92 lines
2.9 KiB
TypeScript
92 lines
2.9 KiB
TypeScript
import { getServerSession } from "next-auth/next";
|
|
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
|
|
import { NextResponse } from "next/server";
|
|
|
|
export async function PUT(
|
|
req: Request,
|
|
{ params }: { params: { userId: string } }
|
|
) {
|
|
const session = await getServerSession(authOptions);
|
|
|
|
if (!session) {
|
|
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
|
|
}
|
|
|
|
try {
|
|
const { roles } = await req.json();
|
|
|
|
// Get client credentials token
|
|
const tokenResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
|
|
{
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
},
|
|
body: new URLSearchParams({
|
|
grant_type: 'client_credentials',
|
|
client_id: process.env.KEYCLOAK_CLIENT_ID!,
|
|
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
}),
|
|
}
|
|
);
|
|
|
|
const tokenData = await tokenResponse.json();
|
|
|
|
if (!tokenResponse.ok) {
|
|
console.error("Failed to get token:", tokenData);
|
|
return NextResponse.json({ error: "Failed to get token" }, { status: 500 });
|
|
}
|
|
|
|
// Get available roles
|
|
const rolesResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/roles`,
|
|
{
|
|
headers: {
|
|
'Authorization': `Bearer ${tokenData.access_token}`,
|
|
},
|
|
}
|
|
);
|
|
|
|
if (!rolesResponse.ok) {
|
|
const errorData = await rolesResponse.json();
|
|
console.error("Failed to get roles:", errorData);
|
|
return NextResponse.json({ error: "Failed to get roles" }, { status: rolesResponse.status });
|
|
}
|
|
|
|
const availableRoles = await rolesResponse.json();
|
|
|
|
// Map role names to role objects
|
|
const roleObjects = roles.map((roleName: string) => {
|
|
const role = availableRoles.find((r: any) => r.name === roleName);
|
|
if (!role) {
|
|
throw new Error(`Role ${roleName} not found`);
|
|
}
|
|
return role;
|
|
});
|
|
|
|
// Update user roles
|
|
const updateResponse = await fetch(
|
|
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
|
|
{
|
|
method: 'POST',
|
|
headers: {
|
|
'Authorization': `Bearer ${tokenData.access_token}`,
|
|
'Content-Type': 'application/json',
|
|
},
|
|
body: JSON.stringify(roleObjects),
|
|
}
|
|
);
|
|
|
|
if (!updateResponse.ok) {
|
|
const errorData = await updateResponse.json();
|
|
console.error("Failed to update roles:", errorData);
|
|
return NextResponse.json({ error: "Failed to update roles" }, { status: updateResponse.status });
|
|
}
|
|
|
|
return NextResponse.json({ success: true });
|
|
} catch (error) {
|
|
console.error("Error in update roles:", error);
|
|
return NextResponse.json({ error: "Internal server error" }, { status: 500 });
|
|
}
|
|
}
|