alma/Neah
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

carnet api

Browse Source
This commit is contained in:
alma 2025-04-20 12:26:31 +02:00
parent 6cd4301687
commit 990a722e36
2 changed files with 18 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
app/api/auth/[...nextauth]/route.ts
View File

@ -35,6 +35,7 @@ declare module "next-auth" {
role: string[]; role: string[];
}; };
accessToken: string; accessToken: string;
nextcloudToken: string;
} }
interface JWT { interface JWT {
@ -46,6 +47,7 @@ declare module "next-auth" {
username: string; username: string;
first_name: string; first_name: string;
last_name: string; last_name: string;
nextcloudToken: string;
error?: string; error?: string;
} }
} }
@ -147,37 +149,18 @@ export const authOptions: NextAuthOptions = {
}); });
if (account && profile) { if (account && profile) {
const keycloakProfile = profile as KeycloakProfile; const decodedToken = jwtDecode<DecodedToken>(account.access_token!);
console.log('JWT callback profile:', { return {
rawRoles: keycloakProfile.roles, ...token,
realmAccess: keycloakProfile.realm_access, accessToken: account.access_token,
profile: keycloakProfile refreshToken: account.refresh_token,
}); accessTokenExpires: account.expires_at! * 1000,
role: decodedToken.realm_access?.roles || [],
// Get roles from realm_access username: profile.preferred_username || '',
const roles = keycloakProfile.realm_access?.roles || []; first_name: profile.given_name || '',
console.log('JWT callback raw roles:', roles); last_name: profile.family_name || '',
nextcloudToken: account.access_token // Use the same token for NextCloud
// Clean up roles by removing ROLE_ prefix and converting to lowercase };
const cleanRoles = roles.map((role: string) =>
role.replace(/^ROLE_/, '').toLowerCase()
);
console.log('JWT callback cleaned roles:', cleanRoles);
token.accessToken = account.access_token ?? '';
token.refreshToken = account.refresh_token ?? '';
token.accessTokenExpires = account.expires_at ?? 0;
token.sub = keycloakProfile.sub;
token.role = cleanRoles;
token.username = keycloakProfile.preferred_username ?? '';
token.first_name = keycloakProfile.given_name ?? '';
token.last_name = keycloakProfile.family_name ?? '';
console.log('JWT callback final token:', {
tokenRoles: token.role,
token
});
} else if (token.accessToken) { } else if (token.accessToken) {
// Decode the token to get roles // Decode the token to get roles
try { try {
@ -201,7 +184,7 @@ export const authOptions: NextAuthOptions = {
} }
} }
if (Date.now() < (token.accessTokenExpires as number) * 1000) { if (Date.now() < token.accessTokenExpires) {
return token; return token;
} }
@ -234,6 +217,7 @@ export const authOptions: NextAuthOptions = {
role: userRoles, role: userRoles,
}; };
session.accessToken = token.accessToken; session.accessToken = token.accessToken;
session.nextcloudToken = token.nextcloudToken;
console.log('Session callback final session:', { console.log('Session callback final session:', {
userRoles: session.user.role, userRoles: session.user.role,

3
lib/nextcloud-utils.ts
View File

@ -1,8 +1,9 @@
import { getServerSession } from 'next-auth'; import { getServerSession } from 'next-auth';
import { NextCloudService } from './nextcloud'; import { NextCloudService } from './nextcloud';
import { authOptions } from '@/app/api/auth/[...nextauth]/route';
export async function getNextCloudService() { export async function getNextCloudService() {
const session = await getServerSession(); const session = await getServerSession(authOptions);
if (!session?.user?.email) { if (!session?.user?.email) {
throw new Error('Not authenticated'); throw new Error('Not authenticated');
} }