Neah version calendar fix 3 debuger sec chance danger 2

2025-04-17 00:13:38 +02:00 · 2025-04-17 00:13:38 +02:00 · 7586e17524
commit 7586e17524
parent f89c25d9a7
5 changed files with 32 additions and 9 deletions
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@ -4,3 +4,16 @@ import { authOptions } from "@/lib/auth";
 const handler = NextAuth(authOptions);
 export { handler as GET, handler as POST };

+interface JWT {
+  accessToken: string;
+  refreshToken: string;
+  accessTokenExpires: number;
+}
+
+interface Profile {
+  sub?: string;
+  email?: string;
+  name?: string;
+  roles?: string[];
+}
+
--- a/app/api/calendars/route.ts
+++ b/app/api/calendars/route.ts
@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
+import { authOptions } from "@/lib/auth";
 import { getServerSession } from "next-auth/next";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
 import { prisma } from "@/lib/prisma";

 /**
--- a/app/api/leantime/tasks/route.ts
+++ b/app/api/leantime/tasks/route.ts
@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "next-auth/next";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { authOptions } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";

 // Cache for Leantime user IDs
--- a/app/api/rocket-chat/messages/route.ts
+++ b/app/api/rocket-chat/messages/route.ts
@ -1,5 +1,5 @@
 import { getServerSession } from "next-auth/next";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { authOptions } from "@/lib/auth";
 import { NextResponse } from "next/server";

 // Helper function to get user token using admin credentials
--- a/lib/auth.ts
+++ b/lib/auth.ts
@ -18,7 +18,7 @@ declare module 'next-auth' {
  }
  interface Profile {
    sub: string;
-    email?: string;
+    email: string;
    name?: string;
    roles?: string[];
  }
@ -30,9 +30,9 @@ declare module 'next-auth/jwt' {
    email: string;
    name?: string;
    role: string[];
-    accessToken?: string;
-    refreshToken?: string;
-    accessTokenExpires?: number;
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpires: number;
    error?: string;
  }
 }
@ -56,21 +56,31 @@ export const authOptions: NextAuthOptions = {
  callbacks: {
    async jwt({ token, account, profile }) {
      if (account && profile) {
+        if (!profile.sub) {
+          throw new Error('No user ID (sub) provided by Keycloak');
+        }
+        if (!account.access_token || !account.refresh_token || !account.expires_at) {
+          throw new Error('Missing required token fields from Keycloak');
+        }
        token.id = profile.sub;
        token.email = profile.email || '';
        token.name = profile.name;
        token.role = profile.roles || ['user'];
        token.accessToken = account.access_token;
        token.refreshToken = account.refresh_token;
-        token.accessTokenExpires = account.expires_at! * 1000;
+        token.accessTokenExpires = account.expires_at * 1000;
      }

      // Return previous token if not expired
-      if (Date.now() < (token.accessTokenExpires as number)) {
+      if (token.accessTokenExpires && Date.now() < token.accessTokenExpires) {
        return token;
      }

      // Token expired, try to refresh
+      if (!token.refreshToken) {
+        throw new Error('No refresh token available');
+      }
+
      try {
        const response = await fetch(
          `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,