alma/Neah
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

session correction logout 3 rest 4 major

Browse Source
This commit is contained in:
alma 2025-04-18 12:43:45 +02:00
parent 3886c4ef6a
commit 50cf9ca06b
3 changed files with 195 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
app/api/auth/[...nextauth]/route.ts
View File

@ -1,26 +1,11 @@
import NextAuth, { NextAuthOptions } from "next-auth"; import NextAuth, { NextAuthOptions } from "next-auth";
import KeycloakProvider from "next-auth/providers/keycloak"; import KeycloakProvider from "next-auth/providers/keycloak";
import { prisma } from '@/lib/prisma'; import { prisma } from '@/lib/prisma';
import { ExtendedJWT, ExtendedSession, ServiceToken, invalidateServiceTokens } from '@/lib/session';
import { Session } from "next-auth";
declare module "next-auth" { declare module "next-auth" {
interface Session { interface Session extends ExtendedSession {}
user: {
id: string;
name?: string | null;
email?: string | null;
image?: string | null;
username: string;
first_name: string;
last_name: string;
role: string[];
};
accessToken: string;
refreshToken?: string;
rocketChatToken?: string | null;
rocketChatUserId?: string | null;
error?: string;
}
interface JWT { interface JWT {
accessToken?: string; accessToken?: string;
refreshToken?: string; refreshToken?: string;
@ -29,8 +14,15 @@ declare module "next-auth" {
username?: string; username?: string;
first_name?: string; first_name?: string;
last_name?: string; last_name?: string;
name?: string; name?: string | null;
email?: string; email?: string | null;
serviceTokens: {
rocketChat?: ServiceToken;
leantime?: ServiceToken;
calendar?: ServiceToken;
mail?: ServiceToken;
[key: string]: ServiceToken | undefined;
};
} }
} }
@ -45,9 +37,9 @@ function getRequiredEnvVar(name: string): string {
export const authOptions: NextAuthOptions = { export const authOptions: NextAuthOptions = {
providers: [ providers: [
KeycloakProvider({ KeycloakProvider({
clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"), clientId: process.env.KEYCLOAK_CLIENT_ID!,
clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"), clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"), issuer: process.env.KEYCLOAK_ISSUER!,
profile(profile) { profile(profile) {
return { return {
id: profile.sub, id: profile.sub,
@ -111,20 +103,8 @@ export const authOptions: NextAuthOptions = {
} }
try { try {
console.log('Attempting to create/update user:', {
id: user.id,
email: user.email
});
// First check if user exists
const existingUser = await prisma.user.findUnique({
where: { id: user.id }
});
console.log('Existing user check:', existingUser);
// Create or update user in local database // Create or update user in local database
const result = await prisma.user.upsert({ await prisma.user.upsert({
where: { id: user.id }, where: { id: user.id },
update: { update: {
email: user.email, email: user.email,
@ -137,7 +117,6 @@ export const authOptions: NextAuthOptions = {
}, },
}); });
console.log('User upsert result:', result);
return true; return true;
} catch (error) { } catch (error) {
console.error('Error in signIn callback:', error); console.error('Error in signIn callback:', error);
@ -145,40 +124,62 @@ export const authOptions: NextAuthOptions = {
} }
}, },
async session({ session, token }) { async session({ session, token }) {
if (session?.user && token.sub) { const extendedSession = session as ExtendedSession;
session.user.id = token.sub; const extendedToken = token as ExtendedJWT;
session.user.name = token.name ?? null;
session.user.email = token.email ?? null; if (extendedSession?.user && extendedToken.sub) {
session.user.username = token.username ?? ''; extendedSession.user.id = extendedToken.sub;
session.user.first_name = token.first_name ?? ''; extendedSession.user.username = extendedToken.username ?? '';
session.user.last_name = token.last_name ?? ''; extendedSession.user.first_name = extendedToken.first_name ?? '';
session.user.role = token.role ?? []; extendedSession.user.last_name = extendedToken.last_name ?? '';
session.accessToken = token.accessToken ?? ''; extendedSession.user.role = extendedToken.role ?? [];
session.refreshToken = token.refreshToken ?? ''; extendedSession.accessToken = extendedToken.accessToken ?? '';
session.rocketChatToken = token.rocketChatToken ?? null; extendedSession.refreshToken = extendedToken.refreshToken;
session.rocketChatUserId = token.rocketChatUserId ?? null; extendedSession.serviceTokens = extendedToken.serviceTokens ?? {};
if (token.error) {
session.error = token.error;
}
} }
return session;
return extendedSession;
}, },
async jwt({ token, user, account }) { async jwt({ token, user, account }) {
const extendedToken = token as ExtendedJWT;
if (user) { if (user) {
token.sub = user.id; extendedToken.role = user.role;
token.name = user.name; extendedToken.username = user.username;
token.email = user.email; extendedToken.first_name = user.first_name;
token.username = user.username; extendedToken.last_name = user.last_name;
token.first_name = user.first_name;
token.last_name = user.last_name;
token.role = user.role;
} }
if (account) { if (account) {
token.accessToken = account.access_token; extendedToken.accessToken = account.access_token;
token.refreshToken = account.refresh_token; extendedToken.refreshToken = account.refresh_token;
token.accessTokenExpires = account.expires_at ? account.expires_at * 1000 : 0; extendedToken.accessTokenExpires = account.expires_at;
extendedToken.serviceTokens = {};
}
return extendedToken;
}
},
events: {
async signOut({ token }) {
const extendedToken = token as ExtendedJWT;
if (extendedToken.sub) {
await invalidateServiceTokens({
user: {
id: extendedToken.sub,
name: extendedToken.name ?? null,
email: extendedToken.email ?? null,
username: extendedToken.username ?? '',
first_name: extendedToken.first_name ?? '',
last_name: extendedToken.last_name ?? '',
role: extendedToken.role ?? [],
},
accessToken: extendedToken.accessToken ?? '',
refreshToken: extendedToken.refreshToken,
serviceTokens: extendedToken.serviceTokens ?? {},
expires: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(),
} as ExtendedSession);
} }
return token;
} }
}, },
pages: { pages: {

35
components/main-nav.tsx
View File

@ -349,10 +349,37 @@ export function MainNav() {
))} ))}
<DropdownMenuItem <DropdownMenuItem
className="text-white/80 hover:text-white hover:bg-black/50 cursor-pointer" className="text-white/80 hover:text-white hover:bg-black/50 cursor-pointer"
onClick={() => signOut({ onClick={async () => {
callbackUrl: '/signin', try {
redirect: true // First sign out from NextAuth
})} await signOut({
callbackUrl: '/signin',
redirect: false
});
// Then redirect to Keycloak logout with proper parameters
const keycloakLogoutUrl = new URL(
`${process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER}/protocol/openid-connect/logout`
);
// Add required parameters
keycloakLogoutUrl.searchParams.append(
'post_logout_redirect_uri',
window.location.origin
);
keycloakLogoutUrl.searchParams.append(
'id_token_hint',
session?.accessToken || ''
);
// Redirect to Keycloak logout
window.location.href = keycloakLogoutUrl.toString();
} catch (error) {
console.error('Error during logout:', error);
// Fallback to simple redirect if something goes wrong
window.location.href = '/signin';
}
}}
> >
<LogOut className="mr-2 h-4 w-4" /> <LogOut className="mr-2 h-4 w-4" />
<span>Déconnexion</span> <span>Déconnexion</span>

99
lib/session.ts Normal file
View File

@ -0,0 +1,99 @@
import { Session } from "next-auth";
import { JWT } from "next-auth/jwt";
import { DefaultSession } from "next-auth";
export interface ServiceToken {
token: string;
userId: string;
expiresAt: number;
}
export interface ExtendedSession extends DefaultSession {
user: {
id: string;
name?: string | null;
email?: string | null;
image?: string | null;
username: string;
first_name: string;
last_name: string;
role: string[];
};
accessToken: string;
refreshToken?: string;
serviceTokens: {
rocketChat?: ServiceToken;
leantime?: ServiceToken;
calendar?: ServiceToken;
mail?: ServiceToken;
[key: string]: ServiceToken | undefined;
};
expires: string;
}
export interface ExtendedJWT extends JWT {
accessToken?: string;
refreshToken?: string;
accessTokenExpires?: number;
role?: string[];
username?: string;
first_name?: string;
last_name?: string;
name?: string | null;
email?: string | null;
serviceTokens: {
rocketChat?: ServiceToken;
leantime?: ServiceToken;
calendar?: ServiceToken;
mail?: ServiceToken;
[key: string]: ServiceToken | undefined;
};
}
export async function invalidateServiceTokens(session: ExtendedSession) {
const serviceEndpoints = {
rocketChat: `${process.env.NEXT_PUBLIC_IFRAME_PAROLE_URL?.split('/channel')[0]}/api/v1/logout`,
leantime: `${process.env.LEANTIME_API_URL}/api/jsonrpc`,
// Add other service endpoints as needed
};
const invalidatePromises = Object.entries(session.serviceTokens).map(async ([service, token]) => {
if (!token) return;
try {
const endpoint = serviceEndpoints[service as keyof typeof serviceEndpoints];
if (!endpoint) return;
await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
...(service === 'rocketChat' ? {
'X-Auth-Token': token.token,
'X-User-Id': token.userId,
} : {}),
...(service === 'leantime' ? {
'X-API-Key': process.env.LEANTIME_TOKEN!,
} : {}),
},
body: service === 'leantime' ? JSON.stringify({
jsonrpc: '2.0',
method: 'leantime.rpc.auth.logout',
id: 1
}) : undefined,
});
} catch (error) {
console.error(`Error invalidating ${service} token:`, error);
}
});
await Promise.all(invalidatePromises);
}
export function clearAllCookies() {
const cookies = document.cookie.split(';');
for (const cookie of cookies) {
const [name] = cookie.split('=');
document.cookie = `${name.trim()}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
}
}