alma/NeahFront7
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

correction flow

Browse Source
This commit is contained in:
Alma 2025-04-12 09:48:09 +02:00
parent 2dd300f7fc
commit 0acc96937f
1 changed files with 6 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
app/api/auth/[...nextauth]/route.ts
View File

@ -60,13 +60,6 @@ export const authOptions: NextAuthOptions = {
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
issuer: process.env.KEYCLOAK_ISSUER!, issuer: process.env.KEYCLOAK_ISSUER!,
profile(profile) { profile(profile) {
// Filter out system roles and only keep valid user roles
const validRoles = (profile.groups || [])
.filter((role: string) =>
!role.startsWith('default-roles-') &&
!['offline_access', 'uma_authorization'].includes(role)
);
return { return {
id: profile.sub, id: profile.sub,
name: profile.name ?? profile.preferred_username, name: profile.name ?? profile.preferred_username,
@ -74,7 +67,7 @@ export const authOptions: NextAuthOptions = {
first_name: profile.given_name ?? '', first_name: profile.given_name ?? '',
last_name: profile.family_name ?? '', last_name: profile.family_name ?? '',
username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '', username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '',
role: validRoles, role: profile.groups || [],
} }
}, },
}), }),
@ -90,195 +83,17 @@ export const authOptions: NextAuthOptions = {
token.first_name = profile.given_name || ''; token.first_name = profile.given_name || '';
token.last_name = profile.family_name || ''; token.last_name = profile.family_name || '';
token.role = profile.groups || []; token.role = profile.groups || [];
token.accessToken = account.access_token;
// Get user info from Rocket.Chat using the admin token token.refreshToken = account.refresh_token;
const userInfoResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.info?username=${token.username}`, { token.accessTokenExpires = account.expires_at ? account.expires_at * 1000 : Date.now() + 60 * 60 * 1000;
headers: {
'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string,
'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string,
},
});
if (!userInfoResponse.ok) {
console.error('Failed to get user info:', {
status: userInfoResponse.status,
statusText: userInfoResponse.statusText,
username: token.username
});
return token;
}
const userInfo = await userInfoResponse.json();
console.log('User info response:', userInfo);
if (!userInfo.user || !userInfo.user._id) {
console.error('Invalid user info response:', userInfo);
return token;
}
// Set the user's Rocket.Chat ID
token.rocketChatUserId = userInfo.user._id;
console.log('Set Rocket.Chat user ID:', token.rocketChatUserId);
// Get personal access tokens for the user
const tokensResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.getPersonalAccessTokens`, {
headers: {
'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string,
'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string,
},
});
if (!tokensResponse.ok) {
console.error('Failed to get personal access tokens:', {
status: tokensResponse.status,
statusText: tokensResponse.statusText,
username: token.username
});
return token;
}
const tokensData = await tokensResponse.json();
console.log('Personal access tokens response:', tokensData);
// Find existing token or create a new one
let personalAccessToken = tokensData.tokens?.find((t: any) => t.name === 'NextAuth');
if (!personalAccessToken) {
console.log('No existing token found, creating new one');
const createTokenResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.generatePersonalAccessToken`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string,
'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string,
},
body: JSON.stringify({
tokenName: 'NextAuth',
bypassTwoFactor: true,
}),
});
if (!createTokenResponse.ok) {
console.error('Failed to create personal access token:', {
status: createTokenResponse.status,
statusText: createTokenResponse.statusText,
username: token.username
});
return token;
}
const createTokenData = await createTokenResponse.json();
console.log('Create token response:', createTokenData);
personalAccessToken = createTokenData.token;
}
// Set the personal access token
token.rocketChatToken = personalAccessToken.token;
console.log('Set Rocket.Chat token:', token.rocketChatToken);
return token;
} }
// If we have a username but no Rocket.Chat credentials, fetch them // Return previous token if it's not expired
if (token.username && (!token.rocketChatToken || !token.rocketChatUserId)) {
console.log('Fetching Rocket.Chat credentials for existing user:', token.username);
// Get user info from Rocket.Chat using the admin token
const userInfoResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.info?username=${token.username}`, {
headers: {
'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string,
'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string,
},
});
if (!userInfoResponse.ok) {
console.error('Failed to get user info:', {
status: userInfoResponse.status,
statusText: userInfoResponse.statusText,
username: token.username
});
return token;
}
const userInfo = await userInfoResponse.json();
console.log('User info response:', userInfo);
if (!userInfo.user || !userInfo.user._id) {
console.error('Invalid user info response:', userInfo);
return token;
}
// Set the user's Rocket.Chat ID
token.rocketChatUserId = userInfo.user._id;
console.log('Set Rocket.Chat user ID:', token.rocketChatUserId);
// Get personal access tokens for the user
const tokensResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.getPersonalAccessTokens`, {
headers: {
'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string,
'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string,
},
});
if (!tokensResponse.ok) {
console.error('Failed to get personal access tokens:', {
status: tokensResponse.status,
statusText: tokensResponse.statusText,
username: token.username
});
return token;
}
const tokensData = await tokensResponse.json();
console.log('Personal access tokens response:', tokensData);
// Find existing token or create a new one
let personalAccessToken = tokensData.tokens?.find((t: any) => t.name === 'NextAuth');
if (!personalAccessToken) {
console.log('No existing token found, creating new one');
const createTokenResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.generatePersonalAccessToken`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string,
'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string,
},
body: JSON.stringify({
tokenName: 'NextAuth',
bypassTwoFactor: true,
}),
});
if (!createTokenResponse.ok) {
console.error('Failed to create personal access token:', {
status: createTokenResponse.status,
statusText: createTokenResponse.statusText,
username: token.username
});
return token;
}
const createTokenData = await createTokenResponse.json();
console.log('Create token response:', createTokenData);
personalAccessToken = createTokenData.token;
}
// Set the personal access token
token.rocketChatToken = personalAccessToken.token;
console.log('Set Rocket.Chat token:', token.rocketChatToken);
return token;
}
// Return previous token if it has Rocket.Chat credentials
if (token.rocketChatToken && token.rocketChatUserId) {
return token;
}
// Token refresh case
if (Date.now() < (token.accessTokenExpires as number)) { if (Date.now() < (token.accessTokenExpires as number)) {
return token; return token;
} }
// Token refresh case
try { try {
const response = await fetch( const response = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`, `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
@ -317,17 +132,9 @@ export const authOptions: NextAuthOptions = {
throw new Error("RefreshAccessTokenError"); throw new Error("RefreshAccessTokenError");
} }
console.log('Session callback token:', {
hasRocketChatToken: !!token.rocketChatToken,
hasRocketChatUserId: !!token.rocketChatUserId,
token: token
});
return { return {
...session, ...session,
accessToken: token.accessToken, accessToken: token.accessToken,
rocketChatToken: token.rocketChatToken || '',
rocketChatUserId: token.rocketChatUserId || '',
user: { user: {
...session.user, ...session.user,
id: token.sub as string, id: token.sub as string,