From 990a722e36bd97005835dc9344ff8bcca2350d6e Mon Sep 17 00:00:00 2001 From: alma Date: Sun, 20 Apr 2025 12:26:31 +0200 Subject: [PATCH] carnet api --- app/api/auth/[...nextauth]/route.ts | 48 ++++++++++------------------- lib/nextcloud-utils.ts | 3 +- 2 files changed, 18 insertions(+), 33 deletions(-) diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 641eb7ad..1c48ac75 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -35,6 +35,7 @@ declare module "next-auth" { role: string[]; }; accessToken: string; + nextcloudToken: string; } interface JWT { @@ -46,6 +47,7 @@ declare module "next-auth" { username: string; first_name: string; last_name: string; + nextcloudToken: string; error?: string; } } @@ -147,37 +149,18 @@ export const authOptions: NextAuthOptions = { }); if (account && profile) { - const keycloakProfile = profile as KeycloakProfile; - console.log('JWT callback profile:', { - rawRoles: keycloakProfile.roles, - realmAccess: keycloakProfile.realm_access, - profile: keycloakProfile - }); - - // Get roles from realm_access - const roles = keycloakProfile.realm_access?.roles || []; - console.log('JWT callback raw roles:', roles); - - // Clean up roles by removing ROLE_ prefix and converting to lowercase - const cleanRoles = roles.map((role: string) => - role.replace(/^ROLE_/, '').toLowerCase() - ); - - console.log('JWT callback cleaned roles:', cleanRoles); - - token.accessToken = account.access_token ?? ''; - token.refreshToken = account.refresh_token ?? ''; - token.accessTokenExpires = account.expires_at ?? 0; - token.sub = keycloakProfile.sub; - token.role = cleanRoles; - token.username = keycloakProfile.preferred_username ?? ''; - token.first_name = keycloakProfile.given_name ?? ''; - token.last_name = keycloakProfile.family_name ?? ''; - - console.log('JWT callback final token:', { - tokenRoles: token.role, - token - }); + const decodedToken = jwtDecode(account.access_token!); + return { + ...token, + accessToken: account.access_token, + refreshToken: account.refresh_token, + accessTokenExpires: account.expires_at! * 1000, + role: decodedToken.realm_access?.roles || [], + username: profile.preferred_username || '', + first_name: profile.given_name || '', + last_name: profile.family_name || '', + nextcloudToken: account.access_token // Use the same token for NextCloud + }; } else if (token.accessToken) { // Decode the token to get roles try { @@ -201,7 +184,7 @@ export const authOptions: NextAuthOptions = { } } - if (Date.now() < (token.accessTokenExpires as number) * 1000) { + if (Date.now() < token.accessTokenExpires) { return token; } @@ -234,6 +217,7 @@ export const authOptions: NextAuthOptions = { role: userRoles, }; session.accessToken = token.accessToken; + session.nextcloudToken = token.nextcloudToken; console.log('Session callback final session:', { userRoles: session.user.role, diff --git a/lib/nextcloud-utils.ts b/lib/nextcloud-utils.ts index efe9c98e..4883ee07 100644 --- a/lib/nextcloud-utils.ts +++ b/lib/nextcloud-utils.ts @@ -1,8 +1,9 @@ import { getServerSession } from 'next-auth'; import { NextCloudService } from './nextcloud'; +import { authOptions } from '@/app/api/auth/[...nextauth]/route'; export async function getNextCloudService() { - const session = await getServerSession(); + const session = await getServerSession(authOptions); if (!session?.user?.email) { throw new Error('Not authenticated'); }