diff --git a/.env b/.env index cfe6997..1dc2fda 100644 --- a/.env +++ b/.env @@ -65,3 +65,6 @@ NEXT_PUBLIC_TEAM_NAVIGATION_STYLE=custom NEXT_PUBLIC_USER_NAVIGATION_STYLE=custom NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY= + +# Configure Medusa password secret for Keycloak users +MEDUSA_PASSWORD_SECRET=ODEwMGNiMmUtOGMxYS0xMWYwLWJlZDYtYTM3YzYyMWY0NGEzCg== diff --git a/.env.development b/.env.development index 962cb9d..29f337f 100644 --- a/.env.development +++ b/.env.development @@ -25,14 +25,48 @@ EMAIL_PORT=1025 # or 465 for SSL EMAIL_TLS=false NODE_TLS_REJECT_UNAUTHORIZED=0 +# MEDIPOST + +MEDIPOST_URL=https://meditest.medisoft.ee:7443/Medipost/MedipostServlet +MEDIPOST_USER=trvurgtst +MEDIPOST_PASSWORD=SRB48HZMV +MEDIPOST_RECIPIENT=trvurgtst +MEDIPOST_MESSAGE_SENDER=trvurgtst + +#MEDIPOST_URL=https://medipost2.medisoft.ee:8443/Medipost/MedipostServlet +#MEDIPOST_USER=medreport +#MEDIPOST_PASSWORD= +#MEDIPOST_RECIPIENT=HTI +#MEDIPOST_MESSAGE_SENDER=medreport + # MEDUSA MEDUSA_BACKEND_URL=http://localhost:9000 MEDUSA_BACKEND_PUBLIC_URL=http://localhost:9000 +MEDUSA_SECRET_API_KEY= +NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY= + +MEDUSA_BACKEND_URL=https://backoffice-test.medreport.ee +MEDUSA_BACKEND_PUBLIC_URL=https://backoffice-test.medreport.ee +MEDUSA_SECRET_API_KEY=sk_fdb1808fbabf62979cc46316aa997378ffbb87882883e8f5c3ee47cee39dcac5 +NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_827a2ab863021cb67993f1d81078f81bfce4b4e0da642d8c0f5398ded9d8fd32 # MONTONIO NEXT_PUBLIC_MONTONIO_ACCESS_KEY=7da5d7fa-3383-4997-9435-46aa818f4ead MONTONIO_SECRET_KEY=rNZkzwxOiH93mzkdV53AvhSsbGidrgO2Kl5lE/IT7cvo MONTONIO_API_URL=https://sandbox-stargate.montonio.com +#NEXT_PUBLIC_MONTONIO_ACCESS_KEY=13e3686a-e7ad-41f6-998b-3f7d7de17654 +#MONTONIO_SECRET_KEY= +#MONTONIO_API_URL=https://stargate.montonio.com + # JOBS JOBS_API_TOKEN=73ce073c-6dd4-11f0-8e75-8fee89786197 + +# SUPABASE +NEXT_PUBLIC_SUPABASE_URL=https://klocrucggryikaxzvxgc.supabase.co +NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtsb2NydWNnZ3J5aWtheHp2eGdjIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTY5ODQ2MjgsImV4cCI6MjA3MjU2MDYyOH0.2XOQngowcymiSUZO_XEEWAWzco2uRIjwG7TAeRRLIdU +SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtsb2NydWNnZ3J5aWtheHp2eGdjIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc1Njk4NDYyOCwiZXhwIjoyMDcyNTYwNjI4fQ.1UZR7AqSD9bOy1gtZRGhOCNoESsw2W-DoFDDsNNMwoE + +#NEXT_PUBLIC_SUPABASE_URL=https://oqsdacktkhmbylmzstjq.supabase.co +#NEXT_PUBLIC_SUPABASE_ANON_KEY= +#SUPABASE_SERVICE_ROLE_KEY= diff --git a/app/(marketing)/_components/site-header-account-section.tsx b/app/(marketing)/_components/site-header-account-section.tsx index c4c388f..ff7ad03 100644 --- a/app/(marketing)/_components/site-header-account-section.tsx +++ b/app/(marketing)/_components/site-header-account-section.tsx @@ -13,10 +13,7 @@ import { Button } from '@kit/ui/button'; import { If } from '@kit/ui/if'; import { Trans } from '@kit/ui/trans'; -import { featureFlagsConfig } from '@kit/shared/config'; - -import { pathsConfig } from '@kit/shared/config'; - +import { authConfig, featureFlagsConfig, pathsConfig } from '@kit/shared/config'; const ModeToggle = dynamic(() => import('@kit/ui/mode-toggle').then((mod) => ({ @@ -75,11 +72,13 @@ function AuthButtons() { - + {authConfig.providers.password && ( + + )} ); diff --git a/app/(marketing)/page.tsx b/app/(marketing)/page.tsx index 4f39285..1034428 100644 --- a/app/(marketing)/page.tsx +++ b/app/(marketing)/page.tsx @@ -1,6 +1,7 @@ import Link from 'next/link'; import { MedReportLogo } from '@kit/shared/components/med-report-logo'; +import { pathsConfig } from '@kit/shared/config'; import { ArrowRightIcon } from 'lucide-react'; import { CtaButton, Hero } from '@kit/ui/marketing'; @@ -32,7 +33,7 @@ function MainCallToActionButton() { return (
- + diff --git a/app/auth/callback/route.ts b/app/auth/callback/route.ts index 0786a08..b5ce0c0 100644 --- a/app/auth/callback/route.ts +++ b/app/auth/callback/route.ts @@ -1,19 +1,62 @@ import { redirect } from 'next/navigation'; import type { NextRequest } from 'next/server'; -import { createAuthCallbackService } from '@kit/supabase/auth'; +import { createAuthCallbackService, getErrorURLParameters } from '@kit/supabase/auth'; import { getSupabaseServerClient } from '@kit/supabase/server-client'; import { pathsConfig } from '@kit/shared/config'; +import { createAccountsApi } from '@/packages/features/accounts/src/server/api'; +const ERROR_PATH = '/auth/callback/error'; + +const redirectOnError = (searchParams?: string) => { + return redirect(`${ERROR_PATH}${searchParams ? `?${searchParams}` : ''}`); +} export async function GET(request: NextRequest) { + const { searchParams } = new URL(request.url); + + const error = searchParams.get('error'); + if (error) { + const { searchParams } = getErrorURLParameters({ error }); + return redirectOnError(searchParams); + } + + const authCode = searchParams.get('code'); + if (!authCode) { + return redirectOnError(); + } + + let redirectPath = searchParams.get('next') || pathsConfig.app.home; + // if we have an invite token, we redirect to the join team page + // instead of the default next url. This is because the user is trying + // to join a team and we want to make sure they are redirected to the + // correct page. + const inviteToken = searchParams.get('invite_token'); + if (inviteToken) { + const urlParams = new URLSearchParams({ + invite_token: inviteToken, + email: searchParams.get('email') ?? '', + }); + + redirectPath = `${pathsConfig.app.joinTeam}?${urlParams.toString()}`; + } + const service = createAuthCallbackService(getSupabaseServerClient()); + const oauthResult = await service.exchangeCodeForSession(authCode); + if (!("isSuccess" in oauthResult)) { + return redirectOnError(oauthResult.searchParams); + } - const { nextPath } = await service.exchangeCodeForSession(request, { - joinTeamPath: pathsConfig.app.joinTeam, - redirectPath: pathsConfig.app.home, - }); + const api = createAccountsApi(getSupabaseServerClient()); - return redirect(nextPath); + const account = await api.getPersonalAccountByUserId( + oauthResult.user.id, + ); + + if (!account.email || !account.name || !account.last_name) { + return redirect(pathsConfig.auth.updateAccount); + } + + return redirect(redirectPath); } diff --git a/app/auth/confirm/route.ts b/app/auth/confirm/route.ts index db0ef3f..5586c79 100644 --- a/app/auth/confirm/route.ts +++ b/app/auth/confirm/route.ts @@ -5,7 +5,6 @@ import { getSupabaseServerClient } from '@kit/supabase/server-client'; import { pathsConfig } from '@kit/shared/config'; - export async function GET(request: NextRequest) { const service = createAuthCallbackService(getSupabaseServerClient()); diff --git a/app/auth/sign-in/components/PasswordOption.tsx b/app/auth/sign-in/components/PasswordOption.tsx new file mode 100644 index 0000000..5ef56a4 --- /dev/null +++ b/app/auth/sign-in/components/PasswordOption.tsx @@ -0,0 +1,54 @@ +import Link from 'next/link'; + +import { SignInMethodsContainer } from '@kit/auth/sign-in'; +import { authConfig, pathsConfig } from '@kit/shared/config'; +import { Button } from '@kit/ui/button'; +import { Heading } from '@kit/ui/heading'; +import { Trans } from '@kit/ui/trans'; + +export default function PasswordOption({ + inviteToken, + returnPath, +}: { + inviteToken?: string; + returnPath?: string; +}) { + const signUpPath = + pathsConfig.auth.signUp + + (inviteToken ? `?invite_token=${inviteToken}` : ''); + + const paths = { + callback: pathsConfig.auth.callback, + returnPath: returnPath ?? pathsConfig.app.home, + joinTeam: pathsConfig.app.joinTeam, + updateAccount: pathsConfig.auth.updateAccount, + }; + + return ( + <> +
+ + + + +

+ +

+
+ + + +
+ +
+ + ); +} diff --git a/app/auth/sign-in/components/SignInPageClientRedirect.tsx b/app/auth/sign-in/components/SignInPageClientRedirect.tsx new file mode 100644 index 0000000..2e79df4 --- /dev/null +++ b/app/auth/sign-in/components/SignInPageClientRedirect.tsx @@ -0,0 +1,37 @@ +'use client'; + +import Loading from '@/app/home/loading'; +import { useEffect } from 'react'; +import { getSupabaseBrowserClient } from '@/packages/supabase/src/clients/browser-client'; +import { useRouter } from 'next/navigation'; + +export function SignInPageClientRedirect() { + const router = useRouter(); + + useEffect(() => { + async function signIn() { + const { data, error } = await getSupabaseBrowserClient() + .auth + .signInWithOAuth({ + provider: 'keycloak', + options: { + redirectTo: `${window.location.origin}/auth/callback`, + queryParams: { + prompt: 'login', + }, + } + }); + + if (error) { + console.error('OAuth error', error); + router.push('/'); + } else if (data.url) { + router.push(data.url); + } + } + + signIn(); + }, [router]); + + return ; +} diff --git a/app/auth/sign-in/page.tsx b/app/auth/sign-in/page.tsx index 4a45e7c..a82d4a7 100644 --- a/app/auth/sign-in/page.tsx +++ b/app/auth/sign-in/page.tsx @@ -1,15 +1,9 @@ -import Link from 'next/link'; -import { redirect } from 'next/navigation'; - -import { SignInMethodsContainer } from '@kit/auth/sign-in'; -import { authConfig, pathsConfig } from '@kit/shared/config'; -import { Button } from '@kit/ui/button'; -import { Heading } from '@kit/ui/heading'; -import { Trans } from '@kit/ui/trans'; +import { pathsConfig, authConfig } from '@kit/shared/config'; import { createI18nServerInstance } from '~/lib/i18n/i18n.server'; import { withI18n } from '~/lib/i18n/with-i18n'; -import { getSupabaseServerClient } from '@/packages/supabase/src/clients/server-client'; +import { SignInPageClientRedirect } from './components/SignInPageClientRedirect'; +import PasswordOption from './components/PasswordOption'; interface SignInPageProps { searchParams: Promise<{ @@ -27,62 +21,14 @@ export const generateMetadata = async () => { }; async function SignInPage({ searchParams }: SignInPageProps) { - const { invite_token: inviteToken, next = pathsConfig.app.home } = + const { invite_token: inviteToken, next: returnPath = pathsConfig.app.home } = await searchParams; - const signUpPath = - pathsConfig.auth.signUp + - (inviteToken ? `?invite_token=${inviteToken}` : ''); + if (authConfig.providers.password) { + return ; + } - const paths = { - callback: pathsConfig.auth.callback, - returnPath: next ?? pathsConfig.app.home, - joinTeam: pathsConfig.app.joinTeam, - updateAccount: pathsConfig.auth.updateAccount, - }; - - // const { data, error } = await getSupabaseServerClient() - // .auth - // .signInWithOAuth({ - // provider: 'keycloak', - // }); - - // if (error) { - // console.error('OAuth error', error); - // redirect('/'); - // } - - // if (data.url) { - // redirect(data.url); - // } - - return ( - <> -
- - - - -

- -

-
- - - -
- -
- - ); + return ; } export default withI18n(SignInPage); diff --git a/app/auth/sign-up/page.tsx b/app/auth/sign-up/page.tsx index 5c0a4e2..0394078 100644 --- a/app/auth/sign-up/page.tsx +++ b/app/auth/sign-up/page.tsx @@ -1,4 +1,5 @@ import Link from 'next/link'; +import { redirect } from 'next/navigation'; import { SignUpMethodsContainer } from '@kit/auth/sign-up'; import { authConfig, pathsConfig } from '@kit/shared/config'; @@ -37,6 +38,10 @@ async function SignUpPage({ searchParams }: Props) { pathsConfig.auth.signIn + (inviteToken ? `?invite_token=${inviteToken}` : ''); + if (!authConfig.providers.password) { + return redirect('/'); + } + return ( <>
diff --git a/app/auth/update-account/_components/update-account-form.tsx b/app/auth/update-account/_components/update-account-form.tsx index 58887f0..bdda351 100644 --- a/app/auth/update-account/_components/update-account-form.tsx +++ b/app/auth/update-account/_components/update-account-form.tsx @@ -2,8 +2,6 @@ import Link from 'next/link'; -import { User } from '@supabase/supabase-js'; - import { ExternalLink } from '@/public/assets/external-link'; import { zodResolver } from '@hookform/resolvers/zod'; import { useForm } from 'react-hook-form'; @@ -23,31 +21,52 @@ import { Trans } from '@kit/ui/trans'; import { UpdateAccountSchema } from '../_lib/schemas/update-account.schema'; import { onUpdateAccount } from '../_lib/server/update-account'; +import { z } from 'zod'; -export function UpdateAccountForm({ user }: { user: User }) { +type UpdateAccountFormValues = z.infer; + +export function UpdateAccountForm({ + defaultValues, +}: { + defaultValues: UpdateAccountFormValues, +}) { const form = useForm({ resolver: zodResolver(UpdateAccountSchema), mode: 'onChange', - defaultValues: { - firstName: '', - lastName: '', - personalCode: '', - email: user.email, - phone: '', - city: '', - weight: 0, - height: 0, - userConsent: false, - }, + defaultValues, }); + + const { firstName, lastName, personalCode, email, weight, height, userConsent } = defaultValues; + + const hasFirstName = !!firstName; + const hasLastName = !!lastName; + const hasPersonalCode = !!personalCode; + const hasEmail = !!email; + const hasWeight = !!weight; + const hasHeight = !!height; + const hasUserConsent = !!userConsent; + + const onUpdateAccountOptions = async (values: UpdateAccountFormValues) => + onUpdateAccount({ + ...values, + ...(hasFirstName && { firstName }), + ...(hasLastName && { lastName }), + ...(hasPersonalCode && { personalCode }), + ...(hasEmail && { email }), + ...(hasWeight && { weight: values.weight ?? weight }), + ...(hasHeight && { height: values.height ?? height }), + ...(hasUserConsent && { userConsent: values.userConsent ?? userConsent }), + }); + return (
( @@ -63,6 +82,7 @@ export function UpdateAccountForm({ user }: { user: User }) { ( @@ -78,6 +98,7 @@ export function UpdateAccountForm({ user }: { user: User }) { ( @@ -93,13 +114,14 @@ export function UpdateAccountForm({ user }: { user: User }) { ( - + diff --git a/app/auth/update-account/_lib/schemas/update-account.schema.ts b/app/auth/update-account/_lib/schemas/update-account.schema.ts index e9213b1..a3e4f29 100644 --- a/app/auth/update-account/_lib/schemas/update-account.schema.ts +++ b/app/auth/update-account/_lib/schemas/update-account.schema.ts @@ -1,4 +1,5 @@ import { z } from 'zod'; +import parsePhoneNumber from 'libphonenumber-js/min'; export const UpdateAccountSchema = z.object({ firstName: z @@ -23,7 +24,20 @@ export const UpdateAccountSchema = z.object({ .string({ error: 'Phone number is required', }) - .nonempty(), + .nonempty() + .refine( + (phone) => { + try { + const phoneNumber = parsePhoneNumber(phone); + return !!phoneNumber && phoneNumber.isValid() && phoneNumber.country === 'EE'; + } catch { + return false; + } + }, + { + message: 'common:formFieldError.invalidPhoneNumber', + } + ), city: z.string().optional(), weight: z .number({ diff --git a/app/auth/update-account/_lib/server/update-account.ts b/app/auth/update-account/_lib/server/update-account.ts index e2fcd0f..ff9a80d 100644 --- a/app/auth/update-account/_lib/server/update-account.ts +++ b/app/auth/update-account/_lib/server/update-account.ts @@ -28,11 +28,15 @@ export const onUpdateAccount = enhanceAction( console.warn('On update account error: ', err); } - await updateCustomer({ - first_name: params.firstName, - last_name: params.lastName, - phone: params.phone, - }); + try { + await updateCustomer({ + first_name: params.firstName, + last_name: params.lastName, + phone: params.phone, + }); + } catch (e) { + console.error("Failed to update Medusa customer", e); + } const hasUnseenMembershipConfirmation = await api.hasUnseenMembershipConfirmation(); diff --git a/app/auth/update-account/page.tsx b/app/auth/update-account/page.tsx index 28a6395..fc94740 100644 --- a/app/auth/update-account/page.tsx +++ b/app/auth/update-account/page.tsx @@ -11,18 +11,39 @@ import { Trans } from '@kit/ui/trans'; import { withI18n } from '~/lib/i18n/with-i18n'; import { UpdateAccountForm } from './_components/update-account-form'; +import { loadCurrentUserAccount } from '@/app/home/(user)/_lib/server/load-user-account'; +import { toTitleCase } from '~/lib/utils'; async function UpdateAccount() { const client = getSupabaseServerClient(); + const account = await loadCurrentUserAccount(); const { data: { user }, } = await client.auth.getUser(); + const isKeycloakUser = user?.app_metadata?.provider === 'keycloak'; if (!user) { redirect(pathsConfig.auth.signIn); } + const defaultValues = { + firstName: account?.name ? toTitleCase(account.name) : '', + lastName: account?.last_name ? toTitleCase(account.last_name) : '', + personalCode: account?.personal_code ?? '', + email: (() => { + if (isKeycloakUser) { + return account?.email ?? ''; + } + return account?.email ?? user?.email ?? ''; + })(), + phone: account?.phone ?? '', + city: account?.city ?? '', + weight: account?.accountParams?.weight ?? 0, + height: account?.accountParams?.height ?? 0, + userConsent: account?.has_consent_personal_data ?? false, + }; + return (
@@ -34,7 +55,7 @@ async function UpdateAccount() {

- +
diff --git a/app/home/(user)/(dashboard)/page.tsx b/app/home/(user)/(dashboard)/page.tsx index 7eba847..dc52fc1 100644 --- a/app/home/(user)/(dashboard)/page.tsx +++ b/app/home/(user)/(dashboard)/page.tsx @@ -27,7 +27,7 @@ async function UserHomePage() { const client = getSupabaseServerClient(); const account = await loadCurrentUserAccount(); - const api = await createAccountsApi(client); + const api = createAccountsApi(client); const bmiThresholds = await api.fetchBmiThresholds(); if (!account) { diff --git a/app/home/(user)/_components/dashboard.tsx b/app/home/(user)/_components/dashboard.tsx index 4d6d260..53722d9 100644 --- a/app/home/(user)/_components/dashboard.tsx +++ b/app/home/(user)/_components/dashboard.tsx @@ -84,7 +84,7 @@ const cards = ({ }, { title: 'dashboard:bmi', - description: bmiFromMetric(weight || 0, height || 0).toString(), + description: bmiFromMetric(weight || 0, height || 0)?.toString() ?? '-', icon: , iconBg: getBmiBackgroundColor(bmiStatus), }, diff --git a/app/home/(user)/_lib/server/load-user-account.ts b/app/home/(user)/_lib/server/load-user-account.ts index 471def2..1b324ea 100644 --- a/app/home/(user)/_lib/server/load-user-account.ts +++ b/app/home/(user)/_lib/server/load-user-account.ts @@ -16,14 +16,14 @@ export const loadUserAccount = cache(accountLoader); export async function loadCurrentUserAccount() { const user = await requireUserInServerComponent(); - return user?.identities?.[0]?.id - ? await loadUserAccount(user?.identities?.[0]?.id) + return user?.id + ? await loadUserAccount(user.id) : null; } -async function accountLoader(accountId: string) { +async function accountLoader(userId: string) { const client = getSupabaseServerClient(); const api = createAccountsApi(client); - return api.getAccount(accountId); + return api.getPersonalAccountByUserId(userId); } diff --git a/lib/actions/sign-out.tsx b/lib/actions/sign-out.tsx index a168684..21bf5c0 100644 --- a/lib/actions/sign-out.tsx +++ b/lib/actions/sign-out.tsx @@ -3,9 +3,26 @@ import { redirect } from 'next/navigation'; import { createClient } from '@/utils/supabase/server'; +import { medusaLogout } from '@lib/data/customer'; export const signOutAction = async () => { - const supabase = await createClient(); - await supabase.auth.signOut(); + const client = await createClient(); + + try { + try { + await medusaLogout(); + } catch (medusaError) { + console.warn('Medusa logout failed or not available:', medusaError); + } + + const { error } = await client.auth.signOut(); + if (error) { + throw error; + } + } catch (error) { + console.error('Logout error:', error); + throw error; + } + return redirect('/'); }; diff --git a/lib/utils.ts b/lib/utils.ts index 3448c2b..36307b7 100644 --- a/lib/utils.ts +++ b/lib/utils.ts @@ -15,11 +15,12 @@ export function toArray(input?: T | T[] | null): T[] { } export function toTitleCase(str?: string) { - if (!str) return ''; - return str.replace( - /\w\S*/g, - (text: string) => - text.charAt(0).toUpperCase() + text.substring(1).toLowerCase(), + return ( + str + ?.toLowerCase() + .replace(/[^-'’\s]+/g, (match) => + match.replace(/^./, (first) => first.toUpperCase()), + ) ?? "" ); } @@ -40,8 +41,12 @@ export function sortByDate( export const bmiFromMetric = (kg: number, cm: number) => { const m = cm / 100; - const bmi = kg / (m * m); - return bmi ? Math.round(bmi) : NaN; + const m2 = m * m; + if (m2 === 0) { + return null; + } + const bmi = kg / m2; + return !Number.isNaN(bmi) ? Math.round(bmi) : null; }; export function getBmiStatus( @@ -58,7 +63,9 @@ export function getBmiStatus( ) || null; const bmi = bmiFromMetric(params.weight, params.height); - if (!thresholdByAge || Number.isNaN(bmi)) return null; + if (!thresholdByAge || bmi === null) { + return null; + } if (bmi > thresholdByAge.obesity_min) return BmiCategory.OBESE; if (bmi > thresholdByAge.strong_min) return BmiCategory.VERY_OVERWEIGHT; diff --git a/package.json b/package.json index e449db7..18d2a21 100644 --- a/package.json +++ b/package.json @@ -69,6 +69,7 @@ "fast-xml-parser": "^5.2.5", "isikukood": "3.1.7", "jsonwebtoken": "9.0.2", + "libphonenumber-js": "^1.12.15", "lodash": "^4.17.21", "lucide-react": "^0.510.0", "next": "15.3.2", diff --git a/packages/features/accounts/src/components/personal-account-dropdown.tsx b/packages/features/accounts/src/components/personal-account-dropdown.tsx index 2a77099..b88eea9 100644 --- a/packages/features/accounts/src/components/personal-account-dropdown.tsx +++ b/packages/features/accounts/src/components/personal-account-dropdown.tsx @@ -79,15 +79,9 @@ export function PersonalAccountDropdown({ }) { const { data: personalAccountData } = usePersonalAccountData(user.id); - const signedInAsLabel = useMemo(() => { - const email = user?.email ?? undefined; - const phone = user?.phone ?? undefined; - - return email ?? phone; - }, [user]); - - const displayName = - personalAccountData?.name ?? account?.name ?? user?.email ?? ''; + const { name, last_name } = personalAccountData ?? {}; + const firstNameLabel = toTitleCase(name) ?? '-'; + const fullNameLabel = name && last_name ? toTitleCase(`${name} ${last_name}`) : '-'; const hasTotpFactor = useMemo(() => { const factors = user?.factors ?? []; @@ -128,7 +122,7 @@ export function PersonalAccountDropdown({ @@ -142,7 +136,7 @@ export function PersonalAccountDropdown({ data-test={'account-dropdown-display-name'} className={'truncate text-sm'} > - {toTitleCase(displayName)} + {firstNameLabel}
@@ -164,7 +158,7 @@ export function PersonalAccountDropdown({
- {signedInAsLabel} + {fullNameLabel}
diff --git a/packages/features/accounts/src/server/api.ts b/packages/features/accounts/src/server/api.ts index 4c9e467..f28a490 100644 --- a/packages/features/accounts/src/server/api.ts +++ b/packages/features/accounts/src/server/api.ts @@ -48,6 +48,41 @@ class AccountsApi { return data; } + /** + * @name getPersonalAccountByUserId + * @description Get the personal account data for the given user ID. + * @param userId + */ + async getPersonalAccountByUserId(userId: string): Promise { + const { data, error } = await this.client + .schema('medreport') + .from('accounts') + .select( + '*, accountParams: account_params (weight, height, isSmoker:is_smoker)', + ) + .eq('primary_owner_user_id', userId) + .eq('is_personal_account', true) + .single(); + + if (error) { + throw error; + } + + const { personal_code, ...rest } = data; + return { + ...rest, + personal_code: (() => { + if (!personal_code) { + return null; + } + if (personal_code.toLowerCase().startsWith('ee')) { + return personal_code.substring(2); + } + return personal_code; + })(), + }; + } + /** * @name getAccountWorkspace * @description Get the account workspace data. diff --git a/packages/features/auth/src/components/oauth-providers.tsx b/packages/features/auth/src/components/oauth-providers.tsx index db41aa5..11dcc94 100644 --- a/packages/features/auth/src/components/oauth-providers.tsx +++ b/packages/features/auth/src/components/oauth-providers.tsx @@ -25,8 +25,8 @@ import { AuthProviderButton } from './auth-provider-button'; * @see https://supabase.com/docs/guides/auth/social-login */ const OAUTH_SCOPES: Partial> = { - azure: 'email', - keycloak: 'openid', + // azure: 'email', + // keycloak: 'openid', // add your OAuth providers here }; @@ -88,10 +88,12 @@ export const OauthProviders: React.FC<{ queryParams.set('invite_token', props.inviteToken); } - const redirectPath = [ - props.paths.callback, - queryParams.toString(), - ].join('?'); + // signicat/keycloak will not allow redirect-uri with changing query params + const INCLUDE_QUERY_PARAMS = false as boolean; + + const redirectPath = INCLUDE_QUERY_PARAMS + ? [props.paths.callback, queryParams.toString()].join('?') + : props.paths.callback; const redirectTo = [origin, redirectPath].join(''); const scopes = OAUTH_SCOPES[provider] ?? undefined; @@ -102,7 +104,7 @@ export const OauthProviders: React.FC<{ redirectTo, queryParams: props.queryParams, scopes, - skipBrowserRedirect: false, + // skipBrowserRedirect: false, }, } satisfies SignInWithOAuthCredentials; diff --git a/packages/features/auth/src/components/sign-in-methods-container.tsx b/packages/features/auth/src/components/sign-in-methods-container.tsx index 83bda02..344c040 100644 --- a/packages/features/auth/src/components/sign-in-methods-container.tsx +++ b/packages/features/auth/src/components/sign-in-methods-container.tsx @@ -108,6 +108,9 @@ export function SignInMethodsContainer(props: { callback: props.paths.callback, returnPath: props.paths.returnPath, }} + queryParams={{ + prompt: 'login', + }} /> diff --git a/packages/features/auth/src/components/sign-up-methods-container.tsx b/packages/features/auth/src/components/sign-up-methods-container.tsx index c10054d..aadbfb5 100644 --- a/packages/features/auth/src/components/sign-up-methods-container.tsx +++ b/packages/features/auth/src/components/sign-up-methods-container.tsx @@ -44,7 +44,7 @@ export function SignUpMethodsContainer(props: { emailRedirectTo={props.paths.callback} defaultValues={defaultValues} displayTermsCheckbox={props.displayTermsCheckbox} - onSignUp={() => redirect(redirectUrl)} + //onSignUp={() => redirect(redirectUrl)} /> @@ -79,6 +79,9 @@ export function SignUpMethodsContainer(props: { callback: props.paths.callback, returnPath: props.paths.appHome, }} + queryParams={{ + prompt: 'login', + }} /> diff --git a/packages/features/medusa-storefront/src/lib/data/customer.ts b/packages/features/medusa-storefront/src/lib/data/customer.ts index 3b45071..a33a33a 100644 --- a/packages/features/medusa-storefront/src/lib/data/customer.ts +++ b/packages/features/medusa-storefront/src/lib/data/customer.ts @@ -4,7 +4,6 @@ import { sdk } from "@lib/config" import medusaError from "@lib/util/medusa-error" import { HttpTypes } from "@medusajs/types" import { revalidateTag } from "next/cache" -import { redirect } from "next/navigation" import { getAuthHeaders, getCacheOptions, @@ -127,7 +126,7 @@ export async function login(_currentState: unknown, formData: FormData) { } } -export async function signout(countryCode: string) { +export async function medusaLogout(countryCode = 'ee') { await sdk.auth.logout() await removeAuthToken() @@ -139,8 +138,6 @@ export async function signout(countryCode: string) { const cartCacheTag = await getCacheTag("carts") revalidateTag(cartCacheTag) - - redirect(`/${countryCode}/account`) } export async function transferCart() { @@ -260,72 +257,110 @@ export const updateCustomerAddress = async ( }) } -export async function medusaLoginOrRegister(credentials: { - email: string - password?: string -}) { - const { email, password } = credentials; +async function medusaLogin(email: string, password: string) { + const token = await sdk.auth.login("customer", "emailpass", { email, password }); + await setAuthToken(token as string); try { - const token = await sdk.auth.login("customer", "emailpass", { - email, - password, + await transferCart(); + } catch (e) { + console.error("Failed to transfer cart", e); + } + + const customer = await retrieveCustomer(); + if (!customer) { + throw new Error("Customer not found for active session"); + } + + return customer.id; +} + +async function medusaRegister({ + email, + password, + name, + lastName, +}: { + email: string; + password: string; + name: string | undefined; + lastName: string | undefined; +}) { + console.info(`Creating new Medusa account for Keycloak user with email=${email}`); + + const registerToken = await sdk.auth.register("customer", "emailpass", { email, password }); + await setAuthToken(registerToken); + + console.info(`Creating new Medusa customer profile for Keycloak user with email=${email} and name=${name} and lastName=${lastName}`); + await sdk.store.customer.create( + { email, first_name: name, last_name: lastName }, + {}, + { + ...(await getAuthHeaders()), }); - await setAuthToken(token as string); +} - try { - await transferCart(); - } catch (e) { - console.error("Failed to transfer cart", e); +export async function medusaLoginOrRegister(credentials: { + email: string + supabaseUserId?: string + name?: string, + lastName?: string, +} & ({ isDevPasswordLogin: true; password: string } | { isDevPasswordLogin?: false; password?: undefined })) { + const { email, supabaseUserId, name, lastName } = credentials; + + + const password = await (async () => { + if (credentials.isDevPasswordLogin) { + return credentials.password; } - const customerCacheTag = await getCacheTag("customers"); - revalidateTag(customerCacheTag); + return generateDeterministicPassword(email, supabaseUserId); + })(); + + try { + return await medusaLogin(email, password); + } catch (loginError) { + console.error("Failed to login customer, attempting to register", loginError); - const customer = await retrieveCustomer(); - if (!customer) { - throw new Error("Customer not found"); - } - return customer.id; - } catch (error) { - console.error("Failed to login customer, attempting to register", error); try { - const registerToken = await sdk.auth.register("customer", "emailpass", { - email: email, - password: password, - }) - - await setAuthToken(registerToken as string); - - const headers = { - ...(await getAuthHeaders()), - }; - - await sdk.store.customer.create({ email }, {}, headers); - - const loginToken = await sdk.auth.login("customer", "emailpass", { - email, - password, - }); - - await setAuthToken(loginToken as string); - - const customerCacheTag = await getCacheTag("customers"); - revalidateTag(customerCacheTag); - - try { - await transferCart(); - } catch (e) { - console.error("Failed to transfer cart", e); - } - - const customer = await retrieveCustomer(); - if (!customer) { - throw new Error("Customer not found"); - } - return customer.id; + await medusaRegister({ email, password, name, lastName }); + return await medusaLogin(email, password); } catch (registerError) { + console.error("Failed to create Medusa account for user with email=${email}", registerError); throw medusaError(registerError); } } } + +/** + * Generate a deterministic password based on user identifier + * This ensures the same user always gets the same password for Medusa + */ +async function generateDeterministicPassword(email: string, userId?: string): Promise { + // Use the user ID or email as the base for deterministic generation + const baseString = userId || email; + const secret = process.env.MEDUSA_PASSWORD_SECRET!; + + // Create a deterministic password using HMAC + const encoder = new TextEncoder(); + const keyData = encoder.encode(secret); + const messageData = encoder.encode(baseString); + + // Import key for HMAC + const key = await crypto.subtle.importKey( + 'raw', + keyData, + { name: 'HMAC', hash: 'SHA-256' }, + false, + ['sign'] + ); + // Generate HMAC + const signature = await crypto.subtle.sign('HMAC', key, messageData); + // Convert to base64 and make it a valid password + const hashArray = Array.from(new Uint8Array(signature)); + const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); + // Take first 24 characters and add some complexity + const basePassword = hashHex.substring(0, 24); + // Add some required complexity for Medusa (uppercase, lowercase, numbers, symbols) + return `Mk${basePassword}9!`; +} diff --git a/packages/features/medusa-storefront/src/modules/account/components/account-nav/index.tsx b/packages/features/medusa-storefront/src/modules/account/components/account-nav/index.tsx index 61dd0c2..338dd22 100644 --- a/packages/features/medusa-storefront/src/modules/account/components/account-nav/index.tsx +++ b/packages/features/medusa-storefront/src/modules/account/components/account-nav/index.tsx @@ -10,7 +10,7 @@ import MapPin from "@modules/common/icons/map-pin" import Package from "@modules/common/icons/package" import LocalizedClientLink from "@modules/common/components/localized-client-link" import { HttpTypes } from "@medusajs/types" -import { signout } from "@lib/data/customer" +import { medusaLogout } from "@lib/data/customer" const AccountNav = ({ customer, @@ -21,7 +21,7 @@ const AccountNav = ({ const { countryCode } = useParams() as { countryCode: string } const handleLogout = async () => { - await signout(countryCode) + await medusaLogout(countryCode) } return ( diff --git a/packages/shared/src/components/personal-account-dropdown-container.tsx b/packages/shared/src/components/personal-account-dropdown-container.tsx index 638ff96..c448936 100644 --- a/packages/shared/src/components/personal-account-dropdown-container.tsx +++ b/packages/shared/src/components/personal-account-dropdown-container.tsx @@ -5,8 +5,8 @@ import type { User } from '@supabase/supabase-js'; import { PersonalAccountDropdown } from '@kit/accounts/personal-account-dropdown'; import { ApplicationRole } from '@kit/accounts/types/accounts'; import { featureFlagsConfig, pathsConfig } from '@kit/shared/config'; -import { useSignOut } from '@kit/supabase/hooks/use-sign-out'; import { useUser } from '@kit/supabase/hooks/use-user'; +import { useSignOut } from '@kit/supabase/hooks/use-sign-out'; const paths = { home: pathsConfig.app.home, diff --git a/packages/supabase/src/auth-callback.service.ts b/packages/supabase/src/auth-callback.service.ts index 1190bc2..c1d8126 100644 --- a/packages/supabase/src/auth-callback.service.ts +++ b/packages/supabase/src/auth-callback.service.ts @@ -4,6 +4,7 @@ import { AuthError, type EmailOtpType, SupabaseClient, + User, } from '@supabase/supabase-js'; /** @@ -20,7 +21,7 @@ export function createAuthCallbackService(client: SupabaseClient) { * @description Service for handling auth callbacks in Supabase */ class AuthCallbackService { - constructor(private readonly client: SupabaseClient) {} + constructor(private readonly client: SupabaseClient) { } /** * @name verifyTokenHash @@ -128,89 +129,117 @@ class AuthCallbackService { /** * @name exchangeCodeForSession * @description Exchanges the auth code for a session and redirects the user to the next page or an error page - * @param request - * @param params + * @param authCode */ - async exchangeCodeForSession( - request: Request, - params: { - joinTeamPath: string; - redirectPath: string; - errorPath?: string; - }, - ): Promise<{ - nextPath: string; - }> { - const requestUrl = new URL(request.url); - const searchParams = requestUrl.searchParams; + async exchangeCodeForSession(authCode: string): Promise<{ + isSuccess: boolean; + user: User; + } | ErrorURLParameters> { + let user: User; + try { + const { data, error } = + await this.client.auth.exchangeCodeForSession(authCode); - const authCode = searchParams.get('code'); - const error = searchParams.get('error'); - const nextUrlPathFromParams = searchParams.get('next'); - const inviteToken = searchParams.get('invite_token'); - const errorPath = params.errorPath ?? '/auth/callback/error'; - - let nextUrl = nextUrlPathFromParams ?? params.redirectPath; - - // if we have an invite token, we redirect to the join team page - // instead of the default next url. This is because the user is trying - // to join a team and we want to make sure they are redirected to the - // correct page. - if (inviteToken) { - const emailParam = searchParams.get('email'); - - const urlParams = new URLSearchParams({ - invite_token: inviteToken, - email: emailParam ?? '', - }); - - nextUrl = `${params.joinTeamPath}?${urlParams.toString()}`; - } - - if (authCode) { - try { - const { error } = - await this.client.auth.exchangeCodeForSession(authCode); - - // if we have an error, we redirect to the error page - if (error) { - return onError({ - code: error.code, - error: error.message, - path: errorPath, - }); - } - } catch (error) { - console.error( - { - error, - name: `auth.callback`, - }, - `An error occurred while exchanging code for session`, - ); - - const message = error instanceof Error ? error.message : error; - - return onError({ - code: (error as AuthError)?.code, - error: message as string, - path: errorPath, + // if we have an error, we redirect to the error page + if (error) { + return getErrorURLParameters({ + code: error.code, + error: error.message, }); } - } - if (error) { - return onError({ - error, - path: errorPath, + // Handle Keycloak users - set up Medusa integration + if (data?.user && this.isKeycloakUser(data.user)) { + await this.setupMedusaUserForKeycloak(data.user); + } + + user = data.user; + } catch (error) { + console.error( + { + error, + name: `auth.callback`, + }, + `An error occurred while exchanging code for session`, + ); + + const message = error instanceof Error ? error.message : error; + + return getErrorURLParameters({ + code: (error as AuthError)?.code, + error: message as string, }); } return { - nextPath: nextUrl, + isSuccess: true, + user, }; } + /** + * Check if user is from Keycloak provider + */ + private isKeycloakUser(user: any): boolean { + return user?.app_metadata?.provider === 'keycloak' || + user?.app_metadata?.providers?.includes('keycloak'); + } + + private async setupMedusaUserForKeycloak(user: any): Promise { + if (!user.email) { + console.warn('Keycloak user has no email, skipping Medusa setup'); + return; + } + + try { + // Check if user already has medusa_account_id + const { data: accountData, error: fetchError } = await this.client + .schema('medreport') + .from('accounts') + .select('medusa_account_id, name, last_name') + .eq('primary_owner_user_id', user.id) + .eq('is_personal_account', true) + .single(); + + if (fetchError && fetchError.code !== 'PGRST116') { + console.error('Error fetching account data for Keycloak user:', fetchError); + return; + } + + // If user already has Medusa account, we're done + if (accountData?.medusa_account_id) { + console.log('Keycloak user already has Medusa account:', accountData.medusa_account_id); + return; + } + + const { medusaLoginOrRegister } = await import('../../features/medusa-storefront/src/lib/data/customer'); + + const medusaAccountId = await medusaLoginOrRegister({ + email: user.email, + supabaseUserId: user.id, + name: accountData?.name ?? '-', + lastName: accountData?.last_name ?? '-', + }); + + // Update the account with the Medusa account ID + const { error: updateError } = await this.client + .schema('medreport') + .from('accounts') + .update({ medusa_account_id: medusaAccountId }) + .eq('primary_owner_user_id', user.id) + .eq('is_personal_account', true); + + if (updateError) { + console.error('Error updating account with Medusa ID:', updateError); + return; + } + + console.log('Successfully set up Medusa account for Keycloak user:', medusaAccountId); + } catch (error) { + console.error('Error setting up Medusa account for Keycloak user:', error); + } + } + private adjustUrlHostForLocalDevelopment(url: URL, host: string | null) { if (this.isLocalhost(url.host) && !this.isLocalhost(host)) { url.host = host as string; @@ -231,15 +260,19 @@ class AuthCallbackService { } } -function onError({ +interface ErrorURLParameters { + error: string; + code?: string; + searchParams: string; +} + +export function getErrorURLParameters({ error, - path, code, }: { error: string; - path: string; code?: string; -}) { +}): ErrorURLParameters { const errorMessage = getAuthErrorMessage({ error, code }); console.error( @@ -255,10 +288,10 @@ function onError({ code: code ?? '', }); - const nextPath = `${path}?${searchParams.toString()}`; - return { - nextPath, + error: errorMessage, + code: code ?? '', + searchParams: searchParams.toString(), }; } diff --git a/packages/supabase/src/hooks/use-sign-in-with-email-password.ts b/packages/supabase/src/hooks/use-sign-in-with-email-password.ts index 6ed91c9..549bc1b 100644 --- a/packages/supabase/src/hooks/use-sign-in-with-email-password.ts +++ b/packages/supabase/src/hooks/use-sign-in-with-email-password.ts @@ -28,6 +28,7 @@ export function useSignInWithEmailPassword() { const medusaAccountId = await medusaLoginOrRegister({ email: credentials.email, password: credentials.password, + isDevPasswordLogin: true, }); await client .schema('medreport').from('accounts') diff --git a/packages/supabase/src/hooks/use-sign-in-with-provider.ts b/packages/supabase/src/hooks/use-sign-in-with-provider.ts index d68700b..7361549 100644 --- a/packages/supabase/src/hooks/use-sign-in-with-provider.ts +++ b/packages/supabase/src/hooks/use-sign-in-with-provider.ts @@ -9,7 +9,13 @@ export function useSignInWithProvider() { const mutationKey = ['auth', 'sign-in-with-provider']; const mutationFn = async (credentials: SignInWithOAuthCredentials) => { - const response = await client.auth.signInWithOAuth(credentials); + const response = await client.auth.signInWithOAuth({ + ...credentials, + options: { + ...credentials.options, + redirectTo: `${window.location.origin}/auth/callback`, + }, + }); if (response.error) { throw response.error.message; diff --git a/packages/supabase/src/hooks/use-sign-out.ts b/packages/supabase/src/hooks/use-sign-out.ts index c827713..c354cee 100644 --- a/packages/supabase/src/hooks/use-sign-out.ts +++ b/packages/supabase/src/hooks/use-sign-out.ts @@ -6,8 +6,23 @@ export function useSignOut() { const client = useSupabase(); return useMutation({ - mutationFn: () => { - return client.auth.signOut(); + mutationFn: async () => { + try { + try { + const { medusaLogout } = await import('../../../features/medusa-storefront/src/lib/data/customer'); + await medusaLogout(); + } catch (medusaError) { + console.warn('Medusa logout failed or not available:', medusaError); + } + + const { error } = await client.auth.signOut(); + if (error) { + throw error; + } + } catch (error) { + console.error('Logout error:', error); + throw error; + } }, }); } diff --git a/packages/supabase/src/hooks/use-sign-up-with-email-password.ts b/packages/supabase/src/hooks/use-sign-up-with-email-password.ts index f6dc21f..59a864c 100644 --- a/packages/supabase/src/hooks/use-sign-up-with-email-password.ts +++ b/packages/supabase/src/hooks/use-sign-up-with-email-password.ts @@ -43,6 +43,7 @@ export function useSignUpWithEmailAndPassword() { const medusaAccountId = await medusaLoginOrRegister({ email: credentials.email, password: credentials.password, + isDevPasswordLogin: true, }); await client .schema('medreport').from('accounts') diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c7b691e..b4634f0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -128,6 +128,9 @@ importers: jsonwebtoken: specifier: 9.0.2 version: 9.0.2 + libphonenumber-js: + specifier: ^1.12.15 + version: 1.12.15 lodash: specifier: ^4.17.21 version: 4.17.21 @@ -475,10 +478,10 @@ importers: dependencies: '@keystatic/core': specifier: 0.5.47 - version: 0.5.47(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + version: 0.5.47(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) '@keystatic/next': specifier: ^5.0.4 - version: 5.0.4(@keystatic/core@0.5.47(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + version: 5.0.4(@keystatic/core@0.5.47(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) '@markdoc/markdoc': specifier: ^0.5.1 version: 0.5.4(@types/react@19.1.4)(react@19.1.0) @@ -1269,7 +1272,7 @@ importers: dependencies: '@sentry/nextjs': specifier: ^9.19.0 - version: 9.46.0(@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.0))(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react@19.1.0)(webpack@5.101.3) + version: 9.46.0(@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.0))(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react@19.1.0)(webpack@5.101.3) import-in-the-middle: specifier: 1.13.2 version: 1.13.2 @@ -8174,6 +8177,9 @@ packages: engines: {node: '>=16'} hasBin: true + libphonenumber-js@1.12.15: + resolution: {integrity: sha512-TMDCtIhWUDHh91wRC+wFuGlIzKdPzaTUHHVrIZ3vPUEoNaXFLrsIQ1ZpAeZeXApIF6rvDksMTvjrIQlLKaYxqQ==} + lightningcss-darwin-arm64@1.30.1: resolution: {integrity: sha512-c8JK7hyE65X1MHMN+Viq9n11RRC7hgin3HhYKhrMyaXflk5GVplZ60IxyoVtzILeKr+xAJwg6zK6sjTBJ0FKYQ==} engines: {node: '>= 12.0.0'} @@ -11455,7 +11461,7 @@ snapshots: '@juggle/resize-observer@3.4.0': {} - '@keystar/ui@0.7.19(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)': + '@keystar/ui@0.7.19(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)': dependencies: '@babel/runtime': 7.27.6 '@emotion/css': 11.13.5 @@ -11548,18 +11554,18 @@ snapshots: react: 19.1.0 react-dom: 19.1.0(react@19.1.0) optionalDependencies: - next: 15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + next: 15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) transitivePeerDependencies: - supports-color - '@keystatic/core@0.5.47(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)': + '@keystatic/core@0.5.47(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)': dependencies: '@babel/runtime': 7.27.6 '@braintree/sanitize-url': 6.0.4 '@emotion/weak-memoize': 0.3.1 '@floating-ui/react': 0.24.8(react-dom@19.1.0(react@19.1.0))(react@19.1.0) '@internationalized/string': 3.2.7 - '@keystar/ui': 0.7.19(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + '@keystar/ui': 0.7.19(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) '@markdoc/markdoc': 0.4.0(@types/react@19.1.4)(react@19.1.0) '@react-aria/focus': 3.20.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0) '@react-aria/i18n': 3.12.10(react-dom@19.1.0(react@19.1.0))(react@19.1.0) @@ -11630,13 +11636,13 @@ snapshots: - next - supports-color - '@keystatic/next@5.0.4(@keystatic/core@0.5.47(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)': + '@keystatic/next@5.0.4(@keystatic/core@0.5.47(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)': dependencies: '@babel/runtime': 7.27.6 - '@keystatic/core': 0.5.47(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + '@keystatic/core': 0.5.47(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) '@types/react': 19.1.4 chokidar: 3.6.0 - next: 15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + next: 15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) react: 19.1.0 react-dom: 19.1.0(react@19.1.0) server-only: 0.0.1 @@ -17230,7 +17236,7 @@ snapshots: '@sentry/core@9.46.0': {} - '@sentry/nextjs@9.46.0(@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.0))(next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react@19.1.0)(webpack@5.101.3)': + '@sentry/nextjs@9.46.0(@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.0))(next@15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react@19.1.0)(webpack@5.101.3)': dependencies: '@opentelemetry/api': 1.9.0 '@opentelemetry/semantic-conventions': 1.34.0 @@ -17243,7 +17249,7 @@ snapshots: '@sentry/vercel-edge': 9.46.0(@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.0)) '@sentry/webpack-plugin': 3.5.0(webpack@5.101.3) chalk: 3.0.0 - next: 15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + next: 15.3.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) resolve: 1.22.8 rollup: 4.35.0 stacktrace-parser: 0.1.11 @@ -20630,6 +20636,8 @@ snapshots: dependencies: isomorphic.js: 0.2.5 + libphonenumber-js@1.12.15: {} + lightningcss-darwin-arm64@1.30.1: optional: true @@ -21265,31 +21273,6 @@ snapshots: - '@babel/core' - babel-plugin-macros - next@15.5.2(@babel/core@7.28.3)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@19.1.0-rc.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0): - dependencies: - '@next/env': 15.5.2 - '@swc/helpers': 0.5.15 - caniuse-lite: 1.0.30001723 - postcss: 8.4.31 - react: 19.1.0 - react-dom: 19.1.0(react@19.1.0) - styled-jsx: 5.1.6(@babel/core@7.28.3)(babel-plugin-macros@3.1.0)(react@19.1.0) - optionalDependencies: - '@next/swc-darwin-arm64': 15.5.2 - '@next/swc-darwin-x64': 15.5.2 - '@next/swc-linux-arm64-gnu': 15.5.2 - '@next/swc-linux-arm64-musl': 15.5.2 - '@next/swc-linux-x64-gnu': 15.5.2 - '@next/swc-linux-x64-musl': 15.5.2 - '@next/swc-win32-arm64-msvc': 15.5.2 - '@next/swc-win32-x64-msvc': 15.5.2 - '@opentelemetry/api': 1.9.0 - babel-plugin-react-compiler: 19.1.0-rc.2 - sharp: 0.34.3 - transitivePeerDependencies: - - '@babel/core' - - babel-plugin-macros - no-case@3.0.4: dependencies: lower-case: 2.0.2 diff --git a/public/locales/en/common.json b/public/locales/en/common.json index ed8d175..b26211f 100644 --- a/public/locales/en/common.json +++ b/public/locales/en/common.json @@ -128,6 +128,9 @@ "amount": "Amount", "selectDate": "Select date" }, + "formFieldError": { + "invalidPhoneNumber": "Please enter a valid Estonian phone number (must include country code +372)" + }, "wallet": { "balance": "Your MedReport account balance", "expiredAt": "Valid until {{expiredAt}}" diff --git a/public/locales/et/common.json b/public/locales/et/common.json index 3a8f55c..792cc3a 100644 --- a/public/locales/et/common.json +++ b/public/locales/et/common.json @@ -128,6 +128,9 @@ "amount": "Summa", "selectDate": "Vali kuupäev" }, + "formFieldError": { + "invalidPhoneNumber": "Palun sisesta Eesti telefoninumber (peab sisaldama riigikoodi +372)" + }, "wallet": { "balance": "Sinu MedReporti konto saldo", "expiredAt": "Kehtiv kuni {{expiredAt}}" diff --git a/supabase/migrations/20250907000001_fix_keycloak_user_creation.sql b/supabase/migrations/20250907000001_fix_keycloak_user_creation.sql new file mode 100644 index 0000000..ccc7834 --- /dev/null +++ b/supabase/migrations/20250907000001_fix_keycloak_user_creation.sql @@ -0,0 +1,94 @@ +-- Update the user creation trigger to properly handle Keycloak user metadata +CREATE OR REPLACE FUNCTION kit.setup_new_user() +RETURNS trigger +LANGUAGE plpgsql +SECURITY DEFINER +SET search_path TO '' +AS $$ +DECLARE + user_name text; + picture_url text; + personal_code text; + full_name text; + given_name text; + family_name text; + preferred_username text; +BEGIN + -- Extract data from Keycloak user metadata + -- Check raw_user_meta_data first (this is where Keycloak data is stored) + IF new.raw_user_meta_data IS NOT NULL THEN + -- Try full_name first, then name field + full_name := new.raw_user_meta_data ->> 'full_name'; + IF full_name IS NULL THEN + full_name := new.raw_user_meta_data ->> 'name'; + END IF; + + -- Extract individual name components + given_name := new.raw_user_meta_data -> 'custom_claims' ->> 'given_name'; + family_name := new.raw_user_meta_data -> 'custom_claims' ->> 'family_name'; + preferred_username := new.raw_user_meta_data -> 'custom_claims' ->> 'preferred_username'; + + -- Use given_name (first name) for the name field + IF given_name IS NOT NULL THEN + user_name := given_name; + ELSIF full_name IS NOT NULL THEN + user_name := full_name; + ELSIF preferred_username IS NOT NULL THEN + user_name := preferred_username; + END IF; + + -- Extract personal code from preferred_username (Keycloak provides Estonian personal codes here) + IF preferred_username IS NOT NULL THEN + personal_code := preferred_username; + END IF; + + -- Also try personalCode field as fallback + IF personal_code IS NULL THEN + personal_code := new.raw_user_meta_data ->> 'personalCode'; + END IF; + END IF; + + -- Fall back to email if no name found + IF user_name IS NULL AND new.email IS NOT NULL THEN + user_name := split_part(new.email, '@', 1); + END IF; + + -- Default empty string if still no name + IF user_name IS NULL THEN + user_name := ''; + END IF; + + -- Extract picture URL + IF new.raw_user_meta_data ->> 'avatar_url' IS NOT NULL THEN + picture_url := new.raw_user_meta_data ->> 'avatar_url'; + ELSE + picture_url := null; + END IF; + + -- Insert into medreport.accounts + INSERT INTO medreport.accounts ( + id, + primary_owner_user_id, + name, + last_name, + is_personal_account, + picture_url, + email, + personal_code, + application_role + ) + VALUES ( + new.id, + new.id, + user_name, + family_name, + true, + picture_url, + NULL, -- Keycloak email !== customer personal email, they will set this later + personal_code, + 'user' -- Default role for new users + ); + + RETURN new; +END; +$$;