Merge pull request #284 from BTLzdravtech/dev

feat: Basic support for Keycloak (OIDC) + fix s3 integration + custom s3 (minio) support
2023-11-19 16:55:09 +03:30
parent e2f9439d40 836dc10c2b
commit eb78fb71d9
14 changed files with 132 additions and 17 deletions
@@ -9,10 +9,16 @@ import { Adapter } from "next-auth/adapters";
 import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
 import { Provider } from "next-auth/providers";
 import verifySubscription from "@/lib/api/verifySubscription";
+import KeycloakProvider from 'next-auth/providers/keycloak';

 const emailEnabled =
  process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;

+const keycloakEnabled =
+  !!process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED;
+
+const adapter = PrismaAdapter(prisma);
+
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;

 const providers: Provider[] = [
@@ -59,7 +65,7 @@ const providers: Provider[] = [
  }),
 ];

-if (emailEnabled)
+if (emailEnabled) {
  providers.push(
    EmailProvider({
      server: process.env.EMAIL_SERVER,
@@ -70,9 +76,36 @@ if (emailEnabled)
      },
    })
  );
+}
+
+if (keycloakEnabled) {
+  providers.push(
+    KeycloakProvider({
+      id: 'keycloak',
+      name: 'Keycloak',
+      clientId: process.env.KEYCLOAK_CLIENT_ID!,
+      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
+      issuer: process.env.KEYCLOAK_ISSUER,
+      profile: (profile) => {
+        return {
+          id: profile.sub,
+          username: profile.preferred_username,
+          name: profile.name ?? profile.preferred_username,
+          email: profile.email,
+          image: profile.picture,
+        };
+      },
+    }),
+  );
+  const _linkAccount = adapter.linkAccount;
+  adapter.linkAccount = (account) => {
+    const { 'not-before-policy': _, refresh_expires_in, ...data } = account;
+    return _linkAccount ? _linkAccount(data) : undefined;
+  };
+}

 export const authOptions: AuthOptions = {
-  adapter: PrismaAdapter(prisma) as Adapter,
+  adapter: adapter as Adapter,
  session: {
    strategy: "jwt",
    maxAge: 30 * 24 * 60 * 60, // 30 days
@@ -85,7 +118,7 @@ export const authOptions: AuthOptions = {
  callbacks: {
    async jwt({ token, trigger, user }) {
      token.sub = token.sub ? Number(token.sub) : undefined;
-      if (trigger === "signIn") token.id = user?.id as number;
+      if (trigger === "signIn" || trigger === "signUp") token.id = user?.id as number;

      return token;
    },
@@ -12,6 +12,7 @@ interface FormData {
 }

 const emailEnabled = process.env.NEXT_PUBLIC_EMAIL_PROVIDER;
+const keycloakEnabled = process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED;

 export default function Login() {
  const [submitLoader, setSubmitLoader] = useState(false);
@@ -47,6 +48,18 @@ export default function Login() {
    }
  }

+  async function loginUserKeycloak() {
+    setSubmitLoader(true);
+
+    const load = toast.loading("Authenticating...");
+
+    const res = await signIn("keycloak", {});
+
+    toast.dismiss(load);
+
+    setSubmitLoader(false);
+  }
+
  return (
    <CenteredForm text="Sign in to your account">
      <form onSubmit={loginUser}>
@@ -102,6 +115,15 @@ export default function Login() {
            className=" w-full text-center"
            loading={submitLoader}
          />
+          {process.env.NEXT_PUBLIC_KEYCLOAK_ENABLED === "true" ? (
+            <SubmitButton
+              type="button"
+              onClick={loginUserKeycloak}
+              label="Sign in with Keycloak"
+              className=" w-full text-center"
+              loading={submitLoader}
+            />
+          ) : undefined}
          {process.env.NEXT_PUBLIC_DISABLE_REGISTRATION ===
          "true" ? undefined : (
            <div className="flex items-baseline gap-1 justify-center">