alma/Neah
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

carnet api

Browse Source
This commit is contained in:
alma 2025-04-20 12:27:14 +02:00
parent 990a722e36
commit aa4b50950d
2 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
app/api/auth/[...nextauth]/route.ts
View File

@ -35,7 +35,6 @@ declare module "next-auth" {
role: string[]; role: string[];
}; };
accessToken: string; accessToken: string;
nextcloudToken: string;
} }
interface JWT { interface JWT {
@ -47,7 +46,6 @@ declare module "next-auth" {
username: string; username: string;
first_name: string; first_name: string;
last_name: string; last_name: string;
nextcloudToken: string;
error?: string; error?: string;
} }
} }
@ -149,18 +147,37 @@ export const authOptions: NextAuthOptions = {
}); });
if (account && profile) { if (account && profile) {
const decodedToken = jwtDecode<DecodedToken>(account.access_token!); const keycloakProfile = profile as KeycloakProfile;
return { console.log('JWT callback profile:', {
...token, rawRoles: keycloakProfile.roles,
accessToken: account.access_token, realmAccess: keycloakProfile.realm_access,
refreshToken: account.refresh_token, profile: keycloakProfile
accessTokenExpires: account.expires_at! * 1000, });
role: decodedToken.realm_access?.roles || [],
username: profile.preferred_username || '', // Get roles from realm_access
first_name: profile.given_name || '', const roles = keycloakProfile.realm_access?.roles || [];
last_name: profile.family_name || '', console.log('JWT callback raw roles:', roles);
nextcloudToken: account.access_token // Use the same token for NextCloud
}; // Clean up roles by removing ROLE_ prefix and converting to lowercase
const cleanRoles = roles.map((role: string) =>
role.replace(/^ROLE_/, '').toLowerCase()
);
console.log('JWT callback cleaned roles:', cleanRoles);
token.accessToken = account.access_token ?? '';
token.refreshToken = account.refresh_token ?? '';
token.accessTokenExpires = account.expires_at ?? 0;
token.sub = keycloakProfile.sub;
token.role = cleanRoles;
token.username = keycloakProfile.preferred_username ?? '';
token.first_name = keycloakProfile.given_name ?? '';
token.last_name = keycloakProfile.family_name ?? '';
console.log('JWT callback final token:', {
tokenRoles: token.role,
token
});
} else if (token.accessToken) { } else if (token.accessToken) {
// Decode the token to get roles // Decode the token to get roles
try { try {
@ -184,7 +201,7 @@ export const authOptions: NextAuthOptions = {
} }
} }
if (Date.now() < token.accessTokenExpires) { if (Date.now() < (token.accessTokenExpires as number) * 1000) {
return token; return token;
} }
@ -217,7 +234,6 @@ export const authOptions: NextAuthOptions = {
role: userRoles, role: userRoles,
}; };
session.accessToken = token.accessToken; session.accessToken = token.accessToken;
session.nextcloudToken = token.nextcloudToken;
console.log('Session callback final session:', { console.log('Session callback final session:', {
userRoles: session.user.role, userRoles: session.user.role,

3
lib/nextcloud-utils.ts
View File

@ -1,9 +1,8 @@
import { getServerSession } from 'next-auth'; import { getServerSession } from 'next-auth';
import { NextCloudService } from './nextcloud'; import { NextCloudService } from './nextcloud';
import { authOptions } from '@/app/api/auth/[...nextauth]/route';
export async function getNextCloudService() { export async function getNextCloudService() {
const session = await getServerSession(authOptions); const session = await getServerSession();
if (!session?.user?.email) { if (!session?.user?.email) {
throw new Error('Not authenticated'); throw new Error('Not authenticated');
} }