NeahNew/.next/server/app/api/auth/refresh-keycloak-session/route.js


			
				
					
						
						
						
							
							
							(()=>{var e={};e.id=4781,e.ids=[4781],e.modules={3295:e=>{"use strict";e.exports=require("next/dist/server/app-render/after-task-async-storage.external.js")},10846:e=>{"use strict";e.exports=require("next/dist/compiled/next-server/app-page.runtime.prod.js")},11723:e=>{"use strict";e.exports=require("querystring")},12412:e=>{"use strict";e.exports=require("assert")},26690:(e,r,s)=>{"use strict";s.d(r,{N:()=>a});var o=s(1926),n=s(10591);function t(e){let r=process.env[e];if(!r)throw Error(`Missing required environment variable: ${e}`);return r}async function i(e){try{let r=await fetch(`${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/token`,{headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:process.env.KEYCLOAK_CLIENT_ID,client_secret:process.env.KEYCLOAK_CLIENT_SECRET,grant_type:"refresh_token",refresh_token:e.refreshToken||""}),method:"POST"}),s=await r.json();if(!r.ok){if("invalid_grant"===s.error||s.error_description?.includes("Session not active")||s.error_description?.includes("Token is not active"))return console.log("Keycloak session invalidated (likely logged out from iframe), marking token for removal"),{...e,error:"SessionNotActive"};throw s}return{...e,accessToken:s.access_token,refreshToken:s.refresh_token??e.refreshToken,idToken:e.idToken,accessTokenExpires:Date.now()+1e3*s.expires_in}}catch(r){if(console.error("Error refreshing access token:",r),r?.error==="invalid_grant"||r?.error_description?.includes("Session not active")||r?.error_description?.includes("Token is not active"))return{...e,error:"SessionNotActive"};return{...e,error:"RefreshAccessTokenError"}}}let a={providers:[(0,o.A)({clientId:t("KEYCLOAK_CLIENT_ID"),clientSecret:t("KEYCLOAK_CLIENT_SECRET"),issuer:t("KEYCLOAK_ISSUER"),authorization:{params:{scope:"openid profile email roles"}},profile(e){console.log("Keycloak profile callback:",{rawProfile:e,rawRoles:e.roles,realmAccess:e.realm_access,groups:e.groups});let r=e.realm_access?.roles||[];console.log("Profile callback raw roles:",r);let s=r.map(e=>e.replace(/^ROLE_/,"").toLowerCase());return console.log("Profile callback cleaned roles:",s),{id:e.sub,name:e.name??e.preferred_username,email:e.email,first_name:e.given_name??"",last_name:e.family_name??"",username:e.preferred_username??e.email?.split("@")[0]??"",role:s}}})],session:{strategy:"jwt",maxAge:2592e3},callbacks:{async jwt({token:e,account:r,profile:s}){if(r&&s){let o=(s.realm_access?.roles||[]).map(e=>e.replace(/^ROLE_/,"").toLowerCase());e.accessToken=r.access_token??"",e.refreshToken=r.refresh_token??"",e.idToken=r.id_token??"",e.accessTokenExpires=r.expires_at??0,e.sub=s.sub,e.role=o,e.username=s.preferred_username??"",e.first_name=s.given_name??"",e.last_name=s.family_name??""}else if(e.accessToken)try{let r=(0,n.s)(e.accessToken);r.realm_access?.roles&&(e.role=r.realm_access.roles.map(e=>e.replace(/^ROLE_/,"").toLowerCase()))}catch(e){console.error("Error decoding token:",e)}let o=e.accessTokenExpires;if(o&&Date.now()<o)return e;if(!e.refreshToken)return console.log("No refresh token available, cannot refresh"),{...e,accessToken:void 0,refreshToken:void 0,idToken:void 0,error:"NoRefreshToken"};let t=await i(e);return"SessionNotActive"===t.error?(console.log("Keycloak session invalidated, clearing token to force re-authentication"),{...t,accessToken:void 0,refreshToken:void 0,idToken:void 0}):"RefreshAccessTokenError"!==t.error||t.accessToken?t:(console.log("Refresh token invalid, clearing session to force re-authentication"),{...t,accessToken:void 0,refreshToken:void 0,idToken:void 0})},async session({session:e,token:r}){if("SessionNotActive"===r.error||"NoRefreshToken"===r.error||!r.accessToken||!r.refreshToken)return console.log("Session invalidated or tokens missing, user will be signed out",{error:r.error,hasAccessToken:!!r.accessToken,hasRefreshToken:!!r.refreshToken}),null;if(r.error)throw Error(r.error);let s=Array.isArray(r.role)?r.role:[];return e.user={id:r.sub??"",email:r.email??null,name:r.name??null,image:null,username:r.username??"",first_name:r.first_name??"",last_name:r.last_name??"",role:s,nextcloudInitialized:!1},e.accessToken=r.accessToken,e.idToken=r.idToken,e.refreshToken=r.refreshToken,e}},pages:{signIn:"/signin",error:"/signin"},debug:!1}},28354:e=>{"use strict";e.exports=require("util")},29294:e=>{"use strict";e.exports=require("next/dist/server/app-render/work-async-storage.external.js")},44870:e=>{"use strict";e.exports=require("next/dist/compiled/next-server/app-route.runtime.prod.js")},55511:e=>{"use strict";e.exports=require("crypto")},55591:e=>{"use strict";e.exports=require("https")},63033:e=>{"use strict";e.exports=require("next/dist/server/app-render/work-unit-async-storage.external.js")},68125:(e,r,s)=>{"use strict";s.r(r),s.d(r,{patchFetch:()=>h,routeModule:()=>d,serverHooks:()=>f,workAsyncStorage:()=>p,workUnitAsyncStorage:()=>k});var o={};s.r(o),s.d(o,{GET:()=>u});var n=s(96559),t=s(48088),i=s(37719),a=s(32190),c=s(35426),l=s(26690);async function u(e){try{let e=await (0,c.getServerSession)(l.N);if(!e?.accessToken||!e?.refreshToken)return a.NextResponse.json({error:"No active session"},{status:401});let r=process.env.KEYCLOAK_ISSUER,s=process.env.KEYCLOAK_CLIENT_ID,o=process.env.KEYCLOAK_CLIENT_SECRET;if(!r||!s||!o)return a.NextResponse.json({error:"Keycloak configuration missing"},{status:500});let n=await fetch(`${r}/protocol/openid-connect/token`,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({client_id:s,client_secret:o,grant_type:"refresh_token",refresh_token:e.refreshToken})});if(!n.ok){let e=await n.json().catch(()=>({}));if(console.error("Failed to refresh Keycloak session:",e),"invalid_grant"===e.error||e.error_description?.includes("Token is not active")||e.error_description?.includes("Session not active"))return a.NextResponse.json({error:"SessionInvalidated",message:"Keycloak session was invalidated. Please sign in again.",details:e},{status:401});return a.NextResponse.json({error:"Failed to refresh Keycloak session",details:e},{status:n.status})}return await n.json(),a.NextResponse.json({success:!0,message:"Keycloak session refreshed"})}catch(e){return console.error("Error refreshing Keycloak session:",e),a.NextResponse.json({error:"Internal server error"},{status:500})}}let d=new n.AppRouteRouteModule({definition:{kind:t.RouteKind.APP_ROUTE,page:"/api/auth/refresh-keycloak-session/route",pathname:"/api/auth/refresh-keycloak-session",filename:"route",bundlePath:"app/api/auth/refresh-keycloak-session/route"},resolvedPagePath:"/Users/alma/Documents/NeahNew/app/api/auth/refresh-keycloak-session/route.ts",nextConfigOutput:"",userland:o}),{workAsyncStorage:p,workUnitAsyncStorage:k,serverHooks:f}=d;function h(){return(0,i.patchFetch)({workAsyncStorage:p,workUnitAsyncStorage:k})}},74075:e=>{"use strict";e.exports=require("zlib")},78335:()=>{},79428:e=>{"use strict";e.exports=require("buffer")},79551:e=>{"use strict";e.exports=require("url")},81630:e=>{"use strict";e.exports=require("http")},94735:e=>{"use strict";e.exports=require("events")},96487:()=>{}};var r=require("../../../../webpack-runtime.js");r.C(e);var s=e=>r(r.s=e),o=r.X(0,[4243,5419,580],()=>s(68125));module.exports=o})();
						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink