alma/NeahFront9
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Neah version calendar fix 3 debuger sec chance danger debug 8

Browse Source
This commit is contained in:
alma 2025-04-17 00:51:57 +02:00
parent d767ee9510
commit ae15fa7678
2 changed files with 137 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
app/api/auth/[...nextauth]/route.ts
View File

@ -1,22 +1,145 @@
import NextAuth from "next-auth"; import NextAuth, { NextAuthOptions } from "next-auth";
import { authOptions } from "@/lib/auth"; import KeycloakProvider from "next-auth/providers/keycloak";
const handler = NextAuth({ declare module "next-auth" {
...authOptions, interface Session {
debug: true, // Enable debug logging user: {
callbacks: { id: string;
...authOptions.callbacks, name?: string | null;
async redirect({ url, baseUrl }) { email?: string | null;
console.log('Redirect callback:', { url, baseUrl }); image?: string | null;
// Allows relative callback URLs username: string;
if (url.startsWith("/")) return `${baseUrl}${url}`; first_name: string;
// Allows callback URLs on the same origin last_name: string;
else if (new URL(url).origin === baseUrl) return url; role: string[];
return baseUrl; };
accessToken: string;
}
interface JWT {
accessToken: string;
refreshToken: string;
accessTokenExpires: number;
role: string[];
username: string;
first_name: string;
last_name: string;
}
}
function getRequiredEnvVar(name: string): string {
const value = process.env[name];
if (!value) {
throw new Error(`Missing required environment variable: ${name}`);
}
return value;
}
export const authOptions: NextAuthOptions = {
providers: [
KeycloakProvider({
clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
profile(profile) {
return {
id: profile.sub,
name: profile.name ?? profile.preferred_username,
email: profile.email,
first_name: profile.given_name ?? '',
last_name: profile.family_name ?? '',
username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '',
role: profile.groups ?? [],
} }
}, },
}); }),
],
session: {
strategy: "jwt",
maxAge: 30 * 24 * 60 * 60, // 30 days
},
callbacks: {
async jwt({ token, account, profile }) {
if (account && profile) {
token.accessToken = account.access_token;
token.refreshToken = account.refresh_token;
token.accessTokenExpires = account.expires_at! * 1000;
token.role = (profile as any).groups ?? [];
token.username = (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '';
token.first_name = (profile as any).given_name ?? '';
token.last_name = (profile as any).family_name ?? '';
}
// Return previous token if not expired
if (Date.now() < (token.accessTokenExpires as number)) {
return token;
}
try {
const clientId = getRequiredEnvVar("KEYCLOAK_CLIENT_ID");
const clientSecret = getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET");
const response = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body: new URLSearchParams({
grant_type: "refresh_token",
client_id: clientId,
client_secret: clientSecret,
refresh_token: token.refreshToken as string,
}),
}
);
const tokens = await response.json();
if (!response.ok) {
throw new Error("RefreshAccessTokenError");
}
return {
...token,
accessToken: tokens.access_token,
refreshToken: tokens.refresh_token ?? token.refreshToken,
accessTokenExpires: Date.now() + tokens.expires_in * 1000,
};
} catch (error) {
return {
...token,
error: "RefreshAccessTokenError",
};
}
},
async session({ session, token }) {
if (token.error) {
throw new Error("RefreshAccessTokenError");
}
session.accessToken = token.accessToken;
session.user = {
...session.user,
id: token.sub as string,
first_name: token.first_name ?? '',
last_name: token.last_name ?? '',
username: token.username ?? '',
role: token.role ?? [],
};
return session;
}
},
pages: {
signIn: '/signin',
error: '/signin',
},
debug: process.env.NODE_ENV === 'development',
};
const handler = NextAuth(authOptions);
export { handler as GET, handler as POST }; export { handler as GET, handler as POST };
interface JWT { interface JWT {

140
lib/auth.ts
View File

@ -1,140 +0,0 @@
import NextAuth, { NextAuthOptions } from "next-auth";
import KeycloakProvider from "next-auth/providers/keycloak";
declare module "next-auth" {
interface Session {
user: {
id: string;
name?: string | null;
email?: string | null;
image?: string | null;
username: string;
first_name: string;
last_name: string;
role: string[];
};
accessToken: string;
}
interface JWT {
accessToken: string;
refreshToken: string;
accessTokenExpires: number;
role: string[];
username: string;
first_name: string;
last_name: string;
}
}
function getRequiredEnvVar(name: string): string {
const value = process.env[name];
if (!value) {
throw new Error(`Missing required environment variable: ${name}`);
}
return value;
}
export const authOptions: NextAuthOptions = {
providers: [
KeycloakProvider({
clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
profile(profile) {
return {
id: profile.sub,
name: profile.name ?? profile.preferred_username,
email: profile.email,
first_name: profile.given_name ?? '',
last_name: profile.family_name ?? '',
username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '',
role: profile.groups ?? [],
}
},
}),
],
session: {
strategy: "jwt",
maxAge: 30 * 24 * 60 * 60, // 30 days
},
callbacks: {
async jwt({ token, account, profile }) {
if (account && profile) {
token.accessToken = account.access_token!;
token.refreshToken = account.refresh_token!;
token.accessTokenExpires = account.expires_at! * 1000;
token.role = (profile as any).groups ?? [];
token.username = (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '';
token.first_name = (profile as any).given_name ?? '';
token.last_name = (profile as any).family_name ?? '';
}
// Return previous token if not expired
if (Date.now() < (token.accessTokenExpires as number)) {
return token;
}
try {
const clientId = getRequiredEnvVar("KEYCLOAK_CLIENT_ID");
const clientSecret = getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET");
const response = await fetch(
`${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
{
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body: new URLSearchParams({
grant_type: "refresh_token",
client_id: clientId,
client_secret: clientSecret,
refresh_token: token.refreshToken as string,
}),
}
);
const tokens = await response.json();
if (!response.ok) {
throw new Error("RefreshAccessTokenError");
}
return {
...token,
accessToken: tokens.access_token,
refreshToken: tokens.refresh_token ?? token.refreshToken,
accessTokenExpires: Date.now() + tokens.expires_in * 1000,
};
} catch (error) {
return {
...token,
error: "RefreshAccessTokenError",
};
}
},
async session({ session, token }) {
if (token.error) {
throw new Error("RefreshAccessTokenError");
}
session.accessToken = token.accessToken;
session.user = {
...session.user,
id: token.sub as string,
first_name: token.first_name ?? '',
last_name: token.last_name ?? '',
username: token.username ?? '',
role: token.role ?? [],
};
return session;
}
},
pages: {
signIn: '/signin',
error: '/signin',
},
debug: process.env.NODE_ENV === 'development',
};