update payload, add oauth2

.env.example

@@ -16,3 +16,6 @@ OPENAI_KEY=secret
 DEEPL_API_KEY=secret
 
 GOTENBERG_PDF_URL=http://localhost:3030
+
+OAUTH_CLIENT_ID=secret
+OAUTH_CLIENT_SECRET=secret

.yarnrc.yml

@@ -31,4 +31,4 @@ supportedArchitectures:
     - current
     - linux
 
-yarnPath: .yarn/releases/yarn-4.4.1.cjs
+yarnPath: .yarn/releases/yarn-4.5.0.cjs

data/cv-pdf/templates/cv-default.pug

@@ -4,7 +4,7 @@ html(lang=cv.locale)
     title #{cv.fullName}
     meta(charset="utf-8")
     script(src='https://unpkg.com/pagedjs/dist/paged.polyfill.js')
-    include includes/roboto-base64
+    include includes/rubik.pug
     style.
       @page {
         size: A4;
@@ -134,7 +134,7 @@ html(lang=cv.locale)
       /* typography */
 
       body {
-        font-family: Roboto, Arial, sans-serif;
+        font-family: Rubik, Arial, sans-serif;
         font-size: 9pt;
         font-weight: 300;
       }

data/cv-pdf/templates/includes/rubik.pug

@@ -0,0 +1,2 @@
+style.
+  @import url('https://fonts.googleapis.com/css2?family=Rubik:ital,wght@0,300..900;1,300..900&display=swap');

docker-compose.dev.yml

@@ -2,7 +2,7 @@ name: tegonal-cv
 
 services:
   postgres:
-    image: postgres:latest
+    image: postgres:16
     ports:
       - "5432:5432"
     environment:

next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/app/building-your-application/configuring/typescript for more information.

next.config.mjs

@@ -1,11 +1,6 @@
-import { withPayload } from '@payloadcms/next/withPayload'
+import { withPayload } from '@payloadcms/next/withPayload';
 
 /** @type {import('next').NextConfig} */
-const nextConfig = {
-  // Your Next.js config here
-  experimental: {
-    reactCompiler: false
-  }
-}
+const nextConfig = {};
 
-export default withPayload(nextConfig)
+export default withPayload(nextConfig);

package.json

@@ -1,5 +1,5 @@
 {
-  "name": "tegonal-cv",
+  "name": "cv-manager",
   "version": "0.1.0",
   "private": true,
   "type": "module",
@@ -23,43 +23,45 @@
     "node": "^18.20.2 || >=20.9.0"
   },
   "dependencies": {
-    "@lexical/headless": "0.17.0",
-    "@lexical/html": "0.17.0",
-    "@payloadcms/db-postgres": "3.0.0-beta.91",
-    "@payloadcms/email-nodemailer": "3.0.0-beta.91",
-    "@payloadcms/next": "3.0.0-beta.91",
-    "@payloadcms/richtext-lexical": "3.0.0-beta.91",
-    "@payloadcms/storage-s3": "3.0.0-beta.91",
-    "@payloadcms/ui": "3.0.0-beta.91",
+    "@lexical/headless": "0.18.0",
+    "@lexical/html": "0.18.0",
+    "@payloadcms/db-postgres": "3.0.0-beta.111",
+    "@payloadcms/email-nodemailer": "3.0.0-beta.111",
+    "@payloadcms/next": "3.0.0-beta.111",
+    "@payloadcms/richtext-lexical": "3.0.0-beta.111",
+    "@payloadcms/storage-s3": "3.0.0-beta.111",
+    "@payloadcms/ui": "3.0.0-beta.111",
     "babel-plugin-react-compiler": "0.0.0-experimental-48eb8f4-20240822",
     "cross-env": "^7.0.3",
     "flatley": "^5.2.0",
     "gotenberg-js-client": "^0.7.4",
     "graphql": "^16.8.2",
-    "jsdom": "^25.0.0",
-    "ky": "^1.7.1",
+    "jsdom": "^25.0.1",
+    "ky": "^1.7.2",
     "lodash-es": "^4.17.21",
     "mime-types": "^2.1.35",
-    "next": "15.0.0-canary.104",
-    "nodemailer": "^6.9.14",
-    "payload": "3.0.0-beta.91",
+    "next": "15.0.0-canary.173",
+    "nodemailer": "^6.9.15",
+    "payload": "3.0.0-beta.111",
+    "payload-oauth2": "^1.0.3",
     "pug": "^3.0.3",
-    "react": "19.0.0-rc-06d0b89e-20240801",
-    "react-dom": "19.0.0-rc-06d0b89e-20240801",
-    "react-i18next": "^14.1.2",
+    "react": "19.0.0-rc-3edc000d-20240926",
+    "react-dom": "19.0.0-rc-3edc000d-20240926",
+    "react-i18next": "^14.1.3",
     "react-router-dom": "5.3.4",
     "sharp": "0.32.6",
+    "swr": "^2.2.5",
     "tslog": "^4.9.3"
   },
   "devDependencies": {
-    "@payloadcms/graphql": "3.0.0-beta.91",
+    "@payloadcms/graphql": "3.0.0-beta.111",
     "@swc/core": "1.5.7",
-    "@tailwindcss/typography": "^0.5.14",
+    "@tailwindcss/typography": "^0.5.15",
     "@types/jsdom": "^21.1.7",
     "@types/lodash-es": "^4.17.12",
     "@types/mime-types": "^2.1.4",
-    "@types/node": "^20.16.1",
-    "@types/nodemailer": "^6.4.15",
+    "@types/node": "^20.16.10",
+    "@types/nodemailer": "^6.4.16",
     "@types/prettier": "^3.0.0",
     "@types/pug": "^2.0.10",
     "@types/react": "npm:[email protected]",
@@ -69,20 +71,20 @@
     "@typescript-eslint/parser": "7.18.0",
     "autoprefixer": "^10.4.20",
     "dotenv": "^16.4.5",
-    "eslint": "^8.57.0",
+    "eslint": "^8.57.1",
     "eslint-config-next": "15.0.0-rc.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-jsonc": "^2.16.0",
     "eslint-plugin-prettier": "^5.2.1",
-    "postcss": "^8.4.41",
+    "postcss": "^8.4.47",
     "prettier": "^3.3.3",
     "prettier-plugin-tailwindcss": "^0.6.6",
-    "tailwindcss": "^3.4.10",
-    "typescript": "5.5.4"
+    "tailwindcss": "^3.4.13",
+    "typescript": "5.6.2"
   },
   "overrides": {
     "@types/react": "npm:[email protected]",
     "@types/react-dom": "npm:[email protected]"
   },
-  "packageManager": "yarn@4.4.1"
+  "packageManager": "yarn@4.5.0"
 }

payload.config.ts

@@ -19,6 +19,8 @@ import { Skills } from '@/payload/collections/Skills';
 import { Levels } from '@/payload/collections/Level';
 import { Companies } from '@/payload/collections/Companies';
 import { Projects } from '@/payload/collections/Projects';
+import { OAuth2Plugin } from 'payload-oauth2';
+import { ROLE_USER } from '@/payload/utilities/constants';
 
 const filename = fileURLToPath(import.meta.url);
 const dirname = path.dirname(filename);
@@ -64,6 +66,9 @@ export default buildConfig({
         }
       : {}),
     user: Users.slug,
+    components: {
+      afterLogin: ['src/payload/components/oauth-login-button#OAuthLoginButton'],
+    },
   },
   email: nodemailerAdapter({
     defaultFromAddress: process.env.SMTP_FROM_ADDRESS || '',
@@ -102,6 +107,50 @@ export default buildConfig({
       collections: [CV.slug],
       gotenbergUrl: process.env.GOTENBERG_PDF_URL || 'http://localhost:3030',
     }),
+    OAuth2Plugin({
+      strategyName: 'oauth2',
+      useEmailAsIdentity: false,
+      enabled: true,
+      serverURL: process.env.NEXT_PUBLIC_URL || 'http://localhost:3000',
+      authCollection: Users.slug,
+      clientId: process.env.OAUTH_CLIENT_ID || '',
+      clientSecret: process.env.OAUTH_CLIENT_SECRET || '',
+      tokenEndpoint: 'https://scm.tegonal.com/oauth/token',
+      scopes: ['email', 'profile', 'openid'],
+      providerAuthorizationUrl: 'https://scm.tegonal.com/oauth/authorize',
+      getUserInfo: async (accessToken: string) => {
+        try {
+          const response = await fetch('https://scm.tegonal.com/oauth/userinfo', {
+            headers: { Authorization: `Bearer ${accessToken}` },
+          });
+          const user = await response.json();
+          console.log(user);
+          return {
+            email: user.email,
+            sub: user.sub,
+            roles: [ROLE_USER],
+            selectedOrganisation: 1,
+            organisations: [
+              {
+                organisation: 1,
+                roles: [ROLE_USER],
+              },
+            ],
+          };
+        } catch (error) {
+          console.error(error);
+          return null;
+        }
+      },
+      successRedirect: () => {
+        console.log('Login successful, redirecting to /admin');
+        return '/admin';
+      },
+      failureRedirect: (req, error) => {
+        console.error(error);
+        return '/oauth-error';
+      },
+    }),
   ],
   telemetry: false,
   // Sharp is now an optional dependency -

src/app/(payload)/admin/[[...segments]]/not-found.tsx

@@ -7,12 +7,12 @@ import { generatePageMetadata, NotFoundPage } from '@payloadcms/next/views';
 import { importMap } from '@/app/(payload)/admin/importMap';
 
 type Args = {
-  params: {
+  params: Promise<{
     segments: string[];
-  };
-  searchParams: {
+  }>;
+  searchParams: Promise<{
     [key: string]: string | string[];
-  };
+  }>;
 };
 
 export const generateMetadata = ({ params, searchParams }: Args): Promise<Metadata> =>

src/app/(payload)/admin/[[...segments]]/page.tsx

@@ -7,12 +7,12 @@ import { generatePageMetadata, RootPage } from '@payloadcms/next/views';
 import { importMap } from '@/app/(payload)/admin/importMap';
 
 type Args = {
-  params: {
+  params: Promise<{
     segments: string[];
-  };
-  searchParams: {
+  }>;
+  searchParams: Promise<{
     [key: string]: string | string[];
-  };
+  }>;
 };
 
 export const generateMetadata = ({ params, searchParams }: Args): Promise<Metadata> =>

src/app/(payload)/admin/importMap.js

@@ -23,6 +23,7 @@ import { BoldFeatureClient as BoldFeatureClient_21 } from '@payloadcms/richtext-
 import { ItalicFeatureClient as ItalicFeatureClient_22 } from '@payloadcms/richtext-lexical/client';
 import { RowLabelFirstText as RowLabelFirstText_23 } from 'src/payload/collections/utils/row-label-first-text.tsx';
 import { SaveButtonReplacer as SaveButtonReplacer_24 } from 'src/payload/plugins/cv-pdf-generator/ui/saveButtonReplacer.tsx';
+import { OAuthLoginButton as OAuthLoginButton_25 } from 'src/payload/components/oauth-login-button';
 
 export const importMap = {
   '@payloadcms/richtext-lexical/client#RichTextCell': RichTextCell_0,
@@ -52,4 +53,5 @@ export const importMap = {
   '/src/payload/collections/utils/row-label-first-text.tsx#RowLabelFirstText': RowLabelFirstText_23,
   '/src/payload/plugins/cv-pdf-generator/ui/saveButtonReplacer.tsx#SaveButtonReplacer':
     SaveButtonReplacer_24,
+  'src/payload/components/oauth-login-button#OAuthLoginButton': OAuthLoginButton_25,
 };

src/payload/collections/Organisations/index.ts

@@ -4,6 +4,7 @@ import { superAdmins } from '@/payload/access/superAdmins';
 import { organisationAdmins } from '@/payload/collections/Organisations/access/organisationAdmins';
 import { createdByField } from '@/payload/fields/created-by';
 import { updatedByField } from '@/payload/fields/updated-by';
+import { ROLE_SUPER_ADMIN } from '@/payload/utilities/constants';
 
 export const Organisations: CollectionConfig = {
   slug: 'organisations',
@@ -14,6 +15,9 @@ export const Organisations: CollectionConfig = {
   admin: {
     group: I18nCollection.collectionGroup.settings,
     useAsTitle: 'name',
+    hidden: (user) => {
+      return !user?.user?.roles?.includes(ROLE_SUPER_ADMIN);
+    },
   },
   access: {
     create: superAdmins,

src/payload/collections/Users/access/adminsAndSelf.ts

@@ -1,7 +1,6 @@
 import type { Access, AccessResult } from 'payload';
 
 import { isAdmin } from '@/payload/utilities/isAdmin';
-import { ROLE_SUPER_ADMIN } from '@/payload/utilities/constants';
 import { User } from '@/types/payload-types';
 import { getIdFromRelation } from '@/payload/utilities/getIdFromRelation';
 
@@ -14,34 +13,39 @@ export const adminsAndSelf: Access<User> = async ({ req: { user } }): Promise<Ac
     return true;
   }
 
-  // allow users to read themselves and any users within the organisationsAccess they are admins of
+  if (!isSuper) {
+    return {
+      id: {
+        equals: user.id,
+      },
+    };
+  }
+
+  // allow users to read themselves and any users within the isCurrentlySelectedOrganisationAccess they are admins of
   return {
     or: [
       {
         id: {
           equals: user.id,
         },
       },
-      ...(isSuper
-        ? [
-            {
-              'organisations.organisation': {
-                in: [getIdFromRelation(user.selectedOrganisation)].filter(
-                  (id): id is string | number => id !== null,
-                ),
-              },
-            },
-          ]
-        : user?.organisations
-            ?.map(({ organisation, roles }) =>
-              roles.includes(ROLE_SUPER_ADMIN) ? getIdFromRelation(organisation) : null,
-            )
-            .filter((id): id is string | number => id !== null)
-            .map((id) => ({
-              'organisations.organisation': {
-                in: [id],
-              },
-            })) || []),
+      {
+        'organisations.organisation': {
+          in: [getIdFromRelation(user.selectedOrganisation)].filter(
+            (id): id is string | number => id !== null,
+          ),
+        },
+      },
+      // : user?.organisations
+      //     ?.map(({ organisation, roles }) =>
+      //       roles.includes(ROLE_SUPER_ADMIN) ? getIdFromRelation(organisation) : null,
+      //     )
+      //     .filter((id): id is string | number => id !== null)
+      //     .map((id) => ({
+      //       'organisations.organisation': {
+      //         in: [id],
+      //       },
+      //     })) || []),
     ],
   };
 };

src/payload/collections/Users/hooks/loginAfterCreate.ts

@@ -9,6 +9,8 @@ export const loginAfterCreate: CollectionAfterChangeHook = async ({
   if (operation === 'create' && !req.user) {
     const { email, password } = body as any;
 
+    console.log(body);
+
     if (email && password) {
       const { user, token } = await payload.login({
         collection: 'users',