alma/NeahFront9
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Neah version calendar fix 3 debuger sec chance danger debug

Browse Source
This commit is contained in:
alma 2025-04-17 00:16:34 +02:00
parent 7586e17524
commit 9eef481490
2 changed files with 63 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
app/api/auth/[...nextauth]/route.ts
View File

@ -1,7 +1,44 @@
import NextAuth from "next-auth"; import NextAuth from "next-auth";
import { authOptions } from "@/lib/auth"; import { authOptions } from "@/lib/auth";
const handler = NextAuth(authOptions); const handler = NextAuth({
...authOptions,
debug: true, // Enable debug logging
callbacks: {
...authOptions.callbacks,
async redirect({ url, baseUrl }) {
console.log('Redirect callback:', { url, baseUrl });
// Allows relative callback URLs
if (url.startsWith("/")) return `${baseUrl}${url}`;
// Allows callback URLs on the same origin
else if (new URL(url).origin === baseUrl) return url;
return baseUrl;
},
async session({ session, token }) {
console.log('Session callback:', {
sessionBefore: session,
token: { ...token, refreshToken: '[REDACTED]' }
});
if (token.error) {
console.error('Token error:', token.error);
throw new Error('RefreshAccessTokenError');
}
session.user.id = token.id;
session.user.email = token.email;
session.user.name = token.name;
session.user.role = token.role;
console.log('Session after:', {
sessionAfter: { ...session, user: { ...session.user, id: '[REDACTED]' } }
});
return session;
},
},
});
export { handler as GET, handler as POST }; export { handler as GET, handler as POST };
interface JWT { interface JWT {

26
lib/auth.ts
View File

@ -43,8 +43,15 @@ export const authOptions: NextAuthOptions = {
clientId: process.env.KEYCLOAK_CLIENT_ID!, clientId: process.env.KEYCLOAK_CLIENT_ID!,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
issuer: process.env.KEYCLOAK_ISSUER, issuer: process.env.KEYCLOAK_ISSUER,
authorization: {
params: {
scope: 'openid email profile',
response_type: 'code',
}
},
}), }),
], ],
debug: true,
session: { session: {
strategy: 'jwt', strategy: 'jwt',
maxAge: 30 * 24 * 60 * 60, // 30 days maxAge: 30 * 24 * 60 * 60, // 30 days
@ -55,11 +62,19 @@ export const authOptions: NextAuthOptions = {
}, },
callbacks: { callbacks: {
async jwt({ token, account, profile }) { async jwt({ token, account, profile }) {
console.log('JWT callback:', {
tokenBefore: { ...token, refreshToken: token.refreshToken ? '[REDACTED]' : undefined },
account: account ? { ...account, refresh_token: '[REDACTED]' } : null,
profile
});
if (account && profile) { if (account && profile) {
if (!profile.sub) { if (!profile.sub) {
console.error('No user ID (sub) provided by Keycloak');
throw new Error('No user ID (sub) provided by Keycloak'); throw new Error('No user ID (sub) provided by Keycloak');
} }
if (!account.access_token || !account.refresh_token || !account.expires_at) { if (!account.access_token || !account.refresh_token || !account.expires_at) {
console.error('Missing required token fields from Keycloak');
throw new Error('Missing required token fields from Keycloak'); throw new Error('Missing required token fields from Keycloak');
} }
token.id = profile.sub; token.id = profile.sub;
@ -69,6 +84,10 @@ export const authOptions: NextAuthOptions = {
token.accessToken = account.access_token; token.accessToken = account.access_token;
token.refreshToken = account.refresh_token; token.refreshToken = account.refresh_token;
token.accessTokenExpires = account.expires_at * 1000; token.accessTokenExpires = account.expires_at * 1000;
console.log('JWT token updated:', {
tokenAfter: { ...token, refreshToken: '[REDACTED]' }
});
} }
// Return previous token if not expired // Return previous token if not expired
@ -78,10 +97,12 @@ export const authOptions: NextAuthOptions = {
// Token expired, try to refresh // Token expired, try to refresh
if (!token.refreshToken) { if (!token.refreshToken) {
console.error('No refresh token available');
throw new Error('No refresh token available'); throw new Error('No refresh token available');
} }
try { try {
console.log('Attempting to refresh token...');
const response = await fetch( const response = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`, `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{ {
@ -93,7 +114,7 @@ export const authOptions: NextAuthOptions = {
grant_type: 'refresh_token', grant_type: 'refresh_token',
client_id: process.env.KEYCLOAK_CLIENT_ID!, client_id: process.env.KEYCLOAK_CLIENT_ID!,
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!, client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
refresh_token: token.refreshToken as string, refresh_token: token.refreshToken,
}), }),
} }
); );
@ -101,9 +122,11 @@ export const authOptions: NextAuthOptions = {
const tokens = await response.json(); const tokens = await response.json();
if (!response.ok) { if (!response.ok) {
console.error('Token refresh failed:', tokens);
throw new Error('RefreshAccessTokenError'); throw new Error('RefreshAccessTokenError');
} }
console.log('Token refreshed successfully');
return { return {
...token, ...token,
accessToken: tokens.access_token, accessToken: tokens.access_token,
@ -111,6 +134,7 @@ export const authOptions: NextAuthOptions = {
accessTokenExpires: Date.now() + tokens.expires_in * 1000, accessTokenExpires: Date.now() + tokens.expires_in * 1000,
}; };
} catch (error) { } catch (error) {
console.error('Error refreshing token:', error);
return { return {
...token, ...token,
error: 'RefreshAccessTokenError', error: 'RefreshAccessTokenError',