alma/Neah
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

database wf 3

Browse Source
This commit is contained in:
alma 2025-04-17 12:51:24 +02:00
parent c22d04eb99
commit d34d0ac5b8
1 changed files with 66 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
app/api/auth/[...nextauth]/route.ts
View File

@ -1,23 +1,20 @@
import NextAuth from "next-auth"; import NextAuth, { NextAuthOptions } from "next-auth";
import { KeycloakProvider } from "@auth/keycloak"; import { prisma } from '@/lib/prisma';
import { NextAuthOptions } from "next-auth"; import CredentialsProvider from 'next-auth/providers/credentials';
declare module "next-auth" { declare module "next-auth" {
interface User {
id: string;
name?: string | null;
email?: string | null;
image?: string | null;
username: string;
first_name: string;
last_name: string;
role: string[];
}
interface Session { interface Session {
user: User; user: {
id: string;
name?: string | null;
email?: string | null;
image?: string | null;
username: string;
first_name: string;
last_name: string;
role: string[];
};
accessToken: string; accessToken: string;
refreshToken: string;
} }
interface JWT { interface JWT {
@ -31,48 +28,70 @@ declare module "next-auth" {
} }
} }
export const authOptions: NextAuthOptions = { const authOptions: NextAuthOptions = {
providers: [ providers: [
KeycloakProvider({ CredentialsProvider({
clientId: process.env.KEYCLOAK_CLIENT_ID!, name: 'Credentials',
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, credentials: {
issuer: process.env.KEYCLOAK_ISSUER, email: { label: 'Email', type: 'email' },
password: { label: 'Password', type: 'password' }
},
async authorize(credentials) {
if (!credentials?.email || !credentials?.password) {
return null;
}
const user = await prisma.user.findUnique({
where: { email: credentials.email },
});
if (!user) {
return null;
}
return {
id: user.id,
email: user.email,
username: user.username || user.email.split('@')[0],
first_name: user.first_name || '',
last_name: user.last_name || '',
role: user.role || [],
};
}
}) })
], ],
session: { session: {
strategy: 'jwt', strategy: 'jwt' as const,
}, },
pages: { pages: {
signIn: '/signin', signIn: '/login',
}, },
callbacks: { callbacks: {
async jwt({ token, account, profile }) { async jwt({ token, user }: { token: any; user: any }) {
if (account) { if (user) {
token.accessToken = account.access_token ?? ''; token.id = user.id;
token.refreshToken = account.refresh_token ?? ''; token.email = user.email;
token.accessTokenExpires = account.expires_at ?? 0; token.username = user.username;
} token.first_name = user.first_name;
if (profile) { token.last_name = user.last_name;
token.username = profile.preferred_username ?? ''; token.role = user.role;
token.first_name = profile.given_name ?? '';
token.last_name = profile.family_name ?? '';
token.role = profile.groups ?? [];
} }
return token; return token;
}, },
async session({ session, token }) { async session({ session, token }: { session: any; token: any }) {
session.user = { if (token) {
id: token.sub ?? '', session.user = {
name: token.name ?? null, id: token.id as string,
email: token.email ?? null, email: token.email as string | null,
image: token.picture ?? null, name: token.name as string | null,
username: token.username, image: token.picture as string | null,
first_name: token.first_name, username: token.username as string,
last_name: token.last_name, first_name: token.first_name as string,
role: token.role, last_name: token.last_name as string,
}; role: token.role as string[],
session.accessToken = token.accessToken; };
session.refreshToken = token.refreshToken; session.accessToken = token.accessToken as string;
}
return session; return session;
} }
} }