alma/Neah
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

session correction sidebar items 3

Browse Source
This commit is contained in:
alma 2025-04-18 14:37:57 +02:00
parent 211112d235
commit 932ee9f94c
2 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/api/auth/[...nextauth]/route.ts
View File

@ -88,11 +88,18 @@ export const authOptions: NextAuthOptions = {
clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"), clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"), issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
profile(profile) { profile(profile) {
console.log('Keycloak profile:', {
rawRoles: profile.roles,
profile
});
// Clean up roles by removing ROLE_ prefix and converting to lowercase // Clean up roles by removing ROLE_ prefix and converting to lowercase
const cleanRoles = (profile.roles ?? []).map(role => const cleanRoles = (profile.roles ?? []).map(role =>
role.replace(/^ROLE_/, '').toLowerCase() role.replace(/^ROLE_/, '').toLowerCase()
); );
console.log('Cleaned roles:', cleanRoles);
return { return {
id: profile.sub, id: profile.sub,
name: profile.name ?? profile.preferred_username, name: profile.name ?? profile.preferred_username,
@ -113,11 +120,18 @@ export const authOptions: NextAuthOptions = {
async jwt({ token, account, profile }) { async jwt({ token, account, profile }) {
if (account && profile) { if (account && profile) {
const keycloakProfile = profile as KeycloakProfile; const keycloakProfile = profile as KeycloakProfile;
console.log('JWT callback profile:', {
rawRoles: keycloakProfile.roles,
profile: keycloakProfile
});
// Clean up roles by removing ROLE_ prefix and converting to lowercase // Clean up roles by removing ROLE_ prefix and converting to lowercase
const cleanRoles = (keycloakProfile.roles ?? []).map(role => const cleanRoles = (keycloakProfile.roles ?? []).map(role =>
role.replace(/^ROLE_/, '').toLowerCase() role.replace(/^ROLE_/, '').toLowerCase()
); );
console.log('JWT cleaned roles:', cleanRoles);
token.accessToken = account.access_token ?? ''; token.accessToken = account.access_token ?? '';
token.refreshToken = account.refresh_token ?? ''; token.refreshToken = account.refresh_token ?? '';
token.accessTokenExpires = account.expires_at ?? 0; token.accessTokenExpires = account.expires_at ?? 0;
@ -139,6 +153,11 @@ export const authOptions: NextAuthOptions = {
throw new Error(token.error); throw new Error(token.error);
} }
console.log('Session callback:', {
tokenRoles: token.role,
session
});
session.user = { session.user = {
id: token.sub ?? '', id: token.sub ?? '',
email: token.email ?? null, email: token.email ?? null,

26
components/sidebar.tsx
View File

@ -71,12 +71,22 @@ export function Sidebar({ isOpen, onClose }: SidebarProps) {
// Function to check if user has a specific role // Function to check if user has a specific role
const hasRole = (requiredRole: string | string[] | undefined) => { const hasRole = (requiredRole: string | string[] | undefined) => {
if (!requiredRole || !session?.user?.role) { if (!requiredRole || !session?.user?.role) {
console.log('No required role or user roles found'); console.log('No required role or user roles found', {
requiredRole,
userRoles: session?.user?.role
});
return false; return false;
} }
const userRoles = Array.isArray(session.user.role) ? session.user.role : [session.user.role]; const userRoles = Array.isArray(session.user.role) ? session.user.role : [session.user.role];
console.log('User roles:', userRoles); const cleanUserRoles = userRoles.map(role => role.toLowerCase());
console.log('Debug roles:', {
rawUserRoles: session.user.role,
processedUserRoles: cleanUserRoles,
requiredRole,
pathname
});
// If requiredRole is an array, check if user has any of the roles // If requiredRole is an array, check if user has any of the roles
if (Array.isArray(requiredRole)) { if (Array.isArray(requiredRole)) {
@ -84,10 +94,11 @@ export function Sidebar({ isOpen, onClose }: SidebarProps) {
console.log('Checking multiple roles:', { console.log('Checking multiple roles:', {
requiredRoles: requiredRole, requiredRoles: requiredRole,
cleanRequiredRoles, cleanRequiredRoles,
hasAnyRole: cleanRequiredRoles.some(role => userRoles.includes(role)), userRoles: cleanUserRoles,
matchingRoles: cleanRequiredRoles.filter(role => userRoles.includes(role)) hasAnyRole: cleanRequiredRoles.some(role => cleanUserRoles.includes(role)),
matchingRoles: cleanRequiredRoles.filter(role => cleanUserRoles.includes(role))
}); });
return cleanRequiredRoles.some(role => userRoles.includes(role)); return cleanRequiredRoles.some(role => cleanUserRoles.includes(role));
} }
// For single role requirement // For single role requirement
@ -95,9 +106,10 @@ export function Sidebar({ isOpen, onClose }: SidebarProps) {
console.log('Checking single role:', { console.log('Checking single role:', {
requiredRole, requiredRole,
cleanRequiredRole, cleanRequiredRole,
hasRole: userRoles.includes(cleanRequiredRole) userRoles: cleanUserRoles,
hasRole: cleanUserRoles.includes(cleanRequiredRole)
}); });
return userRoles.includes(cleanRequiredRole); return cleanUserRoles.includes(cleanRequiredRole);
}; };
// Base menu items (available for everyone) // Base menu items (available for everyone)