From ae5176e90a33c6f91c3ea1412e9d92e3c890ad41 Mon Sep 17 00:00:00 2001
From: alma <alma@governance-labs.org>
Date: Sun, 20 Apr 2025 13:24:31 +0200
Subject: [PATCH] carnet api

---
 app/api/nextcloud/status/route.ts | 56 ++++++-------------------------
 1 file changed, 10 insertions(+), 46 deletions(-)

diff --git a/app/api/nextcloud/status/route.ts b/app/api/nextcloud/status/route.ts
index b1f765b4..7c6dce8c 100644
--- a/app/api/nextcloud/status/route.ts
+++ b/app/api/nextcloud/status/route.ts
@@ -2,47 +2,12 @@ import { NextResponse } from 'next/server';
 import { getServerSession } from 'next-auth';
 import { authOptions } from '@/app/api/auth/[...nextauth]/route';
 import { DOMParser } from '@xmldom/xmldom';
-
-async function getNextcloudAccessToken(clientId: string, clientSecret: string) {
-  const nextcloudUrl = process.env.NEXTCLOUD_URL;
-  if (!nextcloudUrl) {
-    throw new Error('NEXTCLOUD_URL is not defined');
-  }
-
-  const tokenEndpoint = `${nextcloudUrl}/index.php/apps/oauth2/api/v1/token`;
-
-  const params = new URLSearchParams({
-    grant_type: 'client_credentials',
-    client_id: clientId,
-    client_secret: clientSecret,
-  });
-
-  const response = await fetch(tokenEndpoint, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/x-www-form-urlencoded',
-      'Accept': 'application/json',
-    },
-    body: params.toString(),
-  });
-
-  if (!response.ok) {
-    const errorText = await response.text();
-    console.error('Nextcloud token response:', errorText);
-    throw new Error(`Failed to get Nextcloud access token: ${response.status} ${errorText}`);
-  }
-
-  const data = await response.json();
-  if (!data.access_token) {
-    throw new Error('No access token in response');
-  }
-
-  return data.access_token;
-}
+import { cookies } from 'next/headers';
 
 export async function GET() {
   try {
     const session = await getServerSession(authOptions);
+    const cookieStore = cookies();
 
     if (!session?.user?.email) {
       return NextResponse.json(
@@ -52,10 +17,7 @@ export async function GET() {
     }
 
     const nextcloudUrl = process.env.NEXTCLOUD_URL;
-    const nextcloudClientId = process.env.NEXTCLOUD_CLIENT_ID;
-    const nextcloudClientSecret = process.env.NEXTCLOUD_CLIENT_SECRET;
-
-    if (!nextcloudUrl || !nextcloudClientId || !nextcloudClientSecret) {
+    if (!nextcloudUrl) {
       console.error('Missing Nextcloud configuration');
       return NextResponse.json(
         { error: 'Nextcloud configuration is missing' },
@@ -74,16 +36,18 @@ export async function GET() {
     }
 
     try {
-      // Get access token
-      const accessToken = await getNextcloudAccessToken(nextcloudClientId, nextcloudClientSecret);
-
-      // Get user's folders using WebDAV
+      // Get user's folders using WebDAV with session cookies
       const webdavUrl = `${nextcloudUrl}/remote.php/dav/files/${encodeURIComponent(session.user.email)}/`;
       console.log('Requesting WebDAV URL:', webdavUrl);
 
+      // Get all cookies from the request
+      const cookieHeader = cookieStore.getAll()
+        .map(cookie => `${cookie.name}=${cookie.value}`)
+        .join('; ');
+
       const foldersResponse = await fetch(webdavUrl, {
         headers: {
-          'Authorization': `Bearer ${accessToken}`,
+          'Cookie': cookieHeader,
           'Depth': '1',
           'Content-Type': 'application/xml',
         },