import { getServerSession } from "next-auth/next"; import { authOptions } from "@/app/api/auth/[...nextauth]/route"; import { NextResponse } from "next/server"; async function getAdminToken() { try { const tokenResponse = await fetch( `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, body: new URLSearchParams({ grant_type: 'client_credentials', client_id: process.env.KEYCLOAK_CLIENT_ID!, client_secret: process.env.KEYCLOAK_CLIENT_SECRET!, }), } ); const data = await tokenResponse.json(); if (!tokenResponse.ok || !data.access_token) { console.error('Token Error:', data); return null; } return data.access_token; } catch (error) { console.error('Token Error:', error); return null; } } export async function GET() { const session = await getServerSession(authOptions); if (!session) { return NextResponse.json({ error: "Non autorisé" }, { status: 401 }); } try { const token = await getAdminToken(); if (!token) { return NextResponse.json({ error: "Erreur d'authentification" }, { status: 401 }); } const response = await fetch( `${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/roles`, { headers: { Authorization: `Bearer ${token}`, }, } ); if (!response.ok) { const errorData = await response.json(); console.error("Failed to fetch roles:", errorData); return NextResponse.json({ error: "Erreur lors de la récupération des rôles" }, { status: response.status }); } const roles = await response.json(); // Filter out only Keycloak system roles const filteredRoles = roles.filter((role: any) => !role.name.startsWith('default-roles-') && !['offline_access', 'uma_authorization'].includes(role.name) ); console.log("Available roles:", filteredRoles); return NextResponse.json(filteredRoles); } catch (error) { console.error("Error fetching roles:", error); return NextResponse.json( { error: "Une erreur est survenue" }, { status: 500 } ); } }