carnet api

2025-04-20 12:27:14 +02:00 · 2025-04-20 12:27:14 +02:00 · aa4b50950d
commit aa4b50950d
parent 990a722e36
2 changed files with 33 additions and 18 deletions
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@ -35,7 +35,6 @@ declare module "next-auth" {
      role: string[];
    };
    accessToken: string;
-    nextcloudToken: string;
  }

  interface JWT {
@ -47,7 +46,6 @@ declare module "next-auth" {
    username: string;
    first_name: string;
    last_name: string;
-    nextcloudToken: string;
    error?: string;
  }
 }
@ -149,18 +147,37 @@ export const authOptions: NextAuthOptions = {
      });

      if (account && profile) {
-        const decodedToken = jwtDecode<DecodedToken>(account.access_token!);
-        return {
-          ...token,
-          accessToken: account.access_token,
-          refreshToken: account.refresh_token,
-          accessTokenExpires: account.expires_at! * 1000,
-          role: decodedToken.realm_access?.roles || [],
-          username: profile.preferred_username || '',
-          first_name: profile.given_name || '',
-          last_name: profile.family_name || '',
-          nextcloudToken: account.access_token // Use the same token for NextCloud
-        };
+        const keycloakProfile = profile as KeycloakProfile;
+        console.log('JWT callback profile:', {
+          rawRoles: keycloakProfile.roles,
+          realmAccess: keycloakProfile.realm_access,
+          profile: keycloakProfile
+        });
+
+        // Get roles from realm_access
+        const roles = keycloakProfile.realm_access?.roles || [];
+        console.log('JWT callback raw roles:', roles);
+
+        // Clean up roles by removing ROLE_ prefix and converting to lowercase
+        const cleanRoles = roles.map((role: string) => 
+          role.replace(/^ROLE_/, '').toLowerCase()
+        );
+
+        console.log('JWT callback cleaned roles:', cleanRoles);
+
+        token.accessToken = account.access_token ?? '';
+        token.refreshToken = account.refresh_token ?? '';
+        token.accessTokenExpires = account.expires_at ?? 0;
+        token.sub = keycloakProfile.sub;
+        token.role = cleanRoles;
+        token.username = keycloakProfile.preferred_username ?? '';
+        token.first_name = keycloakProfile.given_name ?? '';
+        token.last_name = keycloakProfile.family_name ?? '';
+
+        console.log('JWT callback final token:', {
+          tokenRoles: token.role,
+          token
+        });
      } else if (token.accessToken) {
        // Decode the token to get roles
        try {
@ -184,7 +201,7 @@ export const authOptions: NextAuthOptions = {
        }
      }

-      if (Date.now() < token.accessTokenExpires) {
+      if (Date.now() < (token.accessTokenExpires as number) * 1000) {
        return token;
      }

@ -217,7 +234,6 @@ export const authOptions: NextAuthOptions = {
        role: userRoles,
      };
      session.accessToken = token.accessToken;
-      session.nextcloudToken = token.nextcloudToken;

      console.log('Session callback final session:', {
        userRoles: session.user.role,
--- a/lib/nextcloud-utils.ts
+++ b/lib/nextcloud-utils.ts
@ -1,9 +1,8 @@
 import { getServerSession } from 'next-auth';
 import { NextCloudService } from './nextcloud';
-import { authOptions } from '@/app/api/auth/[...nextauth]/route';

 export async function getNextCloudService() {
-  const session = await getServerSession(authOptions);
+  const session = await getServerSession();
  if (!session?.user?.email) {
    throw new Error('Not authenticated');
  }