Neah version calendar fix 3 debuger ???? ???

app/api/auth/[...nextauth]/route 2.ts

@@ -0,0 +1,144 @@
+import NextAuth, { NextAuthOptions } from "next-auth";
+import KeycloakProvider from "next-auth/providers/keycloak";
+
+declare module "next-auth" {
+  interface Session {
+    user: {
+      id: string;
+      name?: string | null;
+      email?: string | null;
+      image?: string | null;
+      username: string;
+      first_name: string;
+      last_name: string;
+      role: string[];
+    };
+    accessToken: string;
+  }
+
+  interface JWT {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpires: number;
+    role: string[];
+    username: string;
+    first_name: string;
+    last_name: string;
+  }
+}
+
+function getRequiredEnvVar(name: string): string {
+  const value = process.env[name];
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    KeycloakProvider({
+      clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
+      clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
+      issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
+      profile(profile) {
+        return {
+          id: profile.sub,
+          name: profile.name ?? profile.preferred_username,
+          email: profile.email,
+          first_name: profile.given_name ?? '',
+          last_name: profile.family_name ?? '',
+          username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '',
+          role: profile.groups ?? [],
+        }
+      },
+    }),
+  ],
+  session: {
+    strategy: "jwt",
+    maxAge: 30 * 24 * 60 * 60, // 30 days
+  },
+  callbacks: {
+    async jwt({ token, account, profile }) {
+      if (account && profile) {
+        token.accessToken = account.access_token;
+        token.refreshToken = account.refresh_token;
+        token.accessTokenExpires = account.expires_at! * 1000;
+        token.role = (profile as any).groups ?? [];
+        token.username = (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '';
+        token.first_name = (profile as any).given_name ?? '';
+        token.last_name = (profile as any).family_name ?? '';
+      }
+
+      // Return previous token if not expired
+      if (Date.now() < (token.accessTokenExpires as number)) {
+        return token;
+      }
+
+      try {
+        const clientId = getRequiredEnvVar("KEYCLOAK_CLIENT_ID");
+        const clientSecret = getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET");
+
+        const response = await fetch(
+          `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams({
+              grant_type: "refresh_token",
+              client_id: clientId,
+              client_secret: clientSecret,
+              refresh_token: token.refreshToken as string,
+            }),
+          }
+        );
+
+        const tokens = await response.json();
+
+        if (!response.ok) {
+          throw new Error("RefreshAccessTokenError");
+        }
+
+        return {
+          ...token,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token ?? token.refreshToken,
+          accessTokenExpires: Date.now() + tokens.expires_in * 1000,
+        };
+      } catch (error) {
+        return {
+          ...token,
+          error: "RefreshAccessTokenError",
+        };
+      }
+    },
+    async session({ session, token }) {
+      if (token.error) {
+        throw new Error("RefreshAccessTokenError");
+      }
+
+      session.accessToken = token.accessToken;
+      session.user = {
+        ...session.user,
+        id: token.sub as string,
+        first_name: token.first_name ?? '',
+        last_name: token.last_name ?? '',
+        username: token.username ?? '',
+        role: token.role ?? [],
+      };
+
+      return session;
+    }
+  },
+  pages: {
+    signIn: '/signin',
+    error: '/signin',
+  },
+  debug: process.env.NODE_ENV === 'development',
+};
+
+const handler = NextAuth(authOptions);
+export { handler as GET, handler as POST };
+

app/api/auth/[...nextauth]/route.ts

@@ -1,5 +1,5 @@
-import NextAuth from "next-auth";
-import { authOptions } from '@/lib/auth';
+import NextAuth, { NextAuthOptions } from "next-auth";
+import KeycloakProvider from "next-auth/providers/keycloak";
 
 declare module "next-auth" {
   interface Session {
@@ -27,6 +27,118 @@ declare module "next-auth" {
   }
 }
 
+function getRequiredEnvVar(name: string): string {
+  const value = process.env[name];
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+
+export const authOptions: NextAuthOptions = {
+  providers: [
+    KeycloakProvider({
+      clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
+      clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
+      issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
+      profile(profile) {
+        return {
+          id: profile.sub,
+          name: profile.name ?? profile.preferred_username,
+          email: profile.email,
+          first_name: profile.given_name ?? '',
+          last_name: profile.family_name ?? '',
+          username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '',
+          role: profile.groups ?? [],
+        }
+      },
+    }),
+  ],
+  session: {
+    strategy: "jwt",
+    maxAge: 30 * 24 * 60 * 60, // 30 days
+  },
+  callbacks: {
+    async jwt({ token, account, profile }) {
+      if (account && profile) {
+        token.accessToken = account.access_token;
+        token.refreshToken = account.refresh_token;
+        token.accessTokenExpires = account.expires_at! * 1000;
+        token.role = (profile as any).groups ?? [];
+        token.username = (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '';
+        token.first_name = (profile as any).given_name ?? '';
+        token.last_name = (profile as any).family_name ?? '';
+      }
+
+      // Return previous token if not expired
+      if (Date.now() < (token.accessTokenExpires as number)) {
+        return token;
+      }
+
+      try {
+        const clientId = getRequiredEnvVar("KEYCLOAK_CLIENT_ID");
+        const clientSecret = getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET");
+
+        const response = await fetch(
+          `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams({
+              grant_type: "refresh_token",
+              client_id: clientId,
+              client_secret: clientSecret,
+              refresh_token: token.refreshToken as string,
+            }),
+          }
+        );
+
+        const tokens = await response.json();
+
+        if (!response.ok) {
+          throw new Error("RefreshAccessTokenError");
+        }
+
+        return {
+          ...token,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token ?? token.refreshToken,
+          accessTokenExpires: Date.now() + tokens.expires_in * 1000,
+        };
+      } catch (error) {
+        return {
+          ...token,
+          error: "RefreshAccessTokenError",
+        };
+      }
+    },
+    async session({ session, token }) {
+      if (token.error) {
+        throw new Error("RefreshAccessTokenError");
+      }
+
+      session.accessToken = token.accessToken;
+      session.user = {
+        ...session.user,
+        id: token.sub as string,
+        first_name: token.first_name ?? '',
+        last_name: token.last_name ?? '',
+        username: token.username ?? '',
+        role: token.role ?? [],
+      };
+
+      return session;
+    }
+  },
+  pages: {
+    signIn: '/signin',
+    error: '/signin',
+  },
+  debug: process.env.NODE_ENV === 'development',
+};
+
 const handler = NextAuth(authOptions);
 export { handler as GET, handler as POST };
 

app/api/calendars/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "next-auth/next";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { authOptions } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";
 
 /**

app/api/leantime/tasks/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "next-auth/next";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { authOptions } from "@/lib/auth";
 
 interface Task {
   id: string;

app/api/rocket-chat/messages/route.ts

@@ -1,5 +1,5 @@
 import { getServerSession } from "next-auth";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { authOptions } from "@/lib/auth";
 import { NextResponse } from "next/server";
 
 // Helper function to get user token using admin credentials

app/layout.tsx

@@ -3,7 +3,7 @@ import { Inter } from "next/font/google";
 import "./globals.css";
 import { headers } from "next/headers";
 import { getServerSession } from "next-auth/next";
-import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { authOptions } from "@/lib/auth";
 import { Providers } from "@/components/providers";
 import { LayoutWrapper } from "@/components/layout/layout-wrapper";