lib/getPermisions.ts

import { NextResponse } from "next/server";
import { jwtVerify } from "jose";

const getTokenFromCookies = (cookieHeader: string | null) => {
  if (!cookieHeader) return null;

  return cookieHeader
    .split("; ")
    .find((c) => c.startsWith("access_token="))
    ?.split("=")[1];
};

export function getPermision(req: Request): string[] {
  try {
    const cookie = req.headers.get("cookie");
    const token = getTokenFromCookies(cookie);

    if (!token) {
      return []
    }

    // ⚠️ For production: use Keycloak public key verification
    // For now: decode safely (basic version)
    const payload = JSON.parse(
      Buffer.from(token.split(".")[1], "base64").toString()
    );

    return payload.realm_access.roles || [];
  } catch (err) {
    return []
  }
}
change link redirect 2026-04-19 03:39:38 +01:00			`import { NextResponse } from "next/server";`
			`import { jwtVerify } from "jose";`

			`const getTokenFromCookies = (cookieHeader: string \| null) => {`
			`if (!cookieHeader) return null;`

			`return cookieHeader`
			`.split("; ")`
			`.find((c) => c.startsWith("access_token="))`
			`?.split("=")[1];`
			`};`

			`export function getPermision(req: Request): string[] {`
			`try {`
			`const cookie = req.headers.get("cookie");`
			`const token = getTokenFromCookies(cookie);`

			`if (!token) {`
			`return []`
			`}`

			`// ⚠️ For production: use Keycloak public key verification`
			`// For now: decode safely (basic version)`
			`const payload = JSON.parse(`
			`Buffer.from(token.split(".")[1], "base64").toString()`
			`);`

			`return payload.realm_access.roles \|\| [];`
			`} catch (err) {`
			`return []`
			`}`
			`}`