cortex-auth 1.3.5 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/payload-jwt/authenticateRequest.d.ts +10 -0
- package/dist/payload-jwt/authenticateRequest.d.ts.map +1 -1
- package/dist/payload-jwt/authenticateRequest.js +67 -1
- package/dist/payload-jwt/authenticateRequest.js.map +1 -1
- package/dist/payload-jwt/configuration.d.ts +31 -7
- package/dist/payload-jwt/configuration.d.ts.map +1 -1
- package/dist/payload-jwt/configuration.js +39 -50
- package/dist/payload-jwt/configuration.js.map +1 -1
- package/package.json +1 -1
|
@@ -14,4 +14,14 @@ export declare function authenticateRequest({ req, payload }: {
|
|
|
14
14
|
role: any;
|
|
15
15
|
method: string;
|
|
16
16
|
}>;
|
|
17
|
+
export declare function authenticateRequestHeaders({ headers, payload }: {
|
|
18
|
+
headers: Headers;
|
|
19
|
+
payload?: Payload;
|
|
20
|
+
}): Promise<{
|
|
21
|
+
id: string | number;
|
|
22
|
+
email: any;
|
|
23
|
+
name: any;
|
|
24
|
+
role: any;
|
|
25
|
+
method: string;
|
|
26
|
+
} | undefined>;
|
|
17
27
|
//# sourceMappingURL=authenticateRequest.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,UAAU,SAAU,SAAQ,KAAK;IAC7B,UAAU,EAAE,MAAM,CAAC;CACtB;AAQD,YAAY,EAAE,SAAS,EAAE,CAAC;AAoC1B,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;IAAE,GAAG,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;GA2EtG"}
|
|
1
|
+
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,UAAU,SAAU,SAAQ,KAAK;IAC7B,UAAU,EAAE,MAAM,CAAC;CACtB;AAQD,YAAY,EAAE,SAAS,EAAE,CAAC;AAoC1B,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;IAAE,GAAG,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;GA2EtG;AAED,wBAAsB,0BAA0B,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;eAmE7G"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { verifySession } from "./user";
|
|
1
|
+
import { verifySession, verifyToken } from "./user";
|
|
2
2
|
function createAuthError(message, statusCode) {
|
|
3
3
|
const error = new Error(message);
|
|
4
4
|
error.statusCode = statusCode;
|
|
@@ -80,4 +80,70 @@ export async function authenticateRequest({ req, payload }) {
|
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
82
|
}
|
|
83
|
+
export async function authenticateRequestHeaders({ headers, payload }) {
|
|
84
|
+
if (headers.get('authorization')) {
|
|
85
|
+
const session = await verifyToken(headers.get('authorization').replace('Bearer ', ''));
|
|
86
|
+
if (!session || !session.sub || !session.extra)
|
|
87
|
+
throw createAuthError("No valid session found", 401);
|
|
88
|
+
const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID;
|
|
89
|
+
const permissions = session.resource_access?.[OAUTH_CLIENT_ID]?.roles;
|
|
90
|
+
if (!permissions)
|
|
91
|
+
throw createAuthError("User does not have permission to access this application.", 403);
|
|
92
|
+
if (!payload)
|
|
93
|
+
throw createAuthError("Payload instance is required for Keycloak user normalisation", 500);
|
|
94
|
+
const payloadUser = (await payload.find({ collection: 'users', depth: 1, limit: 1, draft: false, overrideAccess: true, where: { email: { equals: session.extra.email } } })).docs[0];
|
|
95
|
+
if (!payloadUser && session.extra) {
|
|
96
|
+
// create the user in Payload
|
|
97
|
+
const newUser = await payload.create({
|
|
98
|
+
collection: 'users',
|
|
99
|
+
data: {
|
|
100
|
+
email: session.extra.email,
|
|
101
|
+
name: session.extra.name,
|
|
102
|
+
role: permissions[0] || 'user',
|
|
103
|
+
enabled: true,
|
|
104
|
+
accounts: [
|
|
105
|
+
{
|
|
106
|
+
provider: 'keycloak', providerAccountId: session.sub, type: 'oidc',
|
|
107
|
+
}
|
|
108
|
+
],
|
|
109
|
+
},
|
|
110
|
+
draft: false,
|
|
111
|
+
overrideAccess: true,
|
|
112
|
+
});
|
|
113
|
+
console.log("Created new Payload user for Keycloak user:", newUser.id, newUser.email);
|
|
114
|
+
return {
|
|
115
|
+
id: newUser.id,
|
|
116
|
+
email: newUser.email,
|
|
117
|
+
name: newUser.name,
|
|
118
|
+
role: newUser.role,
|
|
119
|
+
method: 'bearer',
|
|
120
|
+
};
|
|
121
|
+
}
|
|
122
|
+
else if (payloadUser) {
|
|
123
|
+
// update user role if changed
|
|
124
|
+
if (payloadUser.role !== permissions[0]) {
|
|
125
|
+
await payload.update({
|
|
126
|
+
collection: 'users',
|
|
127
|
+
id: payloadUser.id,
|
|
128
|
+
data: {
|
|
129
|
+
role: permissions[0] || 'user',
|
|
130
|
+
},
|
|
131
|
+
draft: false,
|
|
132
|
+
overrideAccess: true,
|
|
133
|
+
});
|
|
134
|
+
console.log(`Updated Payload user role for ${payloadUser.email} to ${permissions}`);
|
|
135
|
+
}
|
|
136
|
+
return {
|
|
137
|
+
id: payloadUser.id,
|
|
138
|
+
email: payloadUser.email,
|
|
139
|
+
name: payloadUser.name,
|
|
140
|
+
role: permissions[0] || 'user',
|
|
141
|
+
method: 'bearer',
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
else {
|
|
145
|
+
throw createAuthError("No user found for the given session", 401);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
}
|
|
83
149
|
//# sourceMappingURL=authenticateRequest.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAUpD,SAAS,eAAe,CAAC,OAAe,EAAE,UAAkB;IACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAc,CAAC;IAC9C,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;IAC9B,OAAO,KAAK,CAAC;AACjB,CAAC;AAsCD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAA+C;IACnG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAY,CAAA;QAClC,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,QAAQ;SACnB,CAAA;IACL,CAAC;SAAM,CAAC;QACJ,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;QAExC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;QACrD,MAAM,WAAW,GAAK,OAAO,CAAC,eAAwD,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;QAC1I,IAAI,CAAC,WAAW;YAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;QAE1G,IAAI,CAAC,OAAO;YAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;QACzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAEpL,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAGhC,6BAA6B;YAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;gBACjC,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE;oBACF,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;oBACxB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;oBAC9B,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE;wBACN;4BACI,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM;yBACrE;qBACJ;iBACJ;gBACD,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YACrF,OAAO;gBACH,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACrB,8BAA8B;YAC9B,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,MAAM,OAAO,CAAC,MAAM,CAAC;oBACjB,UAAU,EAAE,OAAO;oBACnB,EAAE,EAAE,WAAW,CAAC,EAAE;oBAClB,IAAI,EAAE;wBACF,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;qBACjC;oBACD,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACvB,CAAC,CAAA;gBACF,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,WAAW,EAAE,CAAC,CAAC;YACxF,CAAC;YAED,OAAO;gBACH,EAAE,EAAE,WAAW,CAAC,EAAE;gBAClB,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;gBAC9B,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,eAAe,CAAC,qCAAqC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACL,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,EAAE,OAAO,EAAE,OAAO,EAA2C;IAC1G,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAE/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAE,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;QAExF,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;QACrD,MAAM,WAAW,GAAK,OAAO,CAAC,eAAwD,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;QAC1I,IAAI,CAAC,WAAW;YAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;QAE1G,IAAI,CAAC,OAAO;YAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;QACzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAEpL,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAGhC,6BAA6B;YAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;gBACjC,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE;oBACF,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;oBACxB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;oBAC9B,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE;wBACN;4BACI,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM;yBACrE;qBACJ;iBACJ;gBACD,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YACrF,OAAO;gBACH,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACrB,8BAA8B;YAC9B,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,MAAM,OAAO,CAAC,MAAM,CAAC;oBACjB,UAAU,EAAE,OAAO;oBACnB,EAAE,EAAE,WAAW,CAAC,EAAE;oBAClB,IAAI,EAAE;wBACF,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;qBACjC;oBACD,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACvB,CAAC,CAAA;gBACF,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,WAAW,EAAE,CAAC,CAAC;YACxF,CAAC;YAED,OAAO;gBACH,EAAE,EAAE,WAAW,CAAC,EAAE;gBAClB,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;gBAC9B,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,eAAe,CAAC,qCAAqC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACL,CAAC;AACL,CAAC"}
|
|
@@ -13,17 +13,37 @@ declare function profileRoles(profile: {
|
|
|
13
13
|
role: string;
|
|
14
14
|
};
|
|
15
15
|
declare function persistTokens(userId: string, account: AccountType, payloadConfig: SanitizedConfig): Promise<void>;
|
|
16
|
-
declare module "next-auth" {
|
|
17
|
-
interface Session {
|
|
18
|
-
accessToken?: string;
|
|
19
|
-
}
|
|
20
|
-
}
|
|
21
16
|
export declare const payloadAuthConfig: {
|
|
22
|
-
userCollectionDatabaseFields: {
|
|
17
|
+
userCollectionDatabaseFields: ({
|
|
18
|
+
name: string;
|
|
19
|
+
type: string;
|
|
20
|
+
options: {
|
|
21
|
+
label: string;
|
|
22
|
+
value: string;
|
|
23
|
+
}[];
|
|
24
|
+
defaultValue: string;
|
|
25
|
+
required: boolean;
|
|
26
|
+
admin: {
|
|
27
|
+
description: string;
|
|
28
|
+
disabled?: undefined;
|
|
29
|
+
};
|
|
30
|
+
label?: undefined;
|
|
31
|
+
fields?: undefined;
|
|
32
|
+
} | {
|
|
33
|
+
name: string;
|
|
34
|
+
type: string;
|
|
35
|
+
label: string;
|
|
36
|
+
defaultValue: boolean;
|
|
37
|
+
options?: undefined;
|
|
38
|
+
required?: undefined;
|
|
39
|
+
admin?: undefined;
|
|
40
|
+
fields?: undefined;
|
|
41
|
+
} | {
|
|
23
42
|
name: string;
|
|
24
43
|
type: string;
|
|
25
44
|
admin: {
|
|
26
45
|
disabled: boolean;
|
|
46
|
+
description?: undefined;
|
|
27
47
|
};
|
|
28
48
|
fields: ({
|
|
29
49
|
name: string;
|
|
@@ -43,7 +63,11 @@ export declare const payloadAuthConfig: {
|
|
|
43
63
|
};
|
|
44
64
|
required?: undefined;
|
|
45
65
|
})[];
|
|
46
|
-
|
|
66
|
+
options?: undefined;
|
|
67
|
+
defaultValue?: undefined;
|
|
68
|
+
required?: undefined;
|
|
69
|
+
label?: undefined;
|
|
70
|
+
})[];
|
|
47
71
|
persistTokens: typeof persistTokens;
|
|
48
72
|
profileRoles: typeof profileRoles;
|
|
49
73
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAI9C,KAAK,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAkCxD,iBAAS,YAAY,CAAC,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,EAAE,MAAM,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE;SAA3F,MAAM;;;EAQ3C;AAED,iBAAe,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,iBAuBhG;AA8CD,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAM7B,CAAC"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { decodeJwt } from 'jose';
|
|
2
2
|
import { getPayload } from 'payload';
|
|
3
|
-
import KeycloakProvider from "next-auth/providers/keycloak";
|
|
4
3
|
function upsertAccount(existing = [], account) {
|
|
5
4
|
const provider = account.provider;
|
|
6
5
|
const providerAccountId = account.providerAccountId;
|
|
@@ -57,58 +56,48 @@ async function persistTokens(userId, account, payloadConfig) {
|
|
|
57
56
|
overrideAccess: true,
|
|
58
57
|
});
|
|
59
58
|
}
|
|
60
|
-
const
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
clientId: process.env.OAUTH_CLIENT_ID,
|
|
68
|
-
clientSecret: process.env.OAUTH_CLIENT_SECRET,
|
|
69
|
-
issuer: process.env.OAUTH_ISSUER,
|
|
70
|
-
authorization: { params: { scope: authConfig?.oauth.scope ?? "openid profile email offline_access" } },
|
|
71
|
-
profile(profile, tokens) {
|
|
72
|
-
let role = 'user'; // default role
|
|
73
|
-
if (tokens && tokens.access_token) {
|
|
74
|
-
const decodedJWT = decodeJwt(tokens.access_token);
|
|
75
|
-
const permissions = decodedJWT.resource_access?.[process.env.OAUTH_CLIENT_ID]?.roles;
|
|
76
|
-
role = permissions?.[0] || 'user';
|
|
77
|
-
}
|
|
78
|
-
return { id: profile.sub, role, ...profile };
|
|
59
|
+
const userCollectionDatabaseFields = [{
|
|
60
|
+
name: 'role',
|
|
61
|
+
type: 'select',
|
|
62
|
+
options: [
|
|
63
|
+
{
|
|
64
|
+
label: 'User',
|
|
65
|
+
value: 'user',
|
|
79
66
|
},
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
67
|
+
{
|
|
68
|
+
label: 'Admin',
|
|
69
|
+
value: 'admin',
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
label: 'Digital Colleague',
|
|
73
|
+
value: 'digital-colleague',
|
|
74
|
+
},
|
|
75
|
+
],
|
|
76
|
+
defaultValue: 'user',
|
|
77
|
+
required: true,
|
|
78
|
+
admin: {
|
|
79
|
+
description: 'The role of the user',
|
|
91
80
|
},
|
|
92
81
|
},
|
|
93
|
-
}
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
};
|
|
82
|
+
{ name: 'enabled', type: 'checkbox', label: 'Enabled', defaultValue: true },
|
|
83
|
+
{
|
|
84
|
+
name: "accounts",
|
|
85
|
+
type: "array",
|
|
86
|
+
admin: { disabled: false }, // optional
|
|
87
|
+
fields: [
|
|
88
|
+
{ name: "provider", type: "text", required: true },
|
|
89
|
+
{ name: "providerAccountId", type: "text", required: true },
|
|
90
|
+
{ name: "type", type: "text" },
|
|
91
|
+
// Add these:
|
|
92
|
+
{ name: "access_token", type: "text", admin: { disabled: true } },
|
|
93
|
+
{ name: "refresh_token", type: "text", admin: { disabled: true } },
|
|
94
|
+
{ name: "expires_at", type: "number", admin: { disabled: true } },
|
|
95
|
+
{ name: "id_token", type: "text", admin: { disabled: true } },
|
|
96
|
+
{ name: "token_type", type: "text", admin: { disabled: true } },
|
|
97
|
+
{ name: "scope", type: "text", admin: { disabled: true } },
|
|
98
|
+
{ name: "session_state", type: "text", admin: { disabled: true } },
|
|
99
|
+
],
|
|
100
|
+
}];
|
|
112
101
|
export const payloadAuthConfig = {
|
|
113
102
|
userCollectionDatabaseFields,
|
|
114
103
|
persistTokens,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAIpC,SAAS,aAAa,CAAC,WAA0B,EAAE,EAAE,OAAoB;IACvE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;IACjC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAC5B,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CACzF,CAAA;IAED,MAAM,OAAO,GAAG;QACd,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClC,QAAQ;QACR,iBAAiB;QACjB,IAAI,EAAE,OAAO,CAAC,IAAI;QAElB,yDAAyD;QACzD,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI;QAC1C,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;QAC5C,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;QAClC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;QAC5B,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;KAC7C,CAAA;IAED,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAA;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,YAAY,CAAC,OAAgD,EAAE,MAAyD;IAC/H,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAClD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IACpC,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;AAC9C,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,OAAoB,EAAE,aAA8B;IAC/F,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAA;IAE3D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;QACtC,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,KAAK,EAAE,CAAC;KACT,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAI,QAAiB,CAAC,QAAQ,IAAI,EAAE,CAAA;IAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACjD,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,OAAO,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,CAAC,MAAM,CAAC;QACnB,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;QACxB,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,CAAC;QAChC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE;YACP;gBACE,KAAK,EAAE,MAAM;gBACb,KAAK,EAAE,MAAM;aACd;YACD;gBACE,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,OAAO;aACf;YACD;gBACE,KAAK,EAAE,mBAAmB;gBAC1B,KAAK,EAAE,mBAAmB;aAC3B;SACF;QACD,YAAY,EAAE,MAAM;QACpB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE;YACL,WAAW,EAAE,sBAAsB;SACpC;KACF;IACD,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE;IAC3E;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW;QACvC,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YAClD,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;YAE9B,aAAa;YACb,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YACjE,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAClE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YACjE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAC7D,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAC/D,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAC1D,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;SACnE;KACF,CAAC,CAAC;AAEP,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAE/B,4BAA4B;IAC5B,aAAa;IAEb,YAAY;CACb,CAAC"}
|