mirror of
https://github.com/PeterMaquiran/tvone.git
synced 2026-04-21 10:25:42 +00:00
move to environment variable
This commit is contained in:
@@ -1,27 +1,28 @@
|
||||
import { getCookieDomain } from "@/lib/getDomain";
|
||||
import { env } from "@/lib/env";
|
||||
import { NextResponse } from "next/server";
|
||||
const BASE_URL = env.APP_URL;
|
||||
|
||||
export async function GET(req: Request) {
|
||||
const url = new URL(req.url);
|
||||
const code = url.searchParams.get("code");
|
||||
const origin = url.origin;
|
||||
const isHttps = url.protocol === "https:";
|
||||
const domain = getCookieDomain(url.hostname); // ← domain only
|
||||
const domain = env.COOKIE_DOMAIN ?? getCookieDomain(url.hostname);
|
||||
|
||||
if (!code) {
|
||||
return NextResponse.redirect(`${origin}/login?error=missing_code`);
|
||||
return NextResponse.redirect(`${BASE_URL}/login?error=missing_code`);
|
||||
}
|
||||
|
||||
const redirectUri = `${origin}/api/auth/callback`;
|
||||
|
||||
const tokenRes = await fetch(
|
||||
"https://keycloak.petermaquiran.xyz/realms/tvone/protocol/openid-connect/token",
|
||||
`${env.KEYCLOAK_BASE_URL}/realms/${env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
||||
body: new URLSearchParams({
|
||||
client_id: "tvone-web",
|
||||
client_secret: "7jQUciQCCf2WRFRe170UANKzGKVWFIkY",
|
||||
client_id: env.KEYCLOAK_CLIENT_ID,
|
||||
client_secret: env.KEYCLOAK_CLIENT_SECRET,
|
||||
grant_type: "authorization_code",
|
||||
code,
|
||||
redirect_uri: redirectUri,
|
||||
@@ -34,15 +35,15 @@ export async function GET(req: Request) {
|
||||
try {
|
||||
data = JSON.parse(text) as typeof data;
|
||||
} catch {
|
||||
return NextResponse.redirect(`${origin}/login?error=token_parse`);
|
||||
return NextResponse.redirect(`${BASE_URL}/login?error=token_parse`);
|
||||
}
|
||||
|
||||
if (!tokenRes.ok || !data.access_token) {
|
||||
console.error("token exchange failed", tokenRes.status, text);
|
||||
return NextResponse.redirect(`${origin}/login?error=token_exchange`);
|
||||
return NextResponse.redirect(`${BASE_URL}/login?error=token_exchange`);
|
||||
}
|
||||
|
||||
const res = NextResponse.redirect(`${origin}/admin/create-news`);
|
||||
const res = NextResponse.redirect(`${BASE_URL}/admin/create-news`);
|
||||
|
||||
// Secure cookies are ignored on http:// (e.g. localhost) — browser drops them.
|
||||
res.cookies.set("access_token", data.access_token, {
|
||||
|
||||
+17
-16
@@ -1,18 +1,19 @@
|
||||
import { env } from "@/lib/env";
|
||||
|
||||
export async function GET(req: Request) {
|
||||
const url = new URL(req.url);
|
||||
const origin = url.origin;
|
||||
|
||||
const redirect = encodeURIComponent(
|
||||
`${origin}/api/auth/callback`
|
||||
);
|
||||
|
||||
const keycloakUrl =
|
||||
`https://keycloak.petermaquiran.xyz/realms/tvone/protocol/openid-connect/auth` +
|
||||
`?client_id=tvone-web` +
|
||||
`&response_type=code` +
|
||||
`&scope=openid` +
|
||||
`&redirect_uri=${redirect}`;
|
||||
|
||||
return Response.redirect(keycloakUrl);
|
||||
const BASE_URL = env.APP_URL;
|
||||
|
||||
|
||||
export async function GET() {
|
||||
const redirect = encodeURIComponent(
|
||||
`${BASE_URL}/api/auth/callback`
|
||||
);
|
||||
|
||||
const keycloakUrl =
|
||||
`${env.KEYCLOAK_BASE_URL}/realms/${env.KEYCLOAK_REALM}/protocol/openid-connect/auth` +
|
||||
`?client_id=${encodeURIComponent(env.KEYCLOAK_CLIENT_ID)}` +
|
||||
`&response_type=code` +
|
||||
`&scope=openid` +
|
||||
`&redirect_uri=${redirect}`;
|
||||
|
||||
return Response.redirect(keycloakUrl);
|
||||
}
|
||||
@@ -1,6 +1,8 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { env } from "@/lib/env";
|
||||
|
||||
export async function GET(req: Request) {
|
||||
const isHttps = new URL(req.url).protocol === "https:";
|
||||
const cookie = req.headers.get("cookie");
|
||||
|
||||
const refreshToken = cookie
|
||||
@@ -13,8 +15,7 @@ export async function GET(req: Request) {
|
||||
}
|
||||
|
||||
try {
|
||||
// Call your auth server (Keycloak or NestJS)
|
||||
const res = await fetch("http://api.example.com/auth/refresh", {
|
||||
const res = await fetch(`${env.AUTH_API_URL}/auth/refresh`, {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
@@ -33,19 +34,19 @@ export async function GET(req: Request) {
|
||||
// 🍪 Set new access token
|
||||
response.cookies.set("access_token", data.access_token, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
secure: isHttps,
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
domain: ".example.com",
|
||||
...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
|
||||
maxAge: data.expires_in,
|
||||
});
|
||||
|
||||
response.cookies.set("refresh_token", data.refresh_token, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
secure: isHttps,
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
domain: ".example.com",
|
||||
...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
|
||||
maxAge: data.expires_in,
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user