From 9b6eed1b37633047c742f3ee01b96ed15de5f101 Mon Sep 17 00:00:00 2001
From: alma <alma@governance-labs.org>
Date: Sun, 20 Apr 2025 13:29:52 +0200
Subject: [PATCH] carnet api

---
 app/api/nextcloud/status/route.ts | 27 +++------------------------
 1 file changed, 3 insertions(+), 24 deletions(-)

diff --git a/app/api/nextcloud/status/route.ts b/app/api/nextcloud/status/route.ts
index 45ad01e3..e6820d65 100644
--- a/app/api/nextcloud/status/route.ts
+++ b/app/api/nextcloud/status/route.ts
@@ -2,14 +2,12 @@ import { NextResponse } from 'next/server';
 import { getServerSession } from 'next-auth';
 import { authOptions } from '@/app/api/auth/[...nextauth]/route';
 import { DOMParser } from '@xmldom/xmldom';
-import { cookies } from 'next/headers';
 
 export async function GET() {
   try {
     const session = await getServerSession(authOptions);
-    const cookieStore = cookies();
 
-    if (!session?.user?.email) {
+    if (!session?.user?.email || !session?.accessToken) {
       return NextResponse.json(
         { error: 'Unauthorized' },
         { status: 401 }
@@ -36,35 +34,16 @@ export async function GET() {
     }
 
     try {
-      // Get user's folders using WebDAV with session cookies
+      // Get user's folders using WebDAV with Keycloak token
       const webdavUrl = `${nextcloudUrl}/remote.php/dav/files/${encodeURIComponent(session.user.email)}/`;
       console.log('Requesting WebDAV URL:', webdavUrl);
 
-      // Get all cookies from the request
-      const allCookies = cookieStore.getAll();
-      console.log('Available cookies:', allCookies.map(c => ({
-        name: c.name,
-        value: c.value.substring(0, 10) + '...', // Log partial value for security
-        domain: c.domain,
-        path: c.path,
-        secure: c.secure,
-        httpOnly: c.httpOnly,
-        sameSite: c.sameSite
-      })));
-
-      const cookieHeader = allCookies
-        .map(cookie => `${cookie.name}=${cookie.value}`)
-        .join('; ');
-
-      console.log('Sending cookie header:', cookieHeader.substring(0, 100) + '...'); // Log partial header
-
       const foldersResponse = await fetch(webdavUrl, {
         headers: {
-          'Cookie': cookieHeader,
+          'Authorization': `Bearer ${session.accessToken}`,
           'Depth': '1',
           'Content-Type': 'application/xml',
         },
-        credentials: 'include', // Important for cookie handling
       });
 
       if (!foldersResponse.ok) {