Added email domain restriction and error popup toast

apps/student/auth.ts

@@ -1,6 +1,6 @@
 import NextAuth, { type DefaultSession } from 'next-auth';
 import type { NextAuthConfig } from 'next-auth';
-import Google from "next-auth/providers/google";
+import Google from 'next-auth/providers/google';
 import { db, admins, students } from '@workspace/db';
 import { eq } from '@workspace/db/drizzle';
 
@@ -12,7 +12,7 @@ declare module 'next-auth' {
       studentId?: number;
       completedProfile?: boolean;
       [key: string]: any;
-    } & DefaultSession["user"];
+    } & DefaultSession['user'];
   }
   
   interface JWT {
@@ -32,6 +32,13 @@ declare module 'next/server' {
 const authConfig: NextAuthConfig = {
   providers: [Google],
   callbacks: {
+    async signIn({ user }) {
+      const allowedDomain = process.env.ALLOWED_EMAIL_DOMAIN;
+      if (allowedDomain && user.email && !user.email.endsWith(allowedDomain)) {
+        return false;
+      }
+      return true;
+    },
     async jwt({ token, account, user }) {
       // Only set role, adminId, studentId, and email in JWT
       const email = user?.email || token?.email;
@@ -94,6 +101,9 @@ const authConfig: NextAuthConfig = {
       return session;
     },
   },
+  pages: {
+    error: '/login',
+  },
 };
 
 // Note: TypeScript warnings about inferred types are expected with NextAuth v5 beta