// src/pages/api/auth/[...nextauth].js import NextAuth from "next-auth"; import CredentialsProvider from "next-auth/providers/credentials"; import axios from "axios"; import https from "https"; const httpsAgent = new https.Agent({ rejectUnauthorized: false, // ❗ jangan dipakai di production! }); export default NextAuth({ providers: [ CredentialsProvider({ name: "Credentials", credentials: { username: { label: "Username", type: "text" }, password: { label: "Password", type: "password" }, }, async authorize(credentials) { try { const res = await axios.post(`${process.env.NEXT_PUBLIC_API_URL}/login`, { username: credentials.username, password: credentials.password, }, {httpsAgent}); const response = res.data; console.log(response); if (response.success && response.data.token) { const user = response.data.data; return { id: user.id, name: user.name, username: user.username, nip: user.nip, token: response.data.token, }; } return null; } catch (error) { console.error("Login failed:", error.response?.data || error.message); return null; } }, }), ], callbacks: { async jwt({ token, user }) { if (user) { token.accessToken = user.token; token.username = user.username; token.nip = user.nip; } return token; }, async session({ session, token }) { session.accessToken = token.accessToken; session.username = token.username; session.nip = token.nip; return session; }, }, pages: { signIn: "/login", }, session: { strategy: "jwt", maxAge: 15 * 60, // Session berlaku 15 menit updateAge: 5 * 60, // Perpanjangan otomatis setiap 5 menit jika aktif }, jwt: { maxAge: 15 * 60, // JWT juga 15 menit }, secret: process.env.NEXTAUTH_SECRET, });