sistema-de-chamados/src/lib/auth.ts

import { betterAuth } from "better-auth"
import { prismaAdapter } from "better-auth/adapters/prisma"
import { customSession } from "better-auth/plugins"

import { env } from "./env"
import { prisma } from "./prisma"

export const auth = betterAuth({
  secret: env.BETTER_AUTH_SECRET,
  baseURL: env.BETTER_AUTH_URL,
  // Permite login tanto no domínio de produção quanto no localhost em DEV
  trustedOrigins: Array.from(
    new Set(
      [
        env.BETTER_AUTH_URL,
        env.NEXT_PUBLIC_APP_URL,
        process.env.NODE_ENV !== "production" ? "http://localhost:3000" : undefined,
        process.env.NODE_ENV !== "production" ? "http://127.0.0.1:3000" : undefined,
      ].filter(Boolean) as string[]
    )
  ),
  database: prismaAdapter(prisma, {
    provider: "sqlite",
  }),
  user: {
    // Use the exact Prisma client property names (lower camel case)
    modelName: "authUser",
    additionalFields: {
      role: {
        type: "string",
        required: false,
        defaultValue: "agent",
        input: false,
      },
      tenantId: {
        type: "string",
        required: false,
      },
      avatarUrl: {
        type: "string",
        required: false,
      },
      machinePersona: {
        type: "string",
        required: false,
        input: false,
      },
    },
  },
  session: {
    modelName: "authSession",
    cookieCache: {
      enabled: true,
      maxAge: 60 * 5,
    },
  },
  account: {
    modelName: "authAccount",
  },
  verification: {
    modelName: "authVerification",
  },
  emailAndPassword: {
    enabled: true,
    requireEmailVerification: false,
  },
  plugins: [
    customSession(async ({ user, session }) => {
      const expiresAt = session.expiresAt instanceof Date
        ? session.expiresAt.getTime()
        : new Date(session.expiresAt ?? Date.now()).getTime()

      return {
        session: {
          id: session.id,
          expiresAt,
        },
        user: {
          id: user.id,
          name: user.name,
          email: user.email,
          role: ((user as { role?: string }).role ?? "agent").toLowerCase(),
          tenantId: (user as { tenantId?: string | null }).tenantId ?? null,
          avatarUrl: (user as { avatarUrl?: string | null }).avatarUrl ?? null,
          machinePersona: (user as { machinePersona?: string | null }).machinePersona ?? null,
        },
      }
    }),
  ],
})

export type AppAuth = typeof auth