carnet api
This commit is contained in:
parent
6cd4301687
commit
990a722e36
@ -35,6 +35,7 @@ declare module "next-auth" {
|
||||
role: string[];
|
||||
};
|
||||
accessToken: string;
|
||||
nextcloudToken: string;
|
||||
}
|
||||
|
||||
interface JWT {
|
||||
@ -46,6 +47,7 @@ declare module "next-auth" {
|
||||
username: string;
|
||||
first_name: string;
|
||||
last_name: string;
|
||||
nextcloudToken: string;
|
||||
error?: string;
|
||||
}
|
||||
}
|
||||
@ -147,37 +149,18 @@ export const authOptions: NextAuthOptions = {
|
||||
});
|
||||
|
||||
if (account && profile) {
|
||||
const keycloakProfile = profile as KeycloakProfile;
|
||||
console.log('JWT callback profile:', {
|
||||
rawRoles: keycloakProfile.roles,
|
||||
realmAccess: keycloakProfile.realm_access,
|
||||
profile: keycloakProfile
|
||||
});
|
||||
|
||||
// Get roles from realm_access
|
||||
const roles = keycloakProfile.realm_access?.roles || [];
|
||||
console.log('JWT callback raw roles:', roles);
|
||||
|
||||
// Clean up roles by removing ROLE_ prefix and converting to lowercase
|
||||
const cleanRoles = roles.map((role: string) =>
|
||||
role.replace(/^ROLE_/, '').toLowerCase()
|
||||
);
|
||||
|
||||
console.log('JWT callback cleaned roles:', cleanRoles);
|
||||
|
||||
token.accessToken = account.access_token ?? '';
|
||||
token.refreshToken = account.refresh_token ?? '';
|
||||
token.accessTokenExpires = account.expires_at ?? 0;
|
||||
token.sub = keycloakProfile.sub;
|
||||
token.role = cleanRoles;
|
||||
token.username = keycloakProfile.preferred_username ?? '';
|
||||
token.first_name = keycloakProfile.given_name ?? '';
|
||||
token.last_name = keycloakProfile.family_name ?? '';
|
||||
|
||||
console.log('JWT callback final token:', {
|
||||
tokenRoles: token.role,
|
||||
token
|
||||
});
|
||||
const decodedToken = jwtDecode<DecodedToken>(account.access_token!);
|
||||
return {
|
||||
...token,
|
||||
accessToken: account.access_token,
|
||||
refreshToken: account.refresh_token,
|
||||
accessTokenExpires: account.expires_at! * 1000,
|
||||
role: decodedToken.realm_access?.roles || [],
|
||||
username: profile.preferred_username || '',
|
||||
first_name: profile.given_name || '',
|
||||
last_name: profile.family_name || '',
|
||||
nextcloudToken: account.access_token // Use the same token for NextCloud
|
||||
};
|
||||
} else if (token.accessToken) {
|
||||
// Decode the token to get roles
|
||||
try {
|
||||
@ -201,7 +184,7 @@ export const authOptions: NextAuthOptions = {
|
||||
}
|
||||
}
|
||||
|
||||
if (Date.now() < (token.accessTokenExpires as number) * 1000) {
|
||||
if (Date.now() < token.accessTokenExpires) {
|
||||
return token;
|
||||
}
|
||||
|
||||
@ -234,6 +217,7 @@ export const authOptions: NextAuthOptions = {
|
||||
role: userRoles,
|
||||
};
|
||||
session.accessToken = token.accessToken;
|
||||
session.nextcloudToken = token.nextcloudToken;
|
||||
|
||||
console.log('Session callback final session:', {
|
||||
userRoles: session.user.role,
|
||||
|
||||
@ -1,8 +1,9 @@
|
||||
import { getServerSession } from 'next-auth';
|
||||
import { NextCloudService } from './nextcloud';
|
||||
import { authOptions } from '@/app/api/auth/[...nextauth]/route';
|
||||
|
||||
export async function getNextCloudService() {
|
||||
const session = await getServerSession();
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session?.user?.email) {
|
||||
throw new Error('Not authenticated');
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user