UNPKG

ssr-keycloak

Version:

SSR compatible Keycloak authentication library for React applications

github.com/mg-software/ssr-keycloak

mg-software/ssr-keycloak

152 lines (151 loc) 6.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.createKeycloakAPIRoutes = createKeycloakAPIRoutes; const auth_handler_1 = require("../server/auth-handler"); const session_1 = require("../server/session"); /** * API route handler'ları oluşturur */ function createKeycloakAPIRoutes(config) { const authHandler = new auth_handler_1.KeycloakAuthHandler(config); return { // Session bilgilerini döndürür async sessionHandler(request) { const cookies = Object.fromEntries(request.headers.get('cookie')?.split(';').map(c => { const [name, value] = c.trim().split('='); return [name, value]; }) || []); const requestContext = { cookies, headers: {}, url: request.url, method: request.method }; const session = (0, session_1.getSessionFromRequest)(requestContext); return Response.json({ isAuthenticated: (0, session_1.isSessionValid)(session), session: session || null, user: session?.user || null, tokens: session?.tokens || null }); }, // Login işlemini başlatır async loginHandler(request) { const url = new URL(request.url); const flow = url.searchParams.get('flow') || 'authorization_code'; const redirectUri = url.searchParams.get('redirectUri'); const scope = url.searchParams.get('scope'); const options = { flow: flow, redirectUri: redirectUri || undefined, scope: scope || undefined }; const authUrl = await authHandler.createAuthorizationURL(options.flow, { redirectUri: options.redirectUri, scope: options.scope }); return Response.json({ authUrl }); }, // Logout işlemini gerçekleştirir async logoutHandler(request) { const url = new URL(request.url); const redirectUri = url.searchParams.get('redirectUri'); const cookies = Object.fromEntries(request.headers.get('cookie')?.split(';').map(c => { const [name, value] = c.trim().split('='); return [name, value]; }) || []); const requestContext = { cookies, headers: {}, url: request.url, method: request.method }; const session = (0, session_1.getSessionFromRequest)(requestContext); if (session && session.tokens.idToken) { const logoutUrl = await authHandler.createLogoutURL(session.tokens.idToken, redirectUri || undefined); return Response.json({ logoutUrl }); } return Response.json({ logoutUrl: redirectUri || '/' }); }, // Token'ları yeniler async refreshHandler(request) { const cookies = Object.fromEntries(request.headers.get('cookie')?.split(';').map(c => { const [name, value] = c.trim().split('='); return [name, value]; }) || []); const requestContext = { cookies, headers: {}, url: request.url, method: request.method }; const session = (0, session_1.getSessionFromRequest)(requestContext); if (!session || !session.tokens.refreshToken) { return Response.json({ error: 'No refresh token available' }, { status: 401 }); } try { const newTokens = await authHandler.refreshTokens(requestContext, { setCookie: () => { }, deleteCookie: () => { }, redirect: () => { }, json: () => { } }); return Response.json(newTokens); } catch (error) { return Response.json({ error: 'Token refresh failed' }, { status: 401 }); } }, // Session'ı doğrular async validateHandler(request) { const cookies = Object.fromEntries(request.headers.get('cookie')?.split(';').map(c => { const [name, value] = c.trim().split('='); return [name, value]; }) || []); const requestContext = { cookies, headers: {}, url: request.url, method: request.method }; const isValid = await authHandler.validateSession(requestContext, { setCookie: () => { }, deleteCookie: () => { }, redirect: () => { }, json: () => { } }); return Response.json({ isValid }); }, // Rol kontrolleri async rolesHandler(request) { const url = new URL(request.url); const role = url.searchParams.get('role'); const resource = url.searchParams.get('resource'); const roles = url.searchParams.get('roles')?.split(','); const cookies = Object.fromEntries(request.headers.get('cookie')?.split(';').map(c => { const [name, value] = c.trim().split('='); return [name, value]; }) || []); const requestContext = { cookies, headers: {}, url: request.url, method: request.method }; const session = (0, session_1.getSessionFromRequest)(requestContext); if (!session) { return Response.json({ error: 'No session found' }, { status: 401 }); } let result = {}; if (role) { result.hasRole = (0, session_1.hasRoleInSession)(session, role, resource || undefined); } if (roles) { result.hasAnyRole = (0, session_1.hasAnyRoleInSession)(session, roles, resource || undefined); result.hasAllRoles = (0, session_1.hasAllRolesInSession)(session, roles, resource || undefined); } result.userRoles = (0, session_1.getUserRolesFromSession)(session, resource || undefined); return Response.json(result); } }; }