Skip to main content

Overview

The thepopebot/auth export provides NextAuth v5 route handlers and session utilities.

Import

import { GET, POST, auth, getPageAuthState } from 'thepopebot/auth';

Exports

Route Handlers

GET
function
NextAuth GET route handler for [...nextauth] catch-all route
POST
function
NextAuth POST route handler for [...nextauth] catch-all route
Usage in app/api/auth/[...nextauth]/route.js: 
import { GET, POST } from 'thepopebot/auth';
export { GET, POST };

Session Utilities

auth
function
Get current session. Returns session object or null if not authenticated.
Server Component: 
import { auth } from 'thepopebot/auth';

export default async function Page() {
  const session = await auth();
  if (!session) return <div>Not logged in</div>;
  return <div>Hello {session.user.email}</div>;
}
Server Action: 
'use server';
import { auth } from 'thepopebot/auth';

export async function myAction() {
  const session = await auth();
  if (!session) throw new Error('Unauthorized');
  // ...
}
getPageAuthState
function
Get auth state and setup status in one call. Returns { session, needsSetup }.
Usage: 
import { getPageAuthState } from 'thepopebot/auth';

export default async function RootLayout() {
  const { session, needsSetup } = await getPageAuthState();
  
  if (needsSetup) return <SetupWizard />;
  if (!session) return <LoginPage />;
  return <Dashboard session={session} />;
}

Implementation

The auth module re-exports from lib/auth/config.js, which configures NextAuth with:
  • Credentials provider - Email/password authentication
  • JWT strategy - Session stored in httpOnly cookie
  • Database integration - User lookup via lib/db/users.js
  • Password hashing - bcrypt with timing-safe comparison

First User Setup

getPageAuthState() checks if any users exist in the database: 
export async function getPageAuthState() {
  const { getUserCount } = await import('../db/users.js');
  const [session, userCount] = await Promise.all([
    auth(),
    Promise.resolve(getUserCount()),
  ]);

  return {
    session,
    needsSetup: userCount === 0,
  };
}
First visit creates an admin account via the setup wizard.

Environment Variables

AUTH_SECRET
string
required
Secret key for JWT encryption. Generate with openssl rand -base64 32.

Build docs developers (and LLMs) love

Get started for freeTalk to us