alma/NeahFront3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cfafcb312e
NeahFront3/app/api/users/route.ts

368 lines
11 KiB
TypeScript
Raw Blame History

import { getServerSession } from "next-auth/next";
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { NextResponse } from "next/server";
export async function GET() {
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
}
console.log("Session:", {
accessToken: session.accessToken?.substring(0, 20) + "...",
user: session.user,
});
try {
// Get client credentials token
const tokenResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: process.env.KEYCLOAK_CLIENT_ID!,
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
}),
}
);
const tokenData = await tokenResponse.json();
console.log("Token response:", {
ok: tokenResponse.ok,
status: tokenResponse.status,
data: tokenData.access_token ? "Token received" : tokenData,
});
if (!tokenResponse.ok) {
console.error("Failed to get token:", tokenData);
return NextResponse.json([getCurrentUser(session)]);
}
// Get users list with brief=false to get full user details
const usersResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users?briefRepresentation=false`,
{
headers: {
Authorization: `Bearer ${tokenData.access_token}`,
'Content-Type': 'application/json',
},
}
);
if (!usersResponse.ok) {
console.error("Failed to fetch users:", await usersResponse.text());
return NextResponse.json([getCurrentUser(session)]);
}
const users = await usersResponse.json();
console.log("Raw users data:", users.map((u: any) => ({
id: u.id,
username: u.username,
realm: u.realm,
serviceAccountClientId: u.serviceAccountClientId,
})));
// Filter out service accounts and users from other realms
const filteredUsers = users.filter((user: any) =>
!user.serviceAccountClientId && // Remove service accounts
(!user.realm || user.realm === process.env.KEYCLOAK_REALM) // Only users from our realm
);
console.log("Filtered users count:", filteredUsers.length);
// Fetch groups for each user
const usersWithGroups = await Promise.all(filteredUsers.map(async (user: any) => {
try {
const groupsResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${user.id}/groups`,
{
headers: {
Authorization: `Bearer ${tokenData.access_token}`,
'Content-Type': 'application/json',
},
}
);
let groups = [];
if (groupsResponse.ok) {
const groupsData = await groupsResponse.json();
groups = groupsData.map((group: any) => group.name);
console.log(`Groups for user ${user.username}:`, groups);
}
return {
id: user.id,
username: user.username,
firstName: user.firstName || '',
lastName: user.lastName || '',
email: user.email,
createdTimestamp: user.createdTimestamp,
roles: groups,
};
} catch (error) {
console.error(`Error fetching groups for user ${user.id}:`, error);
return {
id: user.id,
username: user.username,
firstName: user.firstName || '',
lastName: user.lastName || '',
email: user.email,
createdTimestamp: user.createdTimestamp,
roles: [],
};
}
}));
console.log("Final users data:", usersWithGroups.map(u => ({
username: u.username,
roles: u.roles,
})));
return NextResponse.json(usersWithGroups);
} catch (error) {
console.error("Error:", error);
return NextResponse.json([getCurrentUser(session)]);
}
}
// Helper function to get current user data
function getCurrentUser(session: any) {
return {
id: session.user.id,
username: session.user.username,
firstName: session.user.first_name,
lastName: session.user.last_name,
email: session.user.email,
createdTimestamp: Date.now(),
roles: session.user.role || [],
};
}
async function getAdminToken() {
try {
const tokenResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: process.env.KEYCLOAK_CLIENT_ID!,
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
}),
}
);
const data = await tokenResponse.json();
if (!tokenResponse.ok || !data.access_token) {
console.error('Token Error:', data);
return null;
}
return data.access_token;
} catch (error) {
console.error('Token Error:', error);
return null;
}
}
// Validate username according to Keycloak requirements
function validateUsername(username: string): { isValid: boolean; error?: string } {
// Keycloak username requirements:
// - Only alphanumeric characters, dots (.), hyphens (-), and underscores (_)
// - Must start with a letter or number
// - Must be between 3 and 255 characters
const usernameRegex = /^[a-zA-Z0-9][a-zA-Z0-9._-]{2,254}$/;
if (!usernameRegex.test(username)) {
return {
isValid: false,
error: "Le nom d'utilisateur doit commencer par une lettre ou un chiffre, ne contenir que des lettres, chiffres, points, tirets et underscores, et faire entre 3 et 255 caractères"
};
}
return { isValid: true };
}
export async function POST(req: Request) {
const session = await getServerSession(authOptions);
if (!session) {
return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
}
try {
const data = await req.json();
console.log("Creating user:", data);
// Validate username
const usernameValidation = validateUsername(data.username);
if (!usernameValidation.isValid) {
return NextResponse.json(
{ error: usernameValidation.error },
{ status: 400 }
);
}
const token = await getAdminToken();
if (!token) {
return NextResponse.json({ error: "Erreur d'authentification" }, { status: 401 });
}
// First, get all available roles from Keycloak
const rolesResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/roles`,
{
headers: {
Authorization: `Bearer ${token}`,
},
}
);
if (!rolesResponse.ok) {
const errorData = await rolesResponse.json();
console.error("Failed to fetch roles:", errorData);
return NextResponse.json({ error: "Erreur lors de la récupération des rôles" }, { status: rolesResponse.status });
}
const availableRoles = await rolesResponse.json();
console.log("Available roles:", availableRoles);
// Verify that the requested roles exist
const requestedRoles = data.roles || [];
const validRoles = requestedRoles.filter((roleName: string) =>
availableRoles.some((r: any) => r.name === roleName)
);
if (validRoles.length === 0) {
return NextResponse.json(
{ error: "Aucun rôle valide n'a été spécifié" },
{ status: 400 }
);
}
// Create the user
const createResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
username: data.username,
enabled: true,
emailVerified: true,
firstName: data.firstName,
lastName: data.lastName,
email: data.email,
credentials: [
{
type: "password",
value: data.password,
temporary: false,
},
],
}),
}
);
console.log("Keycloak create response:", {
status: createResponse.status,
ok: createResponse.ok
});
if (!createResponse.ok) {
const errorData = await createResponse.json();
console.error("Keycloak error:", errorData);
if (errorData.errorMessage?.includes("User exists with same username")) {
return NextResponse.json(
{ error: "Un utilisateur existe déjà avec ce nom d'utilisateur" },
{ status: 400 }
);
} else if (errorData.errorMessage?.includes("User exists with same email")) {
return NextResponse.json(
{ error: "Un utilisateur existe déjà avec cet email" },
{ status: 400 }
);
}
return NextResponse.json(
{ error: "Erreur création utilisateur", details: errorData },
{ status: 400 }
);
}
// Get the created user
const userResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users?username=${data.username}`,
{
headers: {
Authorization: `Bearer ${token}`,
},
}
);
const users = await userResponse.json();
const user = users[0];
if (!user) {
return NextResponse.json(
{ error: "Utilisateur créé mais impossible de le récupérer" },
{ status: 500 }
);
}
// Add roles to the user
const roleObjects = validRoles.map((roleName: string) =>
availableRoles.find((r: any) => r.name === roleName)
);
const roleResponse = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${user.id}/role-mappings/realm`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token}`,
"Content-Type": "application/json",
},
body: JSON.stringify(roleObjects),
}
);
if (!roleResponse.ok) {
const errorData = await roleResponse.json();
console.error("Failed to add roles:", errorData);
return NextResponse.json(
{ error: "Erreur lors de l'ajout des rôles", details: errorData },
{ status: 500 }
);
}
return NextResponse.json({
success: true,
user: {
...user,
roles: validRoles,
},
});
} catch (error) {
console.error("Error creating user:", error);
return NextResponse.json(
{ error: "Erreur serveur", details: error },
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink