@alfabit/keycloak 0.0.40 → 0.0.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/composables/use-keycloak.ts +490 -491
package/package.json
CHANGED
|
@@ -1,496 +1,495 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
//
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
//
|
|
68
|
-
//
|
|
69
|
-
|
|
70
|
-
//
|
|
71
|
-
|
|
72
|
-
//
|
|
73
|
-
// //
|
|
74
|
-
//
|
|
75
|
-
//
|
|
76
|
-
|
|
77
|
-
//
|
|
78
|
-
|
|
79
|
-
//
|
|
80
|
-
//
|
|
81
|
-
//
|
|
82
|
-
//
|
|
83
|
-
//
|
|
84
|
-
|
|
85
|
-
//
|
|
86
|
-
|
|
87
|
-
//
|
|
88
|
-
//
|
|
89
|
-
//
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
//
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
//
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
//
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
1
|
+
import Keycloak, { type KeycloakInitOptions } from 'keycloak-js';
|
|
2
|
+
import { inject, reactive, readonly, type Ref, ref } from 'vue';
|
|
3
|
+
import { postWebLogin } from '../api/wallet/endpoints';
|
|
4
|
+
import { AppNameEnum, APP_NAME, IS_TELEGRAM_MINI_APP, KEYCLOAK_LOGIN_REQUIRED, OPENID_CLIENT_ID, OPENID_REALM, OPENID_URL, LocationEnum, IS_LOCALHOST } from '@alfabit/constants';
|
|
5
|
+
|
|
6
|
+
export type TIdpHint = 'email' | 'google' | 'apple';
|
|
7
|
+
|
|
8
|
+
export interface IUseKeycloak {
|
|
9
|
+
login(email?: string, redirectUri?: string): void;
|
|
10
|
+
loginWithGoogle(redirectUri?: string): void;
|
|
11
|
+
loginWithApple(redirectUri?: string): void;
|
|
12
|
+
loginWithTelegram(redirectUri?: string): void;
|
|
13
|
+
loginPopup(idpHint: TIdpHint, redirectUri?: string): void;
|
|
14
|
+
logout(redirectUri?: string): void;
|
|
15
|
+
register(email?: string, redirectUri?: string): void;
|
|
16
|
+
getToken(): string | undefined;
|
|
17
|
+
isAtExp(): boolean;
|
|
18
|
+
isRtExp(): boolean;
|
|
19
|
+
|
|
20
|
+
readonly isAuth: Ref<boolean>;
|
|
21
|
+
readonly checkAuth: Ref<boolean>;
|
|
22
|
+
readonly keycloak: Ref<Keycloak | null>;
|
|
23
|
+
readonly isInitialized: Ref<boolean>;
|
|
24
|
+
readonly keycloakUserData: Ref<Keycloak.KeycloakTokenParsed | null>;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
export const TOKEN_NAME = 'token';
|
|
28
|
+
export const REFRESH_TOKEN_NAME = 'refresh-token';
|
|
29
|
+
export const ID_TOKEN_NAME = 'id-token';
|
|
30
|
+
|
|
31
|
+
const keycloak = ref<Keycloak | null>(null);
|
|
32
|
+
|
|
33
|
+
const isAuth = ref(false);
|
|
34
|
+
const checkAuth = ref(false);
|
|
35
|
+
const keycloakUserData = ref<Keycloak.KeycloakTokenParsed | null>(null);
|
|
36
|
+
const locale = ref('en');
|
|
37
|
+
|
|
38
|
+
const dontChangeRedirectUri = ref(false);
|
|
39
|
+
const keycloakRedirectUriIsLogout = ref<string | undefined>(undefined);
|
|
40
|
+
|
|
41
|
+
export const setKeycloakLocale = (newLocale: LocationEnum) => {
|
|
42
|
+
locale.value = newLocale;
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
export const setDontChangeRedirectUri = (newDontChangeRedirectUri: boolean) => {
|
|
46
|
+
dontChangeRedirectUri.value = newDontChangeRedirectUri;
|
|
47
|
+
};
|
|
48
|
+
|
|
49
|
+
export const setKeycloakRedirectUriIsLogout = (newKeycloakRedirectUriIsLogout: string | undefined) => {
|
|
50
|
+
keycloakRedirectUriIsLogout.value = newKeycloakRedirectUriIsLogout;
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
const isInitialized = ref(false);
|
|
54
|
+
|
|
55
|
+
const getUrl = (): string => {
|
|
56
|
+
const url = new URL(window.location.href);
|
|
57
|
+
const searchParams = new URLSearchParams(window.location.search);
|
|
58
|
+
|
|
59
|
+
if (searchParams.has('redirect_uri')) {
|
|
60
|
+
const redirectUri = searchParams.get('redirect_uri');
|
|
61
|
+
if (!!redirectUri) return redirectUri;
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// если в роуте в meta есть параметр keycloakRedirectUriIsLogout - возвращаем его
|
|
65
|
+
if (!!keycloakRedirectUriIsLogout.value && typeof keycloakRedirectUriIsLogout.value === 'string') return `${url.origin}/${locale.value}/${keycloakRedirectUriIsLogout.value}`;
|
|
66
|
+
|
|
67
|
+
// если в $route.meta (который передаем из родительского приложения) есть параметр dontChangeRedirectUri - то из адреса НЕ нужно удалять или добавлять /user
|
|
68
|
+
// если нет - то ничего не делать
|
|
69
|
+
|
|
70
|
+
// if (!dontChangeRedirectUri) {
|
|
71
|
+
|
|
72
|
+
// const path = url.pathname;
|
|
73
|
+
// // Проверяем: путь начинается с /две латинские буквы/ и далее НЕ идёт user/
|
|
74
|
+
// const match = path.match(/^\/([a-zA-Z]{2})(\/(?!user\/))/);
|
|
75
|
+
// if (match) {
|
|
76
|
+
|
|
77
|
+
// console.log('добавляем user')
|
|
78
|
+
|
|
79
|
+
// // Вставляем 'user' после двухбуквенного сегмента
|
|
80
|
+
// url.pathname = path.replace(/^\/([a-zA-Z]{2})\//, '/$1/user/');
|
|
81
|
+
// // Если хочешь обновить текущую страницу:
|
|
82
|
+
// // window.location.href = url.toString();
|
|
83
|
+
// } else {
|
|
84
|
+
|
|
85
|
+
// console.log('удаляем user')
|
|
86
|
+
|
|
87
|
+
// url.pathname = path.replace(/^\/([a-zA-Z]{2})\/user\//, '/$1/');
|
|
88
|
+
// }
|
|
89
|
+
// }
|
|
90
|
+
return url.toString();
|
|
91
|
+
};
|
|
92
|
+
|
|
93
|
+
function isMobile() {
|
|
94
|
+
return /Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent);
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
export const getAuthMethods = () => {
|
|
98
|
+
const methods = reactive({
|
|
99
|
+
async loginPopup(idpHint: TIdpHint, redirectUri?: string) {
|
|
100
|
+
redirectUri = redirectUri ?? getUrl();
|
|
101
|
+
if (isMobile()) {
|
|
102
|
+
switch (idpHint) {
|
|
103
|
+
case 'google':
|
|
104
|
+
methods.loginWithGoogle(redirectUri);
|
|
105
|
+
break;
|
|
106
|
+
case 'apple':
|
|
107
|
+
methods.loginWithApple(redirectUri);
|
|
108
|
+
break;
|
|
109
|
+
default:
|
|
110
|
+
methods.login(undefined, redirectUri);
|
|
111
|
+
}
|
|
112
|
+
return;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
let loginUrl = await keycloak.value?.createLoginUrl({
|
|
116
|
+
idpHint: idpHint === 'email' ? '' : idpHint,
|
|
117
|
+
redirectUri,
|
|
118
|
+
});
|
|
119
|
+
|
|
120
|
+
let loginWindow = window.open((loginUrl ?? '') + (idpHint === 'google' ? '&prompt=select_account' : ''), 'Login with Google', 'width=500,height=600');
|
|
121
|
+
|
|
122
|
+
const messageListener = async (event: MessageEvent) => {
|
|
123
|
+
console.log('messageListener', event.data);
|
|
124
|
+
|
|
125
|
+
if (event.data.type === 'keycloak-auth-success' && event.data.message === 'success') {
|
|
126
|
+
window.removeEventListener('message', messageListener);
|
|
127
|
+
//if (!loginWindow || !loginWindow.closed) {
|
|
128
|
+
loginWindow?.close();
|
|
129
|
+
|
|
130
|
+
console.log('window close', {
|
|
131
|
+
loginWindow,
|
|
132
|
+
closed: loginWindow?.closed,
|
|
133
|
+
});
|
|
134
|
+
|
|
135
|
+
//}
|
|
136
|
+
setTimeout(() => {
|
|
137
|
+
window.location.reload();
|
|
138
|
+
console.log('window reload');
|
|
139
|
+
}, 200);
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
// если в popup пришло сообщение о том, что нужно сменить idpHint, то меняем его и открываем новое окно
|
|
143
|
+
if (event.data.type === 'keycloak-auth-change') {
|
|
144
|
+
loginWindow?.close();
|
|
145
|
+
idpHint = event.data.message as TIdpHint;
|
|
146
|
+
loginUrl = await keycloak.value?.createLoginUrl({
|
|
147
|
+
idpHint,
|
|
148
|
+
redirectUri,
|
|
149
|
+
});
|
|
150
|
+
loginWindow = window.open((loginUrl ?? '') + (idpHint === 'google' ? '&prompt=select_account' : ''), 'Login with Google', 'width=500,height=600');
|
|
151
|
+
}
|
|
152
|
+
};
|
|
153
|
+
|
|
154
|
+
window.addEventListener('message', messageListener);
|
|
155
|
+
},
|
|
156
|
+
|
|
157
|
+
login(email?: string, redirectUri?: string) {
|
|
158
|
+
if (keycloak.value) {
|
|
159
|
+
keycloak.value.login({
|
|
160
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
161
|
+
loginHint: email ?? '',
|
|
162
|
+
locale: locale.value,
|
|
163
|
+
});
|
|
164
|
+
} else {
|
|
165
|
+
console.warn('Keycloak not defined! #login');
|
|
166
|
+
}
|
|
167
|
+
},
|
|
168
|
+
logout(redirectUri?: string) {
|
|
169
|
+
if (keycloak.value) {
|
|
170
|
+
clearTokens();
|
|
171
|
+
setTimeout(() => {
|
|
172
|
+
keycloak.value &&
|
|
173
|
+
keycloak.value.logout({
|
|
174
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
175
|
+
});
|
|
176
|
+
}, 100);
|
|
177
|
+
} else {
|
|
178
|
+
console.warn('Keycloak not defined! #logout');
|
|
179
|
+
}
|
|
180
|
+
},
|
|
181
|
+
register(email?: string, redirectUri?: string) {
|
|
182
|
+
if (keycloak.value) {
|
|
183
|
+
keycloak.value.register({
|
|
184
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
185
|
+
loginHint: email ?? '',
|
|
186
|
+
locale: locale.value,
|
|
187
|
+
});
|
|
188
|
+
} else {
|
|
189
|
+
console.warn('Keycloak not defined! #register');
|
|
190
|
+
}
|
|
191
|
+
},
|
|
192
|
+
loginWithGoogle(redirectUri?: string) {
|
|
193
|
+
if (keycloak.value) {
|
|
194
|
+
keycloak.value
|
|
195
|
+
?.createLoginUrl({
|
|
196
|
+
idpHint: 'google',
|
|
197
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
198
|
+
})
|
|
199
|
+
.then((loginUrl) => (window.location.href = `${loginUrl}&prompt=select_account`));
|
|
200
|
+
} else {
|
|
201
|
+
console.warn('Keycloak not defined! #loginWithGoogle');
|
|
202
|
+
}
|
|
203
|
+
},
|
|
204
|
+
loginWithApple(redirectUri?: string) {
|
|
205
|
+
if (keycloak.value) {
|
|
206
|
+
keycloak.value.login({
|
|
207
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
208
|
+
idpHint: 'apple',
|
|
209
|
+
locale: locale.value,
|
|
210
|
+
});
|
|
211
|
+
} else {
|
|
212
|
+
console.warn('Keycloak not defined! #loginWithApple');
|
|
213
|
+
}
|
|
214
|
+
},
|
|
215
|
+
loginWithTelegram(redirectUri?: string) {
|
|
216
|
+
if (keycloak.value) {
|
|
217
|
+
keycloak.value.login({
|
|
218
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
219
|
+
idpHint: 'telegram',
|
|
220
|
+
locale: locale.value,
|
|
221
|
+
});
|
|
222
|
+
} else {
|
|
223
|
+
console.warn('Keycloak not defined! #loginWithTelegram');
|
|
224
|
+
}
|
|
225
|
+
},
|
|
226
|
+
changePassword(redirectUri?: string) {
|
|
227
|
+
if (keycloak.value) {
|
|
228
|
+
document.cookie = 'from=passport; SameSite=None; Secure';
|
|
229
|
+
void keycloak.value.login({
|
|
230
|
+
action: 'UPDATE_PASSWORD',
|
|
231
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
232
|
+
});
|
|
233
|
+
} else {
|
|
234
|
+
console.warn('Keycloak not defined! #changePassword');
|
|
235
|
+
}
|
|
236
|
+
},
|
|
237
|
+
configureOtp(redirectUri?: string) {
|
|
238
|
+
if (keycloak.value) {
|
|
239
|
+
document.cookie = 'from=passport; SameSite=None; Secure';
|
|
240
|
+
void keycloak.value.login({
|
|
241
|
+
action: 'CONFIGURE_TOTP',
|
|
242
|
+
redirectUri: redirectUri ?? getUrl(),
|
|
243
|
+
});
|
|
244
|
+
} else {
|
|
245
|
+
console.warn('Keycloak not defined! #configureOtp');
|
|
246
|
+
}
|
|
247
|
+
},
|
|
248
|
+
});
|
|
249
|
+
return methods;
|
|
250
|
+
};
|
|
251
|
+
|
|
252
|
+
function setTokens() {
|
|
253
|
+
if (!keycloak.value || typeof window === 'undefined') return;
|
|
254
|
+
!!keycloak.value?.token && localStorage.setItem(TOKEN_NAME, keycloak.value.token);
|
|
255
|
+
!!keycloak.value?.refreshToken && localStorage.setItem(REFRESH_TOKEN_NAME, keycloak.value.refreshToken);
|
|
256
|
+
!!keycloak.value?.idToken && localStorage.setItem(ID_TOKEN_NAME, keycloak.value.idToken);
|
|
257
|
+
|
|
258
|
+
!!keycloak.value?.token && sessionStorage.setItem(TOKEN_NAME, keycloak.value.token);
|
|
259
|
+
!!keycloak.value?.refreshToken && sessionStorage.setItem(REFRESH_TOKEN_NAME, keycloak.value.refreshToken);
|
|
260
|
+
!!keycloak.value?.idToken && sessionStorage.setItem(ID_TOKEN_NAME, keycloak.value.idToken);
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
function clearTokens() {
|
|
264
|
+
if (typeof window === 'undefined') return;
|
|
265
|
+
localStorage.removeItem(TOKEN_NAME);
|
|
266
|
+
localStorage.removeItem(REFRESH_TOKEN_NAME);
|
|
267
|
+
localStorage.removeItem(ID_TOKEN_NAME);
|
|
268
|
+
sessionStorage.removeItem(TOKEN_NAME);
|
|
269
|
+
sessionStorage.removeItem(REFRESH_TOKEN_NAME);
|
|
270
|
+
sessionStorage.removeItem(ID_TOKEN_NAME);
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
export const getToken = () => (IS_TELEGRAM_MINI_APP && !IS_LOCALHOST ? sessionStorage.getItem(TOKEN_NAME) : localStorage.getItem(TOKEN_NAME)) ?? undefined;
|
|
274
|
+
|
|
275
|
+
const parseJwt = (token: unknown) => {
|
|
276
|
+
if (typeof token !== 'string') throw new Error('Invalid JWT format: #1');
|
|
277
|
+
const [headerB64, payloadB64] = token.split('.');
|
|
278
|
+
if (!headerB64 || !payloadB64) throw new Error('Invalid JWT format: #2');
|
|
279
|
+
const decodeBase64Url = (str: string) => JSON.parse(atob(str.replace(/-/g, '+').replace(/_/g, '/')));
|
|
280
|
+
const header = decodeBase64Url(headerB64);
|
|
281
|
+
const payload = decodeBase64Url(payloadB64);
|
|
282
|
+
const now = Math.floor(Date.now() / 1000);
|
|
283
|
+
const isExpired = payload.exp !== undefined && now > payload.exp;
|
|
284
|
+
return {
|
|
285
|
+
header,
|
|
286
|
+
payload,
|
|
287
|
+
isExpired,
|
|
288
|
+
expiresAt: payload.exp ? new Date(payload.exp * 1000).toISOString() : null,
|
|
289
|
+
};
|
|
290
|
+
};
|
|
291
|
+
|
|
292
|
+
export const isAtExp = () => {
|
|
293
|
+
if (typeof window === 'undefined') return false;
|
|
294
|
+
try {
|
|
295
|
+
return parseJwt(localStorage.getItem(TOKEN_NAME)).isExpired;
|
|
296
|
+
} catch (e) {
|
|
297
|
+
return false;
|
|
298
|
+
}
|
|
299
|
+
};
|
|
300
|
+
|
|
301
|
+
export const isRtExp = () => {
|
|
302
|
+
if (typeof window === 'undefined') return false;
|
|
303
|
+
try {
|
|
304
|
+
// если рт не истек, возвращаем true
|
|
305
|
+
return parseJwt(localStorage.getItem(REFRESH_TOKEN_NAME)).isExpired;
|
|
306
|
+
} catch (e) {
|
|
307
|
+
clearTokens();
|
|
308
|
+
if (e instanceof Error) {
|
|
309
|
+
console.log('checkIsPassportAuth error: ', e.message);
|
|
310
|
+
}
|
|
311
|
+
return false;
|
|
312
|
+
}
|
|
313
|
+
};
|
|
314
|
+
|
|
315
|
+
// const isPopup = () => {
|
|
316
|
+
// console.log('run isPopup');
|
|
317
|
+
// // для авторизации в popup - это запускается в дочернем окне
|
|
303
318
|
// try {
|
|
304
|
-
// //
|
|
305
|
-
//
|
|
306
|
-
//
|
|
307
|
-
|
|
308
|
-
//
|
|
309
|
-
//
|
|
319
|
+
// // Отправляем сообщение родителю
|
|
320
|
+
// if (window.opener) {
|
|
321
|
+
// console.log('window opener');
|
|
322
|
+
|
|
323
|
+
// window.opener.postMessage(
|
|
324
|
+
// {
|
|
325
|
+
// type: 'keycloak-auth-success',
|
|
326
|
+
// message: 'success',
|
|
327
|
+
// },
|
|
328
|
+
// '*'
|
|
329
|
+
// );
|
|
310
330
|
// }
|
|
311
|
-
//
|
|
331
|
+
// } catch (err) {
|
|
332
|
+
// console.warn('Error in login-popup-redirect.html:', err);
|
|
312
333
|
// }
|
|
313
334
|
// };
|
|
314
335
|
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
//
|
|
326
|
-
//
|
|
327
|
-
//
|
|
328
|
-
//
|
|
329
|
-
|
|
330
|
-
//
|
|
331
|
-
//
|
|
332
|
-
//
|
|
333
|
-
//
|
|
334
|
-
//
|
|
335
|
-
|
|
336
|
-
//
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
//
|
|
347
|
-
//
|
|
348
|
-
// //
|
|
349
|
-
// //
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
//
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
//
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
//
|
|
369
|
-
//
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
//
|
|
391
|
-
|
|
392
|
-
//
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
//
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
//
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
//
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
// export const keycloakInit = (dontChangeRedirectUri?: Ref<boolean>, keycloakRedirectUriIsLogout?: Ref<string | undefined>): IUseKeycloak => {
|
|
477
|
-
// if (_keycloakInit) return _keycloakInit;
|
|
478
|
-
|
|
479
|
-
// dontChangeRedirectUri ||= inject('dontChangeRedirectUri', ref(false));
|
|
480
|
-
// keycloakRedirectUriIsLogout ||= inject('keycloakRedirectUriIsLogout', ref(undefined));
|
|
481
|
-
|
|
482
|
-
// _keycloakInit = {
|
|
483
|
-
// keycloak: readonly(keycloak) as Ref<Keycloak | null>,
|
|
484
|
-
// isInitialized: readonly(isInitialized),
|
|
485
|
-
// isAuth: readonly(isAuth),
|
|
486
|
-
// checkAuth: readonly(checkAuth),
|
|
487
|
-
|
|
488
|
-
// keycloakUserData,
|
|
489
|
-
|
|
490
|
-
// ...getAuthMethods(),
|
|
491
|
-
// getToken,
|
|
492
|
-
// isAtExp,
|
|
493
|
-
// isRtExp,
|
|
494
|
-
// };
|
|
495
|
-
// return _keycloakInit;
|
|
496
|
-
// };
|
|
336
|
+
let isInitKeycloak = false;
|
|
337
|
+
|
|
338
|
+
export async function initKeycloak() {
|
|
339
|
+
if (!!keycloak.value || typeof window === 'undefined' || isInitKeycloak) return;
|
|
340
|
+
isInitKeycloak = true;
|
|
341
|
+
|
|
342
|
+
if (!OPENID_URL) throw new Error('Не задана переменная keycloak: url');
|
|
343
|
+
if (!OPENID_REALM) throw new Error('Не задана переменная keycloak: realm');
|
|
344
|
+
if (!OPENID_CLIENT_ID) throw new Error('Не задана переменная keycloak: clientId');
|
|
345
|
+
|
|
346
|
+
// console.log({
|
|
347
|
+
// OPENID_URL,
|
|
348
|
+
// OPENID_REALM,
|
|
349
|
+
// OPENID_CLIENT_ID,
|
|
350
|
+
|
|
351
|
+
// VITE_OPENID_URL: import.meta.env?.VITE_OPENID_URL,
|
|
352
|
+
// VITE_PUBLIC_KEYCLOAK_URL: import.meta.env?.VITE_PUBLIC_KEYCLOAK_URL,
|
|
353
|
+
// VITE_OPENID_REALM: import.meta.env?.VITE_OPENID_REALM,
|
|
354
|
+
// VITE_PUBLIC_KEYCLOAK_REALM: import.meta.env?.VITE_PUBLIC_KEYCLOAK_REALM,
|
|
355
|
+
// VITE_OPENID_CLIENT_ID: import.meta.env?.VITE_OPENID_CLIENT_ID,
|
|
356
|
+
// VITE_PUBLIC_KEYCLOAK_CLIENT_ID: import.meta.env?.VITE_PUBLIC_KEYCLOAK_CLIENT_ID,
|
|
357
|
+
// });
|
|
358
|
+
|
|
359
|
+
keycloak.value = new Keycloak({
|
|
360
|
+
url: OPENID_URL,
|
|
361
|
+
realm: OPENID_REALM,
|
|
362
|
+
clientId: OPENID_CLIENT_ID,
|
|
363
|
+
});
|
|
364
|
+
|
|
365
|
+
|
|
366
|
+
|
|
367
|
+
// keycloak.value && (keycloak.value.onAuthLogout = () => {
|
|
368
|
+
// console.warn('>>>>>>>> Сессия истекла');
|
|
369
|
+
// // например, показать уведомление
|
|
370
|
+
// // или открыть собственное модальное окно логина
|
|
371
|
+
// });
|
|
372
|
+
|
|
373
|
+
|
|
374
|
+
|
|
375
|
+
|
|
376
|
+
const isNeedAuth = !!getToken() && !isRtExp();
|
|
377
|
+
|
|
378
|
+
const initOptions: KeycloakInitOptions = {
|
|
379
|
+
pkceMethod: 'S256',
|
|
380
|
+
checkLoginIframe: false,
|
|
381
|
+
// enableLogging: true,
|
|
382
|
+
};
|
|
383
|
+
|
|
384
|
+
// Устанавливаем onLoad только если нужно
|
|
385
|
+
if (isNeedAuth && (KEYCLOAK_LOGIN_REQUIRED || (APP_NAME !== AppNameEnum.PASSPORT))) {
|
|
386
|
+
initOptions.onLoad = 'login-required';
|
|
387
|
+
} else if (isNeedAuth) {
|
|
388
|
+
initOptions.onLoad = 'check-sso';
|
|
389
|
+
// clearTokens();
|
|
390
|
+
// window.location.href = getUrl() as string;
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
if (!isNeedAuth) {
|
|
394
|
+
clearTokens();
|
|
395
|
+
} else {
|
|
396
|
+
const token = localStorage.getItem(TOKEN_NAME);
|
|
397
|
+
const refreshToken = localStorage.getItem(REFRESH_TOKEN_NAME);
|
|
398
|
+
const idToken = localStorage.getItem(ID_TOKEN_NAME);
|
|
399
|
+
|
|
400
|
+
if (token) initOptions.token = token;
|
|
401
|
+
if (refreshToken) initOptions.refreshToken = refreshToken;
|
|
402
|
+
if (idToken) initOptions.idToken = idToken;
|
|
403
|
+
}
|
|
404
|
+
|
|
405
|
+
try {
|
|
406
|
+
const res = await keycloak.value.init(initOptions);
|
|
407
|
+
|
|
408
|
+
setTokens();
|
|
409
|
+
|
|
410
|
+
if (res) {
|
|
411
|
+
//await keycloak.value.updateToken(70);
|
|
412
|
+
setTokens();
|
|
413
|
+
// isPopup();
|
|
414
|
+
keycloakUserData.value = keycloak.value?.tokenParsed ?? null;
|
|
415
|
+
isAuth.value = true;
|
|
416
|
+
try {
|
|
417
|
+
postWebLogin();
|
|
418
|
+
} catch (e) { }
|
|
419
|
+
|
|
420
|
+
//setTimeout(() => {
|
|
421
|
+
setInterval(async () => {
|
|
422
|
+
if (!keycloak.value) return;
|
|
423
|
+
|
|
424
|
+
|
|
425
|
+
try {
|
|
426
|
+
const res = await keycloak.value.updateToken(70);
|
|
427
|
+
if (res) {
|
|
428
|
+
setTokens();
|
|
429
|
+
keycloakUserData.value = keycloak.value?.tokenParsed ?? null;
|
|
430
|
+
isAuth.value = true;
|
|
431
|
+
try {
|
|
432
|
+
postWebLogin();
|
|
433
|
+
} catch { }
|
|
434
|
+
}
|
|
435
|
+
}
|
|
436
|
+
catch (e) {
|
|
437
|
+
console.warn('Ошибка Keycloak:', e);
|
|
438
|
+
keycloak.value?.clearToken();
|
|
439
|
+
}
|
|
440
|
+
|
|
441
|
+
|
|
442
|
+
|
|
443
|
+
}, 6000);
|
|
444
|
+
//}, 60000);
|
|
445
|
+
}
|
|
446
|
+
return isAuth.value;
|
|
447
|
+
} catch (error) {
|
|
448
|
+
console.warn('Ошибка Keycloak:', error);
|
|
449
|
+
isAuth.value = false;
|
|
450
|
+
return false;
|
|
451
|
+
} finally {
|
|
452
|
+
checkAuth.value = true;
|
|
453
|
+
}
|
|
454
|
+
}
|
|
455
|
+
|
|
456
|
+
interface IKeycliakInit {
|
|
457
|
+
keycloakInit?: Ref<Keycloak | null | undefined> | undefined;
|
|
458
|
+
}
|
|
459
|
+
|
|
460
|
+
export async function createKeycloakInit({ keycloakInit }: IKeycliakInit = {}) {
|
|
461
|
+
if (typeof window === 'undefined') return;
|
|
462
|
+
if (!!keycloakInit && keycloakInit?.value) {
|
|
463
|
+
keycloak.value = keycloakInit.value;
|
|
464
|
+
isAuth.value = keycloak.value?.authenticated ?? false;
|
|
465
|
+
} else {
|
|
466
|
+
await initKeycloak();
|
|
467
|
+
}
|
|
468
|
+
isInitialized.value = true;
|
|
469
|
+
}
|
|
470
|
+
|
|
471
|
+
// ...весь остальной код до сюда не меняется...
|
|
472
|
+
|
|
473
|
+
let _keycloakInit: IUseKeycloak | null = null;
|
|
474
|
+
|
|
475
|
+
export const keycloakInit = (dontChangeRedirectUri?: Ref<boolean>, keycloakRedirectUriIsLogout?: Ref<string | undefined>): IUseKeycloak => {
|
|
476
|
+
if (_keycloakInit) return _keycloakInit;
|
|
477
|
+
|
|
478
|
+
dontChangeRedirectUri ||= inject('dontChangeRedirectUri', ref(false));
|
|
479
|
+
keycloakRedirectUriIsLogout ||= inject('keycloakRedirectUriIsLogout', ref(undefined));
|
|
480
|
+
|
|
481
|
+
_keycloakInit = {
|
|
482
|
+
keycloak: readonly(keycloak) as Ref<Keycloak | null>,
|
|
483
|
+
isInitialized: readonly(isInitialized),
|
|
484
|
+
isAuth: readonly(isAuth),
|
|
485
|
+
checkAuth: readonly(checkAuth),
|
|
486
|
+
|
|
487
|
+
keycloakUserData,
|
|
488
|
+
|
|
489
|
+
...getAuthMethods(),
|
|
490
|
+
getToken,
|
|
491
|
+
isAtExp,
|
|
492
|
+
isRtExp,
|
|
493
|
+
};
|
|
494
|
+
return _keycloakInit;
|
|
495
|
+
};
|