150 lines
4.8 KiB
TypeScript
150 lines
4.8 KiB
TypeScript
import { getServerSession } from "next-auth/next";
|
|
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
|
|
import { NextResponse } from "next/server";
|
|
|
|
async function getAdminToken() {
|
|
try {
|
|
const tokenResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
|
|
{
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
},
|
|
body: new URLSearchParams({
|
|
grant_type: 'client_credentials',
|
|
client_id: process.env.KEYCLOAK_CLIENT_ID!,
|
|
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
}),
|
|
}
|
|
);
|
|
|
|
const data = await tokenResponse.json();
|
|
|
|
if (!tokenResponse.ok || !data.access_token) {
|
|
console.error('Token Error:', data);
|
|
return null;
|
|
}
|
|
|
|
return data.access_token;
|
|
} catch (error) {
|
|
console.error('Token Error:', error);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
export async function PUT(
|
|
req: Request,
|
|
{ params }: { params: { userId: string } }
|
|
) {
|
|
const session = await getServerSession(authOptions);
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
|
|
}
|
|
|
|
try {
|
|
const { roles } = await req.json();
|
|
const token = await getAdminToken();
|
|
|
|
if (!token) {
|
|
return NextResponse.json({ error: "Erreur d'authentification" }, { status: 401 });
|
|
}
|
|
|
|
// First, get all available roles from Keycloak
|
|
const rolesResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/roles`,
|
|
{
|
|
headers: {
|
|
Authorization: `Bearer ${token}`,
|
|
},
|
|
}
|
|
);
|
|
|
|
if (!rolesResponse.ok) {
|
|
const errorData = await rolesResponse.json();
|
|
console.error("Failed to fetch roles:", errorData);
|
|
return NextResponse.json({ error: "Erreur lors de la récupération des rôles" }, { status: rolesResponse.status });
|
|
}
|
|
|
|
const availableRoles = await rolesResponse.json();
|
|
console.log("Available roles:", availableRoles);
|
|
|
|
// Map role names to role objects
|
|
const roleObjects = roles.map((roleName: string) => {
|
|
const role = availableRoles.find((r: any) => r.name === roleName);
|
|
if (!role) {
|
|
throw new Error(`Role ${roleName} not found in Keycloak`);
|
|
}
|
|
return role;
|
|
});
|
|
|
|
// First, get current role mappings
|
|
const currentMappingsResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
|
|
{
|
|
headers: {
|
|
Authorization: `Bearer ${token}`,
|
|
},
|
|
}
|
|
);
|
|
|
|
if (!currentMappingsResponse.ok) {
|
|
const errorData = await currentMappingsResponse.json();
|
|
console.error("Failed to fetch current role mappings:", errorData);
|
|
return NextResponse.json({ error: "Erreur lors de la récupération des rôles actuels" }, { status: currentMappingsResponse.status });
|
|
}
|
|
|
|
const currentMappings = await currentMappingsResponse.json();
|
|
|
|
// Remove all current role mappings
|
|
if (currentMappings.length > 0) {
|
|
const deleteResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
|
|
{
|
|
method: 'DELETE',
|
|
headers: {
|
|
Authorization: `Bearer ${token}`,
|
|
'Content-Type': 'application/json',
|
|
},
|
|
body: JSON.stringify(currentMappings),
|
|
}
|
|
);
|
|
|
|
if (!deleteResponse.ok) {
|
|
const errorData = await deleteResponse.json();
|
|
console.error("Failed to remove current roles:", errorData);
|
|
return NextResponse.json({ error: "Erreur lors de la suppression des rôles actuels" }, { status: deleteResponse.status });
|
|
}
|
|
}
|
|
|
|
// Add new role mappings
|
|
if (roleObjects.length > 0) {
|
|
const addResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
|
|
{
|
|
method: 'POST',
|
|
headers: {
|
|
Authorization: `Bearer ${token}`,
|
|
'Content-Type': 'application/json',
|
|
},
|
|
body: JSON.stringify(roleObjects),
|
|
}
|
|
);
|
|
|
|
if (!addResponse.ok) {
|
|
const errorData = await addResponse.json();
|
|
console.error("Failed to add new roles:", errorData);
|
|
return NextResponse.json({ error: "Erreur lors de l'ajout des nouveaux rôles" }, { status: addResponse.status });
|
|
}
|
|
}
|
|
|
|
return NextResponse.json({ success: true, roles });
|
|
} catch (error) {
|
|
console.error("Error in update roles:", error);
|
|
return NextResponse.json(
|
|
{ error: error instanceof Error ? error.message : "Une erreur est survenue" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|