From 445e523c9a92cdb12d4a56b0e911598040d14266 Mon Sep 17 00:00:00 2001 From: Simon Emanuelsson Date: Wed, 27 Mar 2024 09:01:38 +0100 Subject: [PATCH] feat: add redirect_proxy url to handle auth in stage, test --- .env.local.example | 16 ++++++---- auth.ts | 77 ++++++++++++++++++++++++---------------------- env/server.ts | 34 +++++++++++--------- types/auth.d.ts | 29 +++++++++++++++++ 4 files changed, 99 insertions(+), 57 deletions(-) create mode 100644 types/auth.d.ts diff --git a/.env.local.example b/.env.local.example index 2f6a2910f..1ffe6074b 100644 --- a/.env.local.example +++ b/.env.local.example @@ -1,14 +1,18 @@ +ADOBE_SCRIPT_SRC="" CMS_ACCESS_TOKEN="" CMS_API_KEY="" CMS_ENVIRONMENT="development" -CMS_URL="https://eu-graphql.contentstack.com/stacks/${CMS_API_KEY}?environment=${CMS_ENVIRONMENT}" -CMS_PREVIEW_URL="https://graphql-preview.contentstack.com/stacks/${CMS_API_KEY}?environment=${CMS_ENVIRONMENT}" CMS_PREVIEW_TOKEN="" -ADOBE_SCRIPT_SRC="" -REVALIDATE_SECRET="" -DESIGN_SYSTEM_ACCESS_TOKEN="" +CMS_PREVIEW_URL="" +CMS_URL="https://eu-graphql.contentstack.com/stacks/${CMS_API_KEY}?environment=${CMS_ENVIRONMENT}" +CURITY_CLIENT_ID_SERVICE="" +CURITY_CLIENT_SECRET_SERVICE="" CURITY_CLIENT_ID_USER="" CURITY_CLIENT_SECRET_USER="" CURITY_ISSUER_USER="https://testlogin.scandichotels.com" +CYPRESS_BASE_URL="http://localhost:3000" +DESIGN_SYSTEM_ACCESS_TOKEN="" +NEXTAUTH_REDIRECT_PROXY_URL="http://localhost:3000/api/auth" +NEXTAUTH_SECRET="" NEXTAUTH_URL="http://localhost:3000/api/auth" -NEXTAUTH_SECRET="secret" +REVALIDATE_SECRET="" diff --git a/auth.ts b/auth.ts index 04cb71491..fdb7e65d0 100644 --- a/auth.ts +++ b/auth.ts @@ -2,48 +2,51 @@ import NextAuth from "next-auth" import { env } from "@/env/server" -import type { NextAuthConfig } from "next-auth" +import type { NextAuthConfig, User } from "next-auth" +import type { OIDCConfig } from "next-auth/providers" + +const customProvider = { + clientId: env.CURITY_CLIENT_ID_USER, + clientSecret: env.CURITY_CLIENT_SECRET_USER, + id: "curity", + name: "Curity", + type: "oidc", + // FIXME: This is incorrect. We should not hard code this. + // It should be ${env.CURITY_ISSUER_USER}. + // This change requires sync between Curity deploy and CurrentWeb and NewWeb. + issuer: "https://scandichotels.com", + authorization: { + url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`, + params: { + scope: ["openid"], + }, + }, + token: { + url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`, + }, + userinfo: { + url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`, + }, + + profile(profile) { + console.log({ profile }) + return { + id: profile.id, + sub: profile.sub, + given_name: profile.given_name, + } + }, +} satisfies OIDCConfig export const config = { - providers: [ - { - id: "curity", - type: "oidc", - name: "Curity", - // FIXME: This is incorrect. We should not hard code this. - // It should be ${env.CURITY_ISSUER_USER}. - // This change requires sync between Curity deploy and CurrentWeb and NewWeb. - issuer: "https://scandichotels.com", - token: { - url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`, - }, - userinfo: { - url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`, - }, - authorization: { - url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`, - params: { - scope: ["openid"], - }, - }, - clientId: env.CURITY_CLIENT_ID_USER, - clientSecret: env.CURITY_CLIENT_SECRET_USER, - - profile(profile: { id: string; sub: string; given_name: string }) { - console.log({ profile }) - return { - id: profile.id, - sub: profile.sub, - given_name: profile.given_name, - } - }, - }, - ], - trustHost: true, + // basePath: "/api/auth", // pages: { // signIn: "/auth/login", // }, - // basePath: "/api/auth", + providers: [customProvider], + redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL, + trustHost: true, + session: { strategy: "jwt", }, diff --git a/env/server.ts b/env/server.ts index 25d0ddfc9..cf2d21066 100644 --- a/env/server.ts +++ b/env/server.ts @@ -8,17 +8,20 @@ export const env = createEnv({ CMS_ACCESS_TOKEN: z.string(), CMS_API_KEY: z.string(), CMS_ENVIRONMENT: z.enum(["development", "production", "staging", "test"]), - CMS_URL: z.string(), - CMS_PREVIEW_URL: z.string(), CMS_PREVIEW_TOKEN: z.string(), - CYPRESS_BASE_URL: z.string().default("http://127.0.0.1:3000"), - NODE_ENV: z.enum(["development", "test", "production"]), - PRINT_QUERY: z.boolean().default(false), - REVALIDATE_SECRET: z.string(), - DESIGN_SYSTEM_ACCESS_TOKEN: z.string(), + CMS_PREVIEW_URL: z.string(), + CMS_URL: z.string(), CURITY_CLIENT_ID_USER: z.string(), CURITY_CLIENT_SECRET_USER: z.string(), CURITY_ISSUER_USER: z.string(), + CYPRESS_BASE_URL: z.string().default("http://127.0.0.1:3000"), + DESIGN_SYSTEM_ACCESS_TOKEN: z.string(), + NEXTAUTH_REDIRECT_PROXY_URL: z.string().optional(), + NEXTAUTH_SECRET: z.string(), + NEXTAUTH_URL: z.string(), + NODE_ENV: z.enum(["development", "test", "production"]), + PRINT_QUERY: z.boolean().default(false), + REVALIDATE_SECRET: z.string(), }, emptyStringAsUndefined: true, runtimeEnv: { @@ -27,16 +30,19 @@ export const env = createEnv({ CMS_ACCESS_TOKEN: process.env.CMS_ACCESS_TOKEN, CMS_API_KEY: process.env.CMS_API_KEY, CMS_ENVIRONMENT: process.env.CMS_ENVIRONMENT, - CMS_URL: process.env.CMS_URL, - CMS_PREVIEW_URL: process.env.CMS_PREVIEW_URL, CMS_PREVIEW_TOKEN: process.env.CMS_PREVIEW_TOKEN, - CYPRESS_BASE_URL: process.env.CYPRESS_TEST_URL, - NODE_ENV: process.env.NODE_ENV, - PRINT_QUERY: process.env.PRINT_QUERY, - REVALIDATE_SECRET: process.env.REVALIDATE_SECRET, - DESIGN_SYSTEM_ACCESS_TOKEN: process.env.DESIGN_SYSTEM_ACCESS_TOKEN, + CMS_PREVIEW_URL: process.env.CMS_PREVIEW_URL, + CMS_URL: process.env.CMS_URL, CURITY_CLIENT_ID_USER: process.env.CURITY_CLIENT_ID_USER, CURITY_CLIENT_SECRET_USER: process.env.CURITY_CLIENT_SECRET_USER, CURITY_ISSUER_USER: process.env.CURITY_ISSUER_USER, + CYPRESS_BASE_URL: process.env.CYPRESS_TEST_URL, + DESIGN_SYSTEM_ACCESS_TOKEN: process.env.DESIGN_SYSTEM_ACCESS_TOKEN, + NEXTAUTH_REDIRECT_PROXY_URL: process.env.NEXTAUTH_REDIRECT_PROXY_URL, + NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET, + NEXTAUTH_URL: process.env.NEXTAUTH_URL, + NODE_ENV: process.env.NODE_ENV, + PRINT_QUERY: process.env.PRINT_QUERY, + REVALIDATE_SECRET: process.env.REVALIDATE_SECRET, }, }) diff --git a/types/auth.d.ts b/types/auth.d.ts new file mode 100644 index 000000000..1b6db41a6 --- /dev/null +++ b/types/auth.d.ts @@ -0,0 +1,29 @@ +import "next-auth" + +// Module augmentation +// https://authjs.dev/getting-started/typescript#popular-interfaces-to-augment +declare module "next-auth" { + /** + * The shape of the user object returned in the OAuth providers' `profile` callback, + * or the second parameter of the `session` callback, when using a database. + */ + interface User { + given_name: string + sub: string + } + /** + * The shape of the account object returned in the OAuth providers' `account` callback, + * Usually contains information about the provider being used, like OAuth tokens (`access_token`, etc). + */ + interface Account {} + + /** + * Returned by `useSession`, `auth`, contains information about the active session. + */ + interface Session {} +} + +declare module "next-auth/jwt" { + /** Returned by the `jwt` callback and `auth`, when using JWT sessions */ + interface JWT {} +}