }
+
+        return null;
       },
     }),
   ],