From c4eb6ef53a0c37c85594b119f37dfb6eba79169b Mon Sep 17 00:00:00 2001
From: Peter Maquiran <maquiranpeter29@gmail.com>
Date: Fri, 17 Apr 2026 14:53:21 +0100
Subject: [PATCH] return profile picture

---
 src/app.controller.ts                      |  2 +-
 src/app.module.ts                          |  5 +++--
 src/{ => module}/auth/auth.module.ts       |  0
 src/{ => module}/auth/keycloak.guard.ts    |  0
 src/{ => module}/auth/keycloak.strategy.ts |  6 ++++++
 src/module/profile/profile.controller.ts   | 24 ++++++++++++++++++++++
 src/module/profile/profile.module.ts       | 16 +++++++++++++++
 src/module/profile/profile.service.ts      |  8 ++++++++
 8 files changed, 58 insertions(+), 3 deletions(-)
 rename src/{ => module}/auth/auth.module.ts (100%)
 rename src/{ => module}/auth/keycloak.guard.ts (100%)
 rename src/{ => module}/auth/keycloak.strategy.ts (75%)
 create mode 100644 src/module/profile/profile.controller.ts
 create mode 100644 src/module/profile/profile.module.ts
 create mode 100644 src/module/profile/profile.service.ts

diff --git a/src/app.controller.ts b/src/app.controller.ts
index 862ff16..8b1f38d 100644
--- a/src/app.controller.ts
+++ b/src/app.controller.ts
@@ -1,6 +1,6 @@
 import { Controller, Get, UseGuards } from '@nestjs/common';
 import { AppService } from './app.service';
-import { KeycloakAuthGuard } from './auth/keycloak.guard';
+import { KeycloakAuthGuard } from './module/auth/keycloak.guard';
 
 
 @Controller()
diff --git a/src/app.module.ts b/src/app.module.ts
index 92250c8..a62491c 100644
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -1,10 +1,11 @@
 import { Module } from '@nestjs/common';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
-import { AuthModule } from './auth/auth.module';
+import { AuthModule } from './module/auth/auth.module';
+import { ProfileModule } from './module/profile/profile.module';
 
 @Module({
-  imports: [AuthModule],
+  imports: [AuthModule, ProfileModule],
   controllers: [AppController],
   providers: [AppService],
 })
diff --git a/src/auth/auth.module.ts b/src/module/auth/auth.module.ts
similarity index 100%
rename from src/auth/auth.module.ts
rename to src/module/auth/auth.module.ts
diff --git a/src/auth/keycloak.guard.ts b/src/module/auth/keycloak.guard.ts
similarity index 100%
rename from src/auth/keycloak.guard.ts
rename to src/module/auth/keycloak.guard.ts
diff --git a/src/auth/keycloak.strategy.ts b/src/module/auth/keycloak.strategy.ts
similarity index 75%
rename from src/auth/keycloak.strategy.ts
rename to src/module/auth/keycloak.strategy.ts
index ca43636..c0c9fb1 100644
--- a/src/auth/keycloak.strategy.ts
+++ b/src/module/auth/keycloak.strategy.ts
@@ -25,10 +25,16 @@ export class KeycloakStrategy extends PassportStrategy(Strategy, "keycloak") {
   }
 
   async validate(payload: any) {
+    console.log('Full JWT Payload:', payload);
     return {
       userId: payload.sub,
       email: payload.email,
+      name: payload.name,
+      // Google profile image is usually in 'picture'
+      email_verified: payload.email_verified,
+      picture: payload.picture || `https://profiles.google.com/s2/photos/profile/${payload.email}`,
       roles: payload.realm_access?.roles || [],
+      // Keep raw for debugging other custom claims
       raw: payload,
     };
   }
diff --git a/src/module/profile/profile.controller.ts b/src/module/profile/profile.controller.ts
new file mode 100644
index 0000000..0b5a700
--- /dev/null
+++ b/src/module/profile/profile.controller.ts
@@ -0,0 +1,24 @@
+import { KeycloakAuthGuard } from '../auth/keycloak.guard';
+import { ProfileService } from './profile.service';
+import { Controller, Get, UseGuards, Request } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+
+@Controller('profile')
+export class ProfileController {
+  constructor(private readonly profileService: ProfileService) {}
+
+  @UseGuards(AuthGuard('keycloak'))
+  @Get()
+  getProfile(@Request() req) {
+    // The 'user' object here is exactly what you returned from validate()
+
+    return {
+      email: req.user.email,
+      name: req.user.name,
+      picture: req.user.picture,
+      email_verified: req.user.email_verified,
+      roles: req.user.roles,
+    };
+  }
+}
diff --git a/src/module/profile/profile.module.ts b/src/module/profile/profile.module.ts
new file mode 100644
index 0000000..b90bb83
--- /dev/null
+++ b/src/module/profile/profile.module.ts
@@ -0,0 +1,16 @@
+import { Module } from '@nestjs/common';
+import { PassportModule } from '@nestjs/passport';
+import { ProfileController } from './profile.controller';
+import { ProfileService } from './profile.service';
+import { KeycloakStrategy } from '../auth/keycloak.strategy';
+
+@Module({
+  imports: [
+    // Registers the 'keycloak' strategy as a default if needed
+    PassportModule.register({ defaultStrategy: 'keycloak' }),
+  ],
+  controllers: [ProfileController],
+  providers: [ProfileService, KeycloakStrategy],
+  exports: [],
+})
+export class ProfileModule {}
\ No newline at end of file
diff --git a/src/module/profile/profile.service.ts b/src/module/profile/profile.service.ts
new file mode 100644
index 0000000..b012315
--- /dev/null
+++ b/src/module/profile/profile.service.ts
@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class ProfileService {
+  getProfile(): string {
+    return 'Hello World!';
+  }
+}