From d41ab0c4e82620b7b4ae503c757707fbe544ac58 Mon Sep 17 00:00:00 2001
From: jerick <jerick.oates@proton.me>
Date: Mon, 20 Apr 2026 16:12:15 -0400
Subject: [PATCH] fix: split auth config so middleware uses Edge-compatible
 module

NextAuth's Credentials provider pulls in Prisma -> pg -> Node.js crypto,
which crashes in the Edge runtime. Extract an auth.config.ts with only
JWT/session callbacks (no DB, no bcrypt) and use NextAuth(authConfig) in
middleware. auth.ts spreads the config and adds the Credentials provider.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/lib/auth.config.ts | 21 +++++++++++++++++++++
 src/lib/auth.ts        | 21 ++-------------------
 src/middleware.ts      |  6 +++++-
 3 files changed, 28 insertions(+), 20 deletions(-)
 create mode 100644 src/lib/auth.config.ts

diff --git a/src/lib/auth.config.ts b/src/lib/auth.config.ts
new file mode 100644
index 0000000..843337e
--- /dev/null
+++ b/src/lib/auth.config.ts
@@ -0,0 +1,21 @@
+import type { NextAuthConfig } from 'next-auth'
+
+// Edge-compatible config — no Node.js-only imports (no Prisma, no bcrypt).
+// Used by middleware for JWT verification. Providers are added in auth.ts.
+export const authConfig = {
+  session: { strategy: 'jwt' as const, maxAge: 60 * 60 },
+  secret: process.env.NEXTAUTH_SECRET,
+  trustHost: true,
+  pages: { signIn: '/login' },
+  callbacks: {
+    jwt({ token, user }) {
+      if (user) token.id = user.id
+      return token
+    },
+    session({ session, token }) {
+      if (token.id) session.user.id = token.id as string
+      return session
+    },
+  },
+  providers: [],
+} satisfies NextAuthConfig
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index c83555a..649325e 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -3,6 +3,7 @@ import Credentials from 'next-auth/providers/credentials'
 import bcrypt from 'bcryptjs'
 import { z } from 'zod'
 import { prisma } from '@/lib/prisma'
+import { authConfig } from '@/lib/auth.config'
 
 const loginSchema = z.object({
   email: z.string().email(),
@@ -10,6 +11,7 @@ const loginSchema = z.object({
 })
 
 export const { handlers, signIn, signOut, auth } = NextAuth({
+  ...authConfig,
   providers: [
     Credentials({
       credentials: {
@@ -32,23 +34,4 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
       },
     }),
   ],
-  session: {
-    strategy: 'jwt',
-    maxAge: 60 * 60, // 1 hour
-  },
-  secret: process.env.NEXTAUTH_SECRET,
-  trustHost: true,
-  pages: {
-    signIn: '/login',
-  },
-  callbacks: {
-    jwt({ token, user }) {
-      if (user) token.id = user.id
-      return token
-    },
-    session({ session, token }) {
-      if (token.id) session.user.id = token.id as string
-      return session
-    },
-  },
 })
diff --git a/src/middleware.ts b/src/middleware.ts
index 53cba91..0f68a82 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -1,6 +1,10 @@
-import { auth } from '@/lib/auth'
+import NextAuth from 'next-auth'
+import { authConfig } from '@/lib/auth.config'
 import { NextResponse, type NextRequest } from 'next/server'
 
+// Use the Edge-compatible config so no Node.js-only modules are bundled here.
+const { auth } = NextAuth(authConfig)
+
 // Process-local store — adequate for a self-hosted single-instance deployment.
 const rateLimitStore = new Map<string, { count: number; resetAt: number }>()
 const RATE_LIMIT = 10