npm - @alfabit/keycloak - Versions diffs - 0.0.40 → 0.0.42 - Mend

@alfabit/keycloak 0.0.40 → 0.0.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +2 -2
package/src/api/wallet/endpoints/index.ts +30 -3
package/src/composables/use-keycloak.ts +537 -491

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@alfabit/keycloak",
   "private": false,
-  "version": "0.0.40",
+  "version": "0.0.42",
   "type": "module",
   "license": "UNLICENSED",
   "main": "src/index.ts",
@@ -20,8 +20,8 @@
     "keycloak-js": "^26.2.0"
   },
   "devDependencies": {
-    "@alfabit/constants": "^0.0.21",
     "@alfabit/analitics": "^0.0.18",
+    "@alfabit/constants": "^0.0.21",
     "@intlify/unplugin-vue-i18n": "^6.0.8",
     "@tanstack/vue-query": "^5.72.0",
     "@types/lodash-es": "^4.17.12",

package/src/api/wallet/endpoints/index.ts CHANGED Viewed

@@ -9,11 +9,11 @@ export const postWebLogin = async () => {
   const headers: Record<string, string> = {
     "Content-Type": "application/json",
   };
-  const token = getToken();
-  if(token) headers['Authorization'] = `Bearer ${token}`;
+  const token = getToken();
+  if (token) headers['Authorization'] = `Bearer ${token}`;
   let url = `${WALLET_API_HOST}/public/web/login/`;
   try {
     const analytics = useAnalytics();
     const clientID = await analytics.getClientID();
@@ -41,4 +41,31 @@ export const postWebLogin = async () => {
   const data = await res.json();
   if (referral_token) localStorage.removeItem(REF_KEY);
   return data;
+};
+export const getPublicProfile = async () => {
+  if (typeof window === 'undefined') return;
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+  };
+  const token = getToken();
+  if (token) headers['Authorization'] = `Bearer ${token}`;
+  let url = `${WALLET_API_HOST}/public/getProfile`;
+  const params: RequestInit = {
+    method: "GET",
+    headers,
+  }
+  const res = await fetch(url, params);
+  if (!res.ok) {
+    throw new Error(`postWebLogin /public/web/login/: HTTP error: ${res.status}`);
+  }
+  const data = await res.json();
+  return data;
 };

package/src/composables/use-keycloak.ts CHANGED Viewed

@@ -1,496 +1,542 @@
-// import Keycloak, { type KeycloakInitOptions } from 'keycloak-js';
-// import { inject, reactive, readonly, type Ref, ref } from 'vue';
-// import { postWebLogin } from '../api/wallet/endpoints';
-// import { AppNameEnum, APP_NAME, IS_TELEGRAM_MINI_APP, KEYCLOAK_LOGIN_REQUIRED, OPENID_CLIENT_ID, OPENID_REALM, OPENID_URL, LocationEnum, IS_LOCALHOST } from '@alfabit/constants';
-// export type TIdpHint = 'email' | 'google' | 'apple';
-// export interface IUseKeycloak {
-//   login(email?: string, redirectUri?: string): void;
-//   loginWithGoogle(redirectUri?: string): void;
-//   loginWithApple(redirectUri?: string): void;
-//   loginWithTelegram(redirectUri?: string): void;
-//   loginPopup(idpHint: TIdpHint, redirectUri?: string): void;
-//   logout(redirectUri?: string): void;
-//   register(email?: string, redirectUri?: string): void;
-//   getToken(): string | undefined;
-//   isAtExp(): boolean;
-//   isRtExp(): boolean;
-//   readonly isAuth: Ref<boolean>;
-//   readonly checkAuth: Ref<boolean>;
-//   readonly keycloak: Ref<Keycloak | null>;
-//   readonly isInitialized: Ref<boolean>;
-//   readonly keycloakUserData: Ref<Keycloak.KeycloakTokenParsed | null>;
-// }
-// export const TOKEN_NAME = 'token';
-// export const REFRESH_TOKEN_NAME = 'refresh-token';
-// export const ID_TOKEN_NAME = 'id-token';
-// const keycloak = ref<Keycloak | null>(null);
-// const isAuth = ref(false);
-// const checkAuth = ref(false);
-// const keycloakUserData = ref<Keycloak.KeycloakTokenParsed | null>(null);
-// const locale = ref('en');
-// const dontChangeRedirectUri = ref(false);
-// const keycloakRedirectUriIsLogout = ref<string | undefined>(undefined);
-// export const setKeycloakLocale = (newLocale: LocationEnum) => {
-//   locale.value = newLocale;
-// };
-// export const setDontChangeRedirectUri = (newDontChangeRedirectUri: boolean) => {
-//   dontChangeRedirectUri.value = newDontChangeRedirectUri;
-// };
-// export const setKeycloakRedirectUriIsLogout = (newKeycloakRedirectUriIsLogout: string | undefined) => {
-//   keycloakRedirectUriIsLogout.value = newKeycloakRedirectUriIsLogout;
-// };
-// const isInitialized = ref(false);
-// const getUrl = (): string => {
-//   const url = new URL(window.location.href);
-//   const searchParams = new URLSearchParams(window.location.search);
-//   if (searchParams.has('redirect_uri')) {
-//     const redirectUri = searchParams.get('redirect_uri');
-//     if (!!redirectUri) return redirectUri;
-//   }
-//   // если в роуте в meta есть параметр keycloakRedirectUriIsLogout - возвращаем его
-//   if (!!keycloakRedirectUriIsLogout.value && typeof keycloakRedirectUriIsLogout.value === 'string') return `${url.origin}/${locale.value}/${keycloakRedirectUriIsLogout.value}`;
-//   // если в $route.meta (который передаем из родительского приложения) есть параметр dontChangeRedirectUri - то из адреса НЕ нужно удалять или добавлять /user
-//   // если нет - то ничего не делать
-//   // if (!dontChangeRedirectUri) {
-//   //   const path = url.pathname;
-//   //   // Проверяем: путь начинается с /две латинские буквы/ и далее НЕ идёт user/
-//   //   const match = path.match(/^\/([a-zA-Z]{2})(\/(?!user\/))/);
-//   //   if (match) {
-//   //     console.log('добавляем user')
-//   //     // Вставляем 'user' после двухбуквенного сегмента
-//   //     url.pathname = path.replace(/^\/([a-zA-Z]{2})\//, '/$1/user/');
-//   //     // Если хочешь обновить текущую страницу:
-//   //     // window.location.href = url.toString();
-//   //   } else {
-//   //     console.log('удаляем user')
-//   //     url.pathname = path.replace(/^\/([a-zA-Z]{2})\/user\//, '/$1/');
-//   //   }
-//   // }
-//   return url.toString();
-// };
-// function isMobile() {
-//   return /Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent);
-// }
-// export const getAuthMethods = () => {
-//   const methods = reactive({
-//     async loginPopup(idpHint: TIdpHint, redirectUri?: string) {
-//       redirectUri = redirectUri ?? getUrl();
-//       if (isMobile()) {
-//         switch (idpHint) {
-//           case 'google':
-//             methods.loginWithGoogle(redirectUri);
-//             break;
-//           case 'apple':
-//             methods.loginWithApple(redirectUri);
-//             break;
-//           default:
-//             methods.login(undefined, redirectUri);
-//         }
-//         return;
-//       }
-//       let loginUrl = await keycloak.value?.createLoginUrl({
-//         idpHint: idpHint === 'email' ? '' : idpHint,
-//         redirectUri,
-//       });
-//       let loginWindow = window.open((loginUrl ?? '') + (idpHint === 'google' ? '&prompt=select_account' : ''), 'Login with Google', 'width=500,height=600');
-//       const messageListener = async (event: MessageEvent) => {
-//         console.log('messageListener', event.data);
-//         if (event.data.type === 'keycloak-auth-success' && event.data.message === 'success') {
-//           window.removeEventListener('message', messageListener);
-//           //if (!loginWindow || !loginWindow.closed) {
-//           loginWindow?.close();
-//           console.log('window close', {
-//             loginWindow,
-//             closed: loginWindow?.closed,
-//           });
-//           //}
-//           setTimeout(() => {
-//             window.location.reload();
-//             console.log('window reload');
-//           }, 200);
-//         }
-//         // если в popup пришло сообщение о том, что нужно сменить idpHint, то меняем его и открываем новое окно
-//         if (event.data.type === 'keycloak-auth-change') {
-//           loginWindow?.close();
-//           idpHint = event.data.message as TIdpHint;
-//           loginUrl = await keycloak.value?.createLoginUrl({
-//             idpHint,
-//             redirectUri,
-//           });
-//           loginWindow = window.open((loginUrl ?? '') + (idpHint === 'google' ? '&prompt=select_account' : ''), 'Login with Google', 'width=500,height=600');
-//         }
-//       };
-//       window.addEventListener('message', messageListener);
-//     },
-//     login(email?: string, redirectUri?: string) {
-//       if (keycloak.value) {
-//         keycloak.value.login({
-//           redirectUri: redirectUri ?? getUrl(),
-//           loginHint: email ?? '',
-//           locale: locale.value,
-//         });
-//       } else {
-//         console.warn('Keycloak not defined! #login');
-//       }
-//     },
-//     logout(redirectUri?: string) {
-//       if (keycloak.value) {
-//         clearTokens();
-//         setTimeout(() => {
-//           keycloak.value &&
-//             keycloak.value.logout({
-//               redirectUri: redirectUri ?? getUrl(),
-//             });
-//         }, 100);
-//       } else {
-//         console.warn('Keycloak not defined! #logout');
-//       }
-//     },
-//     register(email?: string, redirectUri?: string) {
-//       if (keycloak.value) {
-//         keycloak.value.register({
-//           redirectUri: redirectUri ?? getUrl(),
-//           loginHint: email ?? '',
-//           locale: locale.value,
-//         });
-//       } else {
-//         console.warn('Keycloak not defined! #register');
-//       }
-//     },
-//     loginWithGoogle(redirectUri?: string) {
-//       if (keycloak.value) {
-//         keycloak.value
-//           ?.createLoginUrl({
-//             idpHint: 'google',
-//             redirectUri: redirectUri ?? getUrl(),
-//           })
-//           .then((loginUrl) => (window.location.href = `${loginUrl}&prompt=select_account`));
-//       } else {
-//         console.warn('Keycloak not defined! #loginWithGoogle');
-//       }
-//     },
-//     loginWithApple(redirectUri?: string) {
-//       if (keycloak.value) {
-//         keycloak.value.login({
-//           redirectUri: redirectUri ?? getUrl(),
-//           idpHint: 'apple',
-//           locale: locale.value,
-//         });
-//       } else {
-//         console.warn('Keycloak not defined! #loginWithApple');
-//       }
-//     },
-//     loginWithTelegram(redirectUri?: string) {
-//       if (keycloak.value) {
-//         keycloak.value.login({
-//           redirectUri: redirectUri ?? getUrl(),
-//           idpHint: 'telegram',
-//           locale: locale.value,
-//         });
-//       } else {
-//         console.warn('Keycloak not defined! #loginWithTelegram');
-//       }
-//     },
-//     changePassword(redirectUri?: string) {
-//       if (keycloak.value) {
-//         document.cookie = 'from=passport; SameSite=None; Secure';
-//         void keycloak.value.login({
-//           action: 'UPDATE_PASSWORD',
-//           redirectUri: redirectUri ?? getUrl(),
-//         });
-//       } else {
-//         console.warn('Keycloak not defined! #changePassword');
-//       }
-//     },
-//     configureOtp(redirectUri?: string) {
-//       if (keycloak.value) {
-//         document.cookie = 'from=passport; SameSite=None; Secure';
-//         void keycloak.value.login({
-//           action: 'CONFIGURE_TOTP',
-//           redirectUri: redirectUri ?? getUrl(),
-//         });
-//       } else {
-//         console.warn('Keycloak not defined! #configureOtp');
-//       }
-//     },
-//   });
-//   return methods;
-// };
-// function setTokens() {
-//   if (!keycloak.value || typeof window === 'undefined') return;
-//   !!keycloak.value?.token && localStorage.setItem(TOKEN_NAME, keycloak.value.token);
-//   !!keycloak.value?.refreshToken && localStorage.setItem(REFRESH_TOKEN_NAME, keycloak.value.refreshToken);
-//   !!keycloak.value?.idToken && localStorage.setItem(ID_TOKEN_NAME, keycloak.value.idToken);
-//   !!keycloak.value?.token && sessionStorage.setItem(TOKEN_NAME, keycloak.value.token);
-//   !!keycloak.value?.refreshToken && sessionStorage.setItem(REFRESH_TOKEN_NAME, keycloak.value.refreshToken);
-//   !!keycloak.value?.idToken && sessionStorage.setItem(ID_TOKEN_NAME, keycloak.value.idToken);
-// }
-// function clearTokens() {
-//   if (typeof window === 'undefined') return;
-//   localStorage.removeItem(TOKEN_NAME);
-//   localStorage.removeItem(REFRESH_TOKEN_NAME);
-//   localStorage.removeItem(ID_TOKEN_NAME);
-//   sessionStorage.removeItem(TOKEN_NAME);
-//   sessionStorage.removeItem(REFRESH_TOKEN_NAME);
-//   sessionStorage.removeItem(ID_TOKEN_NAME);
-// }
-// export const getToken = () => (IS_TELEGRAM_MINI_APP && !IS_LOCALHOST ? sessionStorage.getItem(TOKEN_NAME) : localStorage.getItem(TOKEN_NAME)) ?? undefined;
-// const parseJwt = (token: unknown) => {
-//   if (typeof token !== 'string') throw new Error('Invalid JWT format: #1');
-//   const [headerB64, payloadB64] = token.split('.');
-//   if (!headerB64 || !payloadB64) throw new Error('Invalid JWT format: #2');
-//   const decodeBase64Url = (str: string) => JSON.parse(atob(str.replace(/-/g, '+').replace(/_/g, '/')));
-//   const header = decodeBase64Url(headerB64);
-//   const payload = decodeBase64Url(payloadB64);
-//   const now = Math.floor(Date.now() / 1000);
-//   const isExpired = payload.exp !== undefined && now > payload.exp;
-//   return {
-//     header,
-//     payload,
-//     isExpired,
-//     expiresAt: payload.exp ? new Date(payload.exp * 1000).toISOString() : null,
-//   };
-// };
-// export const isAtExp = () => {
-//   if (typeof window === 'undefined') return false;
-//   try {
-//     return parseJwt(localStorage.getItem(TOKEN_NAME)).isExpired;
-//   } catch (e) {
-//     return false;
-//   }
-// };
-// export const isRtExp = () => {
-//   if (typeof window === 'undefined') return false;
+import Keycloak, { type KeycloakInitOptions } from 'keycloak-js';
+import { inject, reactive, readonly, type Ref, ref } from 'vue';
+import { postWebLogin, getPublicProfile } from '../api/wallet/endpoints';
+import { AppNameEnum, APP_NAME, IS_TELEGRAM_MINI_APP, KEYCLOAK_LOGIN_REQUIRED, OPENID_CLIENT_ID, OPENID_REALM, OPENID_URL, LocationEnum, IS_LOCALHOST } from '@alfabit/constants';
+export type TIdpHint = 'email' | 'google' | 'apple';
+enum TariffsGridTypeEnum {
+  Deposit = 'deposit',
+  Withdraw = 'withdraw',
+  Invoice = 'invoice',
+  Hedging = 'hedging',
+  FiatExchange = 'fiat_exchange',
+  InternalTransfer = 'internal_transfer',
+  Orders = 'orders',
+}
+interface TariffGrid {
+  tariff_name?: string | null;
+  tariff_type?: TariffsGridTypeEnum | null;
+  commission?: string | null;
+  trading_volume?: number | null;
+  is_kyc_required?: boolean | null;
+  id?: string;
+  created_date?: string;
+  creator_id?: number | null;
+  modification_date?: string | null;
+  modifier_id?: number | null;
+}
+interface ProfileResponse {
+  telegram_id?: string | null;
+  telegram_username?: string | null;
+  email?: string | null;
+  created_at: number;
+  is_active?: boolean | null;
+  balance_usdt?: string | null;
+  bonus_balance_usdt?: string | null;
+  kyc_status?: string | null;
+  kyc_link?: string | null;
+  is_wallet_commission?: boolean;
+  is_need_withdraw_kyc?: boolean;
+  tariff_grid?: TariffGrid | null;
+  tariff_grid_current?: TariffGrid | null;
+  is_partner_exchange_limit_free?: boolean | null;
+  last_login?: string | null;
+  is_tariff_autocalculate?: boolean | null;
+}
+export interface IUseKeycloak {
+  login(email?: string, redirectUri?: string): void;
+  loginWithGoogle(redirectUri?: string): void;
+  loginWithApple(redirectUri?: string): void;
+  loginWithTelegram(redirectUri?: string): void;
+  loginPopup(idpHint: TIdpHint, redirectUri?: string): void;
+  logout(redirectUri?: string): void;
+  register(email?: string, redirectUri?: string): void;
+  getToken(): string | undefined;
+  isAtExp(): boolean;
+  isRtExp(): boolean;
+  readonly isAuth: Ref<boolean>;
+  readonly checkAuth: Ref<boolean>;
+  readonly userData: Ref<ProfileResponse | null>;
+  readonly keycloak: Ref<Keycloak | null>;
+  readonly isInitialized: Ref<boolean>;
+  readonly keycloakUserData: Ref<Keycloak.KeycloakTokenParsed | null>;
+}
+export const TOKEN_NAME = 'token';
+export const REFRESH_TOKEN_NAME = 'refresh-token';
+export const ID_TOKEN_NAME = 'id-token';
+const keycloak = ref<Keycloak | null>(null);
+const isAuth = ref(false);
+const checkAuth = ref(false);
+const userData = ref<ProfileResponse | null>(null);
+const keycloakUserData = ref<Keycloak.KeycloakTokenParsed | null>(null);
+const locale = ref('en');
+const dontChangeRedirectUri = ref(false);
+const keycloakRedirectUriIsLogout = ref<string | undefined>(undefined);
+export const setKeycloakLocale = (newLocale: LocationEnum) => {
+  locale.value = newLocale;
+};
+export const setDontChangeRedirectUri = (newDontChangeRedirectUri: boolean) => {
+  dontChangeRedirectUri.value = newDontChangeRedirectUri;
+};
+export const setKeycloakRedirectUriIsLogout = (newKeycloakRedirectUriIsLogout: string | undefined) => {
+  keycloakRedirectUriIsLogout.value = newKeycloakRedirectUriIsLogout;
+};
+const isInitialized = ref(false);
+const getUrl = (): string => {
+  const url = new URL(window.location.href);
+  const searchParams = new URLSearchParams(window.location.search);
+  if (searchParams.has('redirect_uri')) {
+    const redirectUri = searchParams.get('redirect_uri');
+    if (!!redirectUri) return redirectUri;
+  }
+  // если в роуте в meta есть параметр keycloakRedirectUriIsLogout - возвращаем его
+  if (!!keycloakRedirectUriIsLogout.value && typeof keycloakRedirectUriIsLogout.value === 'string') return `${url.origin}/${locale.value}/${keycloakRedirectUriIsLogout.value}`;
+  // если в $route.meta (который передаем из родительского приложения) есть параметр dontChangeRedirectUri - то из адреса НЕ нужно удалять или добавлять /user
+  // если нет - то ничего не делать
+  // if (!dontChangeRedirectUri) {
+  //   const path = url.pathname;
+  //   // Проверяем: путь начинается с /две латинские буквы/ и далее НЕ идёт user/
+  //   const match = path.match(/^\/([a-zA-Z]{2})(\/(?!user\/))/);
+  //   if (match) {
+  //     console.log('добавляем user')
+  //     // Вставляем 'user' после двухбуквенного сегмента
+  //     url.pathname = path.replace(/^\/([a-zA-Z]{2})\//, '/$1/user/');
+  //     // Если хочешь обновить текущую страницу:
+  //     // window.location.href = url.toString();
+  //   } else {
+  //     console.log('удаляем user')
+  //     url.pathname = path.replace(/^\/([a-zA-Z]{2})\/user\//, '/$1/');
+  //   }
+  // }
+  return url.toString();
+};
+function isMobile() {
+  return /Mobi|Android|iPhone|iPad|iPod/i.test(navigator.userAgent);
+}
+export const getAuthMethods = () => {
+  const methods = reactive({
+    async loginPopup(idpHint: TIdpHint, redirectUri?: string) {
+      redirectUri = redirectUri ?? getUrl();
+      if (isMobile()) {
+        switch (idpHint) {
+          case 'google':
+            methods.loginWithGoogle(redirectUri);
+            break;
+          case 'apple':
+            methods.loginWithApple(redirectUri);
+            break;
+          default:
+            methods.login(undefined, redirectUri);
+        }
+        return;
+      }
+      let loginUrl = await keycloak.value?.createLoginUrl({
+        idpHint: idpHint === 'email' ? '' : idpHint,
+        redirectUri,
+      });
+      let loginWindow = window.open((loginUrl ?? '') + (idpHint === 'google' ? '&prompt=select_account' : ''), 'Login with Google', 'width=500,height=600');
+      const messageListener = async (event: MessageEvent) => {
+        console.log('messageListener', event.data);
+        if (event.data.type === 'keycloak-auth-success' && event.data.message === 'success') {
+          window.removeEventListener('message', messageListener);
+          //if (!loginWindow || !loginWindow.closed) {
+          loginWindow?.close();
+          console.log('window close', {
+            loginWindow,
+            closed: loginWindow?.closed,
+          });
+          //}
+          setTimeout(() => {
+            window.location.reload();
+            console.log('window reload');
+          }, 200);
+        }
+        // если в popup пришло сообщение о том, что нужно сменить idpHint, то меняем его и открываем новое окно
+        if (event.data.type === 'keycloak-auth-change') {
+          loginWindow?.close();
+          idpHint = event.data.message as TIdpHint;
+          loginUrl = await keycloak.value?.createLoginUrl({
+            idpHint,
+            redirectUri,
+          });
+          loginWindow = window.open((loginUrl ?? '') + (idpHint === 'google' ? '&prompt=select_account' : ''), 'Login with Google', 'width=500,height=600');
+        }
+      };
+      window.addEventListener('message', messageListener);
+    },
+    login(email?: string, redirectUri?: string) {
+      if (keycloak.value) {
+        keycloak.value.login({
+          redirectUri: redirectUri ?? getUrl(),
+          loginHint: email ?? '',
+          locale: locale.value,
+        });
+      } else {
+        console.warn('Keycloak not defined! #login');
+      }
+    },
+    logout(redirectUri?: string) {
+      if (keycloak.value) {
+        clearTokens();
+        setTimeout(() => {
+          keycloak.value &&
+            keycloak.value.logout({
+              redirectUri: redirectUri ?? getUrl(),
+            });
+        }, 100);
+      } else {
+        console.warn('Keycloak not defined! #logout');
+      }
+    },
+    register(email?: string, redirectUri?: string) {
+      if (keycloak.value) {
+        keycloak.value.register({
+          redirectUri: redirectUri ?? getUrl(),
+          loginHint: email ?? '',
+          locale: locale.value,
+        });
+      } else {
+        console.warn('Keycloak not defined! #register');
+      }
+    },
+    loginWithGoogle(redirectUri?: string) {
+      if (keycloak.value) {
+        keycloak.value
+          ?.createLoginUrl({
+            idpHint: 'google',
+            redirectUri: redirectUri ?? getUrl(),
+          })
+          .then((loginUrl) => (window.location.href = `${loginUrl}&prompt=select_account`));
+      } else {
+        console.warn('Keycloak not defined! #loginWithGoogle');
+      }
+    },
+    loginWithApple(redirectUri?: string) {
+      if (keycloak.value) {
+        keycloak.value.login({
+          redirectUri: redirectUri ?? getUrl(),
+          idpHint: 'apple',
+          locale: locale.value,
+        });
+      } else {
+        console.warn('Keycloak not defined! #loginWithApple');
+      }
+    },
+    loginWithTelegram(redirectUri?: string) {
+      if (keycloak.value) {
+        keycloak.value.login({
+          redirectUri: redirectUri ?? getUrl(),
+          idpHint: 'telegram',
+          locale: locale.value,
+        });
+      } else {
+        console.warn('Keycloak not defined! #loginWithTelegram');
+      }
+    },
+    changePassword(redirectUri?: string) {
+      if (keycloak.value) {
+        document.cookie = 'from=passport; SameSite=None; Secure';
+        void keycloak.value.login({
+          action: 'UPDATE_PASSWORD',
+          redirectUri: redirectUri ?? getUrl(),
+        });
+      } else {
+        console.warn('Keycloak not defined! #changePassword');
+      }
+    },
+    configureOtp(redirectUri?: string) {
+      if (keycloak.value) {
+        document.cookie = 'from=passport; SameSite=None; Secure';
+        void keycloak.value.login({
+          action: 'CONFIGURE_TOTP',
+          redirectUri: redirectUri ?? getUrl(),
+        });
+      } else {
+        console.warn('Keycloak not defined! #configureOtp');
+      }
+    },
+  });
+  return methods;
+};
+function setTokens() {
+  if (!keycloak.value || typeof window === 'undefined') return;
+  !!keycloak.value?.token && localStorage.setItem(TOKEN_NAME, keycloak.value.token);
+  !!keycloak.value?.refreshToken && localStorage.setItem(REFRESH_TOKEN_NAME, keycloak.value.refreshToken);
+  !!keycloak.value?.idToken && localStorage.setItem(ID_TOKEN_NAME, keycloak.value.idToken);
+  !!keycloak.value?.token && sessionStorage.setItem(TOKEN_NAME, keycloak.value.token);
+  !!keycloak.value?.refreshToken && sessionStorage.setItem(REFRESH_TOKEN_NAME, keycloak.value.refreshToken);
+  !!keycloak.value?.idToken && sessionStorage.setItem(ID_TOKEN_NAME, keycloak.value.idToken);
+}
+function clearTokens() {
+  if (typeof window === 'undefined') return;
+  localStorage.removeItem(TOKEN_NAME);
+  localStorage.removeItem(REFRESH_TOKEN_NAME);
+  localStorage.removeItem(ID_TOKEN_NAME);
+  sessionStorage.removeItem(TOKEN_NAME);
+  sessionStorage.removeItem(REFRESH_TOKEN_NAME);
+  sessionStorage.removeItem(ID_TOKEN_NAME);
+}
+export const getToken = () => (IS_TELEGRAM_MINI_APP && !IS_LOCALHOST ? sessionStorage.getItem(TOKEN_NAME) : localStorage.getItem(TOKEN_NAME)) ?? undefined;
+const parseJwt = (token: unknown) => {
+  if (typeof token !== 'string') throw new Error('Invalid JWT format: #1');
+  const [headerB64, payloadB64] = token.split('.');
+  if (!headerB64 || !payloadB64) throw new Error('Invalid JWT format: #2');
+  const decodeBase64Url = (str: string) => JSON.parse(atob(str.replace(/-/g, '+').replace(/_/g, '/')));
+  const header = decodeBase64Url(headerB64);
+  const payload = decodeBase64Url(payloadB64);
+  const now = Math.floor(Date.now() / 1000);
+  const isExpired = payload.exp !== undefined && now > payload.exp;
+  return {
+    header,
+    payload,
+    isExpired,
+    expiresAt: payload.exp ? new Date(payload.exp * 1000).toISOString() : null,
+  };
+};
+export const isAtExp = () => {
+  if (typeof window === 'undefined') return false;
+  try {
+    return parseJwt(localStorage.getItem(TOKEN_NAME)).isExpired;
+  } catch (e) {
+    return false;
+  }
+};
+export const isRtExp = () => {
+  if (typeof window === 'undefined') return false;
+  try {
+    // если рт не истек, возвращаем true
+    return parseJwt(localStorage.getItem(REFRESH_TOKEN_NAME)).isExpired;
+  } catch (e) {
+    clearTokens();
+    if (e instanceof Error) {
+      console.log('checkIsPassportAuth error: ', e.message);
+    }
+    return false;
+  }
+};
+// const isPopup = () => {
+//   console.log('run isPopup');
+//   // для авторизации в popup - это запускается в дочернем окне
 //   try {
-//     // если рт не истек, возвращаем true
-//     return parseJwt(localStorage.getItem(REFRESH_TOKEN_NAME)).isExpired;
-//   } catch (e) {
-//     clearTokens();
-//     if (e instanceof Error) {
-//       console.log('checkIsPassportAuth error: ', e.message);
+//     // Отправляем сообщение родителю
+//     if (window.opener) {
+//       console.log('window opener');
+//       window.opener.postMessage(
+//         {
+//           type: 'keycloak-auth-success',
+//           message: 'success',
+//         },
+//         '*'
+//       );
 //     }
-//     return false;
+//   } catch (err) {
+//     console.warn('Error in login-popup-redirect.html:', err);
 //   }
 // };
-// // const isPopup = () => {
-// //   console.log('run isPopup');
-// //   // для авторизации в popup - это запускается в дочернем окне
-// //   try {
-// //     // Отправляем сообщение родителю
-// //     if (window.opener) {
-// //       console.log('window opener');
-// //       window.opener.postMessage(
-// //         {
-// //           type: 'keycloak-auth-success',
-// //           message: 'success',
-// //         },
-// //         '*'
-// //       );
-// //     }
-// //   } catch (err) {
-// //     console.warn('Error in login-popup-redirect.html:', err);
-// //   }
-// // };
-// let isInitKeycloak = false;
-// export async function initKeycloak() {
-//   if (!!keycloak.value || typeof window === 'undefined' || isInitKeycloak) return;
-//   isInitKeycloak = true;
-//   if (!OPENID_URL) throw new Error('Не задана переменная keycloak: url');
-//   if (!OPENID_REALM) throw new Error('Не задана переменная keycloak: realm');
-//   if (!OPENID_CLIENT_ID) throw new Error('Не задана переменная keycloak: clientId');
-//   // console.log({
-//   //   OPENID_URL,
-//   //   OPENID_REALM,
-//   //   OPENID_CLIENT_ID,
-//   //   VITE_OPENID_URL: import.meta.env?.VITE_OPENID_URL,
-//   //   VITE_PUBLIC_KEYCLOAK_URL: import.meta.env?.VITE_PUBLIC_KEYCLOAK_URL,
-//   //   VITE_OPENID_REALM: import.meta.env?.VITE_OPENID_REALM,
-//   //   VITE_PUBLIC_KEYCLOAK_REALM: import.meta.env?.VITE_PUBLIC_KEYCLOAK_REALM,
-//   //   VITE_OPENID_CLIENT_ID: import.meta.env?.VITE_OPENID_CLIENT_ID,
-//   //   VITE_PUBLIC_KEYCLOAK_CLIENT_ID: import.meta.env?.VITE_PUBLIC_KEYCLOAK_CLIENT_ID,
-//   // });
-//   keycloak.value = new Keycloak({
-//     url: OPENID_URL,
-//     realm: OPENID_REALM,
-//     clientId: OPENID_CLIENT_ID,
-//   });
-//   // keycloak.value && (keycloak.value.onAuthLogout = () => {
-//   //   console.warn('>>>>>>>> Сессия истекла');
-//   //   // например, показать уведомление
-//   //   // или открыть собственное модальное окно логина
-//   // });
-//   const isNeedAuth = !!getToken() && !isRtExp();
-//   // window.opener - если находимся в popup (но не в passport), то 100% уже авторизованы и можно поставить login-required
-//   const initOptions: KeycloakInitOptions = {
-//     pkceMethod: 'S256',
-//     checkLoginIframe: false,
-//     // enableLogging: true,
-//   };
-//   // Устанавливаем onLoad только если нужно
-//   if (KEYCLOAK_LOGIN_REQUIRED || (APP_NAME !== AppNameEnum.PASSPORT)) {
-//     initOptions.onLoad = 'login-required';
-//   } else if (isNeedAuth) {
-//     initOptions.onLoad = 'check-sso';
-//     // clearTokens();
-//     // window.location.href = getUrl() as string;
-//   }
-//   if (!isNeedAuth) {
-//     clearTokens();
-//   } else {
-//     const token = localStorage.getItem(TOKEN_NAME);
-//     const refreshToken = localStorage.getItem(REFRESH_TOKEN_NAME);
-//     const idToken = localStorage.getItem(ID_TOKEN_NAME);
-//     if (token) initOptions.token = token;
-//     if (refreshToken) initOptions.refreshToken = refreshToken;
-//     if (idToken) initOptions.idToken = idToken;
-//   }
-//   try {
-//     const res = await keycloak.value.init(initOptions);
-//     setTokens();
-//     if (res) {
-//       //await keycloak.value.updateToken(70);
-//       setTokens();
-//       // isPopup();
-//       keycloakUserData.value = keycloak.value?.tokenParsed ?? null;
-//       isAuth.value = true;
-//       try {
-//         postWebLogin();
-//       } catch (e) { }
-//       //setTimeout(() => {
-//       setInterval(async () => {
-//         if (!keycloak.value) return;
-//         try {
-//           const res = await keycloak.value.updateToken(70);
-//           if (res) {
-//             setTokens();
-//             keycloakUserData.value = keycloak.value?.tokenParsed ?? null;
-//             isAuth.value = true;
-//             try {
-//               postWebLogin();
-//             } catch { }
-//           }
-//         }
-//         catch (e) {
-//           console.warn('Ошибка Keycloak:', e);
-//           keycloak.value?.clearToken();
-//         }
-//       }, 6000);
-//       //}, 60000);
-//     }
-//     return isAuth.value;
-//   } catch (error) {
-//     console.warn('Ошибка Keycloak:', error);
-//     isAuth.value = false;
-//     return false;
-//   } finally {
-//     checkAuth.value = true;
-//   }
-// }
-// interface IKeycliakInit {
-//   keycloakInit?: Ref<Keycloak | null | undefined> | undefined;
-// }
-// export async function createKeycloakInit({ keycloakInit }: IKeycliakInit = {}) {
-//   if (typeof window === 'undefined') return;
-//   if (!!keycloakInit && keycloakInit?.value) {
-//     keycloak.value = keycloakInit.value;
-//     isAuth.value = keycloak.value?.authenticated ?? false;
-//   } else {
-//     await initKeycloak();
-//   }
-//   isInitialized.value = true;
-// }
-// // ...весь остальной код до сюда не меняется...
-// let _keycloakInit: IUseKeycloak | null = null;
-// export const keycloakInit = (dontChangeRedirectUri?: Ref<boolean>, keycloakRedirectUriIsLogout?: Ref<string | undefined>): IUseKeycloak => {
-//   if (_keycloakInit) return _keycloakInit;
-//   dontChangeRedirectUri ||= inject('dontChangeRedirectUri', ref(false));
-//   keycloakRedirectUriIsLogout ||= inject('keycloakRedirectUriIsLogout', ref(undefined));
-//   _keycloakInit = {
-//     keycloak: readonly(keycloak) as Ref<Keycloak | null>,
-//     isInitialized: readonly(isInitialized),
-//     isAuth: readonly(isAuth),
-//     checkAuth: readonly(checkAuth),
-//     keycloakUserData,
-//     ...getAuthMethods(),
-//     getToken,
-//     isAtExp,
-//     isRtExp,
-//   };
-//   return _keycloakInit;
-// };
+let isInitKeycloak = false;
+export async function initKeycloak() {
+  if (!!keycloak.value || typeof window === 'undefined' || isInitKeycloak) return;
+  isInitKeycloak = true;
+  if (!OPENID_URL) throw new Error('Не задана переменная keycloak: url');
+  if (!OPENID_REALM) throw new Error('Не задана переменная keycloak: realm');
+  if (!OPENID_CLIENT_ID) throw new Error('Не задана переменная keycloak: clientId');
+  // console.log({
+  //   OPENID_URL,
+  //   OPENID_REALM,
+  //   OPENID_CLIENT_ID,
+  //   VITE_OPENID_URL: import.meta.env?.VITE_OPENID_URL,
+  //   VITE_PUBLIC_KEYCLOAK_URL: import.meta.env?.VITE_PUBLIC_KEYCLOAK_URL,
+  //   VITE_OPENID_REALM: import.meta.env?.VITE_OPENID_REALM,
+  //   VITE_PUBLIC_KEYCLOAK_REALM: import.meta.env?.VITE_PUBLIC_KEYCLOAK_REALM,
+  //   VITE_OPENID_CLIENT_ID: import.meta.env?.VITE_OPENID_CLIENT_ID,
+  //   VITE_PUBLIC_KEYCLOAK_CLIENT_ID: import.meta.env?.VITE_PUBLIC_KEYCLOAK_CLIENT_ID,
+  // });
+  keycloak.value = new Keycloak({
+    url: OPENID_URL,
+    realm: OPENID_REALM,
+    clientId: OPENID_CLIENT_ID,
+  });
+  // keycloak.value && (keycloak.value.onAuthLogout = () => {
+  //   console.warn('>>>>>>>> Сессия истекла');
+  //   // например, показать уведомление
+  //   // или открыть собственное модальное окно логина
+  // });
+  const isNeedAuth = !!getToken() && !isRtExp();
+  const initOptions: KeycloakInitOptions = {
+    pkceMethod: 'S256',
+    checkLoginIframe: false,
+    // enableLogging: true,
+  };
+  // Устанавливаем onLoad только если нужно
+  if (isNeedAuth && (KEYCLOAK_LOGIN_REQUIRED || (APP_NAME !== AppNameEnum.PASSPORT))) {
+    initOptions.onLoad = 'login-required';
+  } else if (isNeedAuth) {
+    initOptions.onLoad = 'check-sso';
+    // clearTokens();
+    // window.location.href = getUrl() as string;
+  }
+  if (!isNeedAuth) {
+    clearTokens();
+  } else {
+    const token = localStorage.getItem(TOKEN_NAME);
+    const refreshToken = localStorage.getItem(REFRESH_TOKEN_NAME);
+    const idToken = localStorage.getItem(ID_TOKEN_NAME);
+    if (token) initOptions.token = token;
+    if (refreshToken) initOptions.refreshToken = refreshToken;
+    if (idToken) initOptions.idToken = idToken;
+  }
+  try {
+    const res = await keycloak.value.init(initOptions);
+    setTokens();
+    if (res) {
+      //await keycloak.value.updateToken(70);
+      setTokens();
+      // isPopup();
+      keycloakUserData.value = keycloak.value?.tokenParsed ?? null;
+      isAuth.value = true;
+      try {
+        await postWebLogin();
+        userData.value = await getPublicProfile();
+      } catch (e) { }
+      //setTimeout(() => {
+      setInterval(async () => {
+        if (!keycloak.value) return;
+        try {
+          const res = await keycloak.value.updateToken(70);
+          if (res) {
+            setTokens();
+            keycloakUserData.value = keycloak.value?.tokenParsed ?? null;
+            isAuth.value = true;
+            try {
+              await postWebLogin();
+              userData.value = await getPublicProfile();
+            } catch { }
+          }
+        }
+        catch (e) {
+          console.warn('Ошибка Keycloak:', e);
+          keycloak.value?.clearToken();
+        }
+      }, 6000);
+      //}, 60000);
+    }
+    return isAuth.value;
+  } catch (error) {
+    console.warn('Ошибка Keycloak:', error);
+    isAuth.value = false;
+    return false;
+  } finally {
+    checkAuth.value = true;
+  }
+}
+interface IKeycliakInit {
+  keycloakInit?: Ref<Keycloak | null | undefined> | undefined;
+}
+export async function createKeycloakInit({ keycloakInit }: IKeycliakInit = {}) {
+  if (typeof window === 'undefined') return;
+  if (!!keycloakInit && keycloakInit?.value) {
+    keycloak.value = keycloakInit.value;
+    isAuth.value = keycloak.value?.authenticated ?? false;
+  } else {
+    await initKeycloak();
+  }
+  isInitialized.value = true;
+}
+// ...весь остальной код до сюда не меняется...
+let _keycloakInit: IUseKeycloak | null = null;
+export const keycloakInit = (dontChangeRedirectUri?: Ref<boolean>, keycloakRedirectUriIsLogout?: Ref<string | undefined>): IUseKeycloak => {
+  if (_keycloakInit) return _keycloakInit;
+  dontChangeRedirectUri ||= inject('dontChangeRedirectUri', ref(false));
+  keycloakRedirectUriIsLogout ||= inject('keycloakRedirectUriIsLogout', ref(undefined));
+  _keycloakInit = {
+    keycloak: readonly(keycloak) as Ref<Keycloak | null>,
+    isInitialized: readonly(isInitialized),
+    isAuth: readonly(isAuth),
+    checkAuth: readonly(checkAuth),
+    userData: readonly(userData),
+    keycloakUserData,
+    ...getAuthMethods(),
+    getToken,
+    isAtExp,
+    isRtExp,
+  };
+  return _keycloakInit;
+};