mirror of
https://github.com/PeterMaquiran/tvone.git
synced 2026-04-20 21:45:33 +00:00
45 lines
1.1 KiB
TypeScript
45 lines
1.1 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import { jwtVerify } from "jose";
|
|
|
|
const getTokenFromCookies = (cookieHeader: string | null) => {
|
|
if (!cookieHeader) return null;
|
|
|
|
return cookieHeader
|
|
.split("; ")
|
|
.find((c) => c.startsWith("access_token="))
|
|
?.split("=")[1];
|
|
};
|
|
|
|
export async function GET(req: Request) {
|
|
try {
|
|
const cookie = req.headers.get("cookie");
|
|
const token = getTokenFromCookies(cookie);
|
|
|
|
if (!token) {
|
|
return NextResponse.json(
|
|
{ message: "Unauthorized" },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
// ⚠️ For production: use Keycloak public key verification
|
|
// For now: decode safely (basic version)
|
|
const payload = JSON.parse(
|
|
Buffer.from(token.split(".")[1], "base64").toString()
|
|
);
|
|
|
|
return NextResponse.json({
|
|
id: payload.sub,
|
|
email: payload.email,
|
|
name: payload.name,
|
|
username: payload.preferred_username,
|
|
roles:
|
|
payload.realm_access?.roles || [],
|
|
});
|
|
} catch (err) {
|
|
return NextResponse.json(
|
|
{ message: "Invalid token" },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
} |