session correction sidebar items 8

2025-04-18 15:10:03 +02:00 · 2025-04-18 15:10:03 +02:00 · 64c8fed9f4
commit 64c8fed9f4
parent c3ba88177a
13 changed files with 456 additions and 0 deletions
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@ -1,5 +1,6 @@
 import NextAuth, { NextAuthOptions } from "next-auth";
 import KeycloakProvider from "next-auth/providers/keycloak";
 import { jwtDecode } from "jwt-decode";
 interface KeycloakProfile {
  sub: string;
@ -14,6 +15,13 @@ interface KeycloakProfile {
  };
 }
 interface DecodedToken {
  realm_access?: {
    roles: string[];
  };
  [key: string]: any;
 }
 declare module "next-auth" {
  interface Session {
    user: {
@ -170,6 +178,27 @@ export const authOptions: NextAuthOptions = {
          tokenRoles: token.role,
          token
        });
      } else if (token.accessToken) {
        // Decode the token to get roles
        try {
          const decoded = jwtDecode<DecodedToken>(token.accessToken);
          console.log('Decoded token:', decoded);
          if (decoded.realm_access?.roles) {
            const roles = decoded.realm_access.roles;
            console.log('Decoded token roles:', roles);
            // Clean up roles by removing ROLE_ prefix and converting to lowercase
            const cleanRoles = roles.map((role: string) => 
              role.replace(/^ROLE_/, '').toLowerCase()
            );
            console.log('Decoded token cleaned roles:', cleanRoles);
            token.role = cleanRoles;
          }
        } catch (error) {
          console.error('Error decoding token:', error);
        }
      }
      if (Date.now() < (token.accessTokenExpires as number) * 1000) {
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@ -3495,6 +3495,15 @@
      "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==",
      "license": "MIT"
    },
    "node_modules/jwt-decode": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
      "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
      "license": "MIT",
      "engines": {
        "node": ">=18"
      }
    },
    "node_modules/leac": {
      "version": "0.6.0",
      "resolved": "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz",
--- a/node_modules/jwt-decode/LICENSE
+++ b/node_modules/jwt-decode/LICENSE
@ -0,0 +1,21 @@
 The MIT License (MIT)
 Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/node_modules/jwt-decode/README.md
+++ b/node_modules/jwt-decode/README.md
@ -0,0 +1,134 @@
 ![Browser library that helps decoding JWT tokens which are Base64Url encoded](https://cdn.auth0.com/website/sdks/banners/jwt-decode-banner.png)
 **IMPORTANT:** This library doesn't validate the token, any well-formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Microsoft.AspNetCore.Authentication.JwtBearer](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.JwtBearer), etc.
 ![Release](https://img.shields.io/npm/v/jwt-decode)
 ![Downloads](https://img.shields.io/npm/dw/jwt-decode)
 [![License](https://img.shields.io/:license-MIT-blue.svg?style=flat)](https://opensource.org/licenses/MIT)
 [![CircleCI](https://img.shields.io/circleci/build/github/auth0/jwt-decode)](https://circleci.com/gh/auth0/jwt-decode)
 :books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :speech_balloon: [Feedback](#feedback)
 ## Documentation
 - [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0.
 ## Getting started
 ### Installation
 Install with NPM or Yarn.
 Run `npm install jwt-decode` or `yarn add jwt-decode` to install the library.
 ### Usage
 ```js
 import { jwtDecode } from "jwt-decode";
 const token = "eyJ0eXAiO.../// jwt token";
 const decoded = jwtDecode(token);
 console.log(decoded);
 /* prints:
 * { 
 *   foo: "bar",
 *   exp: 1393286893,
 *   iat: 1393268893  
 * }
 */
 // decode header by passing in options (useful for when you need `kid` to verify a JWT):
 const decodedHeader = jwtDecode(token, { header: true });
 console.log(decodedHeader);
 /* prints:
 * { 
 *   typ: "JWT",
 *   alg: "HS256" 
 * }
 */
 ```
 **Note:** A falsy or malformed token will throw an `InvalidTokenError` error; see below for more information on specific errors.
 ## Errors
 This library works with valid JSON web tokens. The basic format of these token is
 ```
 [part1].[part2].[part3]
 ```
 All parts are supposed to be valid base64 (url) encoded json.
 Depending on the `{ header: <option> }` option it will decode part 1 (only if header: true is specified) or part 2 (default)
 Not adhering to the format will result in a `InvalidTokenError` with one of the following messages:
 - `Invalid token specified: must be a string` => the token passed was not a string, this library only works on strings. 
 - `Invalid token specified: missing part #` => this probably means you are missing a dot (`.`) in the token 
 - `Invalid token specified: invalid base64 for part #` => the part could not be base64 decoded (the message should contain the error the base64 decoder gave)
 - `Invalid token specified: invalid json for part #` => the part was correctly base64 decoded, however, the decoded value was not valid JSON (the message should contain the error the JSON parser gave)
 #### Use with TypeScript
 The return type of the `jwtDecode` function is determined by the `header` property of the object passed as the second argument. If omitted (or set to false), it'll use `JwtPayload`, when true it will use `JwtHeader`. 
 If needed, you can specify what the expected return type should be by passing a type argument to the `jwtDecode` function.
 You can extend both `JwtHeader` and `JwtPayload` to include non-standard claims or properties.
 ```typescript
 import { jwtDecode } from "jwt-decode";
 const token = "eyJhsw5c";
 const decoded = jwtDecode<JwtPayload>(token); // Returns with the JwtPayload type
 ```
 #### Use as a CommonJS package
 ```javascript
 const { jwtDecode } = require('jwt-decode');
 ...
 ```
 #### Include with a script tag
 Copy the file `jwt-decode.js` from the root of the `build/esm` folder to your project somewhere, then import `jwtDecode` from it inside a script tag that's marked with `type="module"`:
 ```html
 <script type="module">
  import { jwtDecode } from "/path/to/jwt-decode.js";
  const token = "eyJhsw5c";
  const decoded = jwtDecode(token);
 </script>
 ```
 ## Feedback
 ### Contributing
 We appreciate feedback and contribution to this repo! Before you get started, please see the following:
 - [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
 - [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
 ### Raise an issue
 To provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/jwt-decode/issues).
 ### Vulnerability Reporting
 Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
 ---
 <p align="center">
  <picture>
    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png"   width="150">
    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
  </picture>
 </p>
 <p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
 <p align="center">
 This project is licensed under the MIT license. See the <a href="./LICENSE"> LICENSE</a> file for more info.</p>
--- a/node_modules/jwt-decode/build/cjs/index.d.ts
+++ b/node_modules/jwt-decode/build/cjs/index.d.ts
@ -0,0 +1,23 @@
 export interface JwtDecodeOptions {
    header?: boolean;
 }
 export interface JwtHeader {
    typ?: string;
    alg?: string;
    kid?: string;
 }
 export interface JwtPayload {
    iss?: string;
    sub?: string;
    aud?: string[] | string;
    exp?: number;
    nbf?: number;
    iat?: number;
    jti?: string;
 }
 export declare class InvalidTokenError extends Error {
 }
 export declare function jwtDecode<T = JwtHeader>(token: string, options: JwtDecodeOptions & {
    header: true;
 }): T;
 export declare function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;
--- a/node_modules/jwt-decode/build/cjs/index.js
+++ b/node_modules/jwt-decode/build/cjs/index.js
@ -0,0 +1,62 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.jwtDecode = exports.InvalidTokenError = void 0;
 class InvalidTokenError extends Error {
 }
 exports.InvalidTokenError = InvalidTokenError;
 InvalidTokenError.prototype.name = "InvalidTokenError";
 function b64DecodeUnicode(str) {
    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {
        let code = p.charCodeAt(0).toString(16).toUpperCase();
        if (code.length < 2) {
            code = "0" + code;
        }
        return "%" + code;
    }));
 }
 function base64UrlDecode(str) {
    let output = str.replace(/-/g, "+").replace(/_/g, "/");
    switch (output.length % 4) {
        case 0:
            break;
        case 2:
            output += "==";
            break;
        case 3:
            output += "=";
            break;
        default:
            throw new Error("base64 string is not of the correct length");
    }
    try {
        return b64DecodeUnicode(output);
    }
    catch (err) {
        return atob(output);
    }
 }
 function jwtDecode(token, options) {
    if (typeof token !== "string") {
        throw new InvalidTokenError("Invalid token specified: must be a string");
    }
    options || (options = {});
    const pos = options.header === true ? 0 : 1;
    const part = token.split(".")[pos];
    if (typeof part !== "string") {
        throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
    }
    let decoded;
    try {
        decoded = base64UrlDecode(part);
    }
    catch (e) {
        throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);
    }
    try {
        return JSON.parse(decoded);
    }
    catch (e) {
        throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);
    }
 }
 exports.jwtDecode = jwtDecode;
--- a/node_modules/jwt-decode/build/cjs/package.json
+++ b/node_modules/jwt-decode/build/cjs/package.json
@ -0,0 +1 @@
 {"type": "commonjs"}
--- a/node_modules/jwt-decode/build/esm/index.d.ts
+++ b/node_modules/jwt-decode/build/esm/index.d.ts
@ -0,0 +1,23 @@
 export interface JwtDecodeOptions {
    header?: boolean;
 }
 export interface JwtHeader {
    typ?: string;
    alg?: string;
    kid?: string;
 }
 export interface JwtPayload {
    iss?: string;
    sub?: string;
    aud?: string[] | string;
    exp?: number;
    nbf?: number;
    iat?: number;
    jti?: string;
 }
 export declare class InvalidTokenError extends Error {
 }
 export declare function jwtDecode<T = JwtHeader>(token: string, options: JwtDecodeOptions & {
    header: true;
 }): T;
 export declare function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;
--- a/node_modules/jwt-decode/build/esm/index.js
+++ b/node_modules/jwt-decode/build/esm/index.js
@ -0,0 +1,57 @@
 export class InvalidTokenError extends Error {
 }
 InvalidTokenError.prototype.name = "InvalidTokenError";
 function b64DecodeUnicode(str) {
    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {
        let code = p.charCodeAt(0).toString(16).toUpperCase();
        if (code.length < 2) {
            code = "0" + code;
        }
        return "%" + code;
    }));
 }
 function base64UrlDecode(str) {
    let output = str.replace(/-/g, "+").replace(/_/g, "/");
    switch (output.length % 4) {
        case 0:
            break;
        case 2:
            output += "==";
            break;
        case 3:
            output += "=";
            break;
        default:
            throw new Error("base64 string is not of the correct length");
    }
    try {
        return b64DecodeUnicode(output);
    }
    catch (err) {
        return atob(output);
    }
 }
 export function jwtDecode(token, options) {
    if (typeof token !== "string") {
        throw new InvalidTokenError("Invalid token specified: must be a string");
    }
    options || (options = {});
    const pos = options.header === true ? 0 : 1;
    const part = token.split(".")[pos];
    if (typeof part !== "string") {
        throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
    }
    let decoded;
    try {
        decoded = base64UrlDecode(part);
    }
    catch (e) {
        throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);
    }
    try {
        return JSON.parse(decoded);
    }
    catch (e) {
        throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);
    }
 }
--- a/node_modules/jwt-decode/package.json
+++ b/node_modules/jwt-decode/package.json
@ -0,0 +1,81 @@
 {
  "name": "jwt-decode",
  "version": "4.0.0",
  "description": "Decode JWT tokens, mostly useful for browser applications.",
  "type": "module",
  "main": "build/cjs/index.js",
  "module": "build/esm/index.js",
  "types": "build/cjs/index.d.ts",
  "exports": {
    ".": {
      "import": {
        "types": "./build/esm/index.d.ts",
        "default": "./build/esm/index.js"
      },
      "require": {
        "types": "./build/cjs/index.d.ts",
        "default": "./build/cjs/index.js"
      }
    }
  },
  "keywords": [
    "jwt",
    "browser"
  ],
  "repository": {
    "type": "git",
    "url": "git://github.com/auth0/jwt-decode"
  },
  "url": "https://github.com/auth0/jwt-decode/issues",
  "homepage": "https://github.com/auth0/jwt-decode#readme",
  "scripts": {
    "dev": "concurrently --kill-others \"npm run build:watch\" \"npm run dev:server\"",
    "dev:server": "browser-sync start --config bs-config.json",
    "prebuild": "shx rm -rf ./build && shx mkdir -p ./build/cjs && shx echo '{\"type\": \"commonjs\"}'> build/cjs/package.json",
    "build": "tsc -b ./tsconfig.cjs.json ./tsconfig.esm.json",
    "build:watch": "npm run build -- --watch",
    "lint": "eslint .",
    "lint:package": "publint",
    "test": "npm run test:node && npm run test:browser",
    "test:node": "NODE_OPTIONS='--experimental-vm-modules --no-warnings' jest --coverage",
    "test:browser": "NODE_OPTIONS='--experimental-vm-modules --no-warnings' jest --coverage --testEnvironment=jsdom",
    "prepack": "npm run build",
    "prepare": "husky install"
  },
  "author": "Jose F. Romaniello <jfromaniello@gmail.com>",
  "contributors": [
    "Sam Bellen <sam.bellen@auth0.com>"
  ],
  "license": "MIT",
  "devDependencies": {
    "@babel/core": "7.23.2",
    "@typescript-eslint/eslint-plugin": "^6.4.1",
    "@typescript-eslint/parser": "^6.4.1",
    "browser-sync": "^2.29.3",
    "concurrently": "^8.2.0",
    "eslint": "^8.48.0",
    "eslint-config-prettier": "^9.0.0",
    "eslint-import-resolver-typescript": "^3.6.0",
    "eslint-plugin-import": "^2.28.1",
    "eslint-plugin-prettier": "^5.0.0",
    "husky": "^8.0.3",
    "jest": "^29.7.0",
    "jest-environment-jsdom": "^29.6.2",
    "lint-staged": "^15.0.2",
    "prettier": "^3.0.2",
    "publint": "^0.2.2",
    "shx": "^0.3.4",
    "ts-jest": "^29.1.1",
    "ts-node": "^10.9.1",
    "typescript": "^5.1.6"
  },
  "files": [
    "build"
  ],
  "engines": {
    "node": ">=18"
  },
  "lint-staged": {
    "*.{js,ts}": "eslint --fix"
  }
 }
--- a/package-lock.json
+++ b/package-lock.json
@ -54,6 +54,7 @@
        "imap": "^0.8.19",
        "imapflow": "^1.0.184",
        "input-otp": "1.4.1",
        "jwt-decode": "^4.0.0",
        "lucide-react": "^0.454.0",
        "mailparser": "^3.7.2",
        "next": "14.2.24",
@ -4113,6 +4114,15 @@
      "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==",
      "license": "MIT"
    },
    "node_modules/jwt-decode": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
      "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
      "license": "MIT",
      "engines": {
        "node": ">=18"
      }
    },
    "node_modules/leac": {
      "version": "0.6.0",
      "resolved": "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz",
--- a/package.json
+++ b/package.json
@ -55,6 +55,7 @@
    "imap": "^0.8.19",
    "imapflow": "^1.0.184",
    "input-otp": "1.4.1",
    "jwt-decode": "^4.0.0",
    "lucide-react": "^0.454.0",
    "mailparser": "^3.7.2",
    "next": "14.2.24",
--- a/yarn.lock
+++ b/yarn.lock
@ -1815,6 +1815,11 @@ jsbn@1.1.0:
  resolved "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz"
  integrity sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==
 jwt-decode@^4.0.0:
  version "4.0.0"
  resolved "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz"
  integrity sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==
 leac@^0.6.0:
  version "0.6.0"
  resolved "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz"