User Accounts

User accounts are managed with NextAuth.js for authentication, Prisma for persistence, and role-based access control (RBAC) for admin and fundraiser features.

Architecture

Authentication

Authentication is handled by NextAuth.js with the Prisma adapter. The configuration lives in lib/auth.ts and is exposed at /api/auth/[...nextauth].

Session Access

Server components use getServerSession(authOptions) to access the session:

const session = await getServerSession(authOptions)
if (!session?.user?.id) {
  redirect('/auth/signin?callbackUrl=/account')
}

Client components use the useSession() hook from next-auth/react.

User Roles

The UserRole enum defines access levels:

Role-based access is enforced via getCurrentUser() and hasPermission() from lib/rbac.ts.

Account Dashboard

The /account page displays:

• Welcome message with user name and email
• User role badge
• 5 most recent orders with OrderCard component
• Quick links to:
  • View Orders -- full order history
  • Account Settings -- profile management
  • Fundraising Portal -- visible for FUNDRAISER role users

Account Settings

The /account/settings page allows users to:

• Update display name
• Change email address
• Manage notification preferences

Wholesale Accounts

Users can apply for wholesale accounts which, when approved with a resale number, grant tax-exempt status. The wholesale account relationship is checked during tax calculation:

const user = await prisma.user.findUnique({
  where: { email: customerEmail },
  include: { wholesaleAccount: true },
})

Protected Routes