update keycloak signup / login
This commit is contained in:
@@ -4,6 +4,7 @@ import {
|
||||
AuthError,
|
||||
type EmailOtpType,
|
||||
SupabaseClient,
|
||||
User,
|
||||
} from '@supabase/supabase-js';
|
||||
|
||||
/**
|
||||
@@ -20,7 +21,7 @@ export function createAuthCallbackService(client: SupabaseClient) {
|
||||
* @description Service for handling auth callbacks in Supabase
|
||||
*/
|
||||
class AuthCallbackService {
|
||||
constructor(private readonly client: SupabaseClient) {}
|
||||
constructor(private readonly client: SupabaseClient) { }
|
||||
|
||||
/**
|
||||
* @name verifyTokenHash
|
||||
@@ -128,89 +129,117 @@ class AuthCallbackService {
|
||||
/**
|
||||
* @name exchangeCodeForSession
|
||||
* @description Exchanges the auth code for a session and redirects the user to the next page or an error page
|
||||
* @param request
|
||||
* @param params
|
||||
* @param authCode
|
||||
*/
|
||||
async exchangeCodeForSession(
|
||||
request: Request,
|
||||
params: {
|
||||
joinTeamPath: string;
|
||||
redirectPath: string;
|
||||
errorPath?: string;
|
||||
},
|
||||
): Promise<{
|
||||
nextPath: string;
|
||||
}> {
|
||||
const requestUrl = new URL(request.url);
|
||||
const searchParams = requestUrl.searchParams;
|
||||
async exchangeCodeForSession(authCode: string): Promise<{
|
||||
isSuccess: boolean;
|
||||
user: User;
|
||||
} | ErrorURLParameters> {
|
||||
let user: User;
|
||||
try {
|
||||
const { data, error } =
|
||||
await this.client.auth.exchangeCodeForSession(authCode);
|
||||
|
||||
const authCode = searchParams.get('code');
|
||||
const error = searchParams.get('error');
|
||||
const nextUrlPathFromParams = searchParams.get('next');
|
||||
const inviteToken = searchParams.get('invite_token');
|
||||
const errorPath = params.errorPath ?? '/auth/callback/error';
|
||||
|
||||
let nextUrl = nextUrlPathFromParams ?? params.redirectPath;
|
||||
|
||||
// if we have an invite token, we redirect to the join team page
|
||||
// instead of the default next url. This is because the user is trying
|
||||
// to join a team and we want to make sure they are redirected to the
|
||||
// correct page.
|
||||
if (inviteToken) {
|
||||
const emailParam = searchParams.get('email');
|
||||
|
||||
const urlParams = new URLSearchParams({
|
||||
invite_token: inviteToken,
|
||||
email: emailParam ?? '',
|
||||
});
|
||||
|
||||
nextUrl = `${params.joinTeamPath}?${urlParams.toString()}`;
|
||||
}
|
||||
|
||||
if (authCode) {
|
||||
try {
|
||||
const { error } =
|
||||
await this.client.auth.exchangeCodeForSession(authCode);
|
||||
|
||||
// if we have an error, we redirect to the error page
|
||||
if (error) {
|
||||
return onError({
|
||||
code: error.code,
|
||||
error: error.message,
|
||||
path: errorPath,
|
||||
});
|
||||
}
|
||||
} catch (error) {
|
||||
console.error(
|
||||
{
|
||||
error,
|
||||
name: `auth.callback`,
|
||||
},
|
||||
`An error occurred while exchanging code for session`,
|
||||
);
|
||||
|
||||
const message = error instanceof Error ? error.message : error;
|
||||
|
||||
return onError({
|
||||
code: (error as AuthError)?.code,
|
||||
error: message as string,
|
||||
path: errorPath,
|
||||
// if we have an error, we redirect to the error page
|
||||
if (error) {
|
||||
return getErrorURLParameters({
|
||||
code: error.code,
|
||||
error: error.message,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (error) {
|
||||
return onError({
|
||||
error,
|
||||
path: errorPath,
|
||||
// Handle Keycloak users - set up Medusa integration
|
||||
if (data?.user && this.isKeycloakUser(data.user)) {
|
||||
await this.setupMedusaUserForKeycloak(data.user);
|
||||
}
|
||||
|
||||
user = data.user;
|
||||
} catch (error) {
|
||||
console.error(
|
||||
{
|
||||
error,
|
||||
name: `auth.callback`,
|
||||
},
|
||||
`An error occurred while exchanging code for session`,
|
||||
);
|
||||
|
||||
const message = error instanceof Error ? error.message : error;
|
||||
|
||||
return getErrorURLParameters({
|
||||
code: (error as AuthError)?.code,
|
||||
error: message as string,
|
||||
});
|
||||
}
|
||||
|
||||
return {
|
||||
nextPath: nextUrl,
|
||||
isSuccess: true,
|
||||
user,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user is from Keycloak provider
|
||||
*/
|
||||
private isKeycloakUser(user: any): boolean {
|
||||
return user?.app_metadata?.provider === 'keycloak' ||
|
||||
user?.app_metadata?.providers?.includes('keycloak');
|
||||
}
|
||||
|
||||
private async setupMedusaUserForKeycloak(user: any): Promise<void> {
|
||||
if (!user.email) {
|
||||
console.warn('Keycloak user has no email, skipping Medusa setup');
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
// Check if user already has medusa_account_id
|
||||
const { data: accountData, error: fetchError } = await this.client
|
||||
.schema('medreport')
|
||||
.from('accounts')
|
||||
.select('medusa_account_id, name, last_name')
|
||||
.eq('primary_owner_user_id', user.id)
|
||||
.eq('is_personal_account', true)
|
||||
.single();
|
||||
|
||||
if (fetchError && fetchError.code !== 'PGRST116') {
|
||||
console.error('Error fetching account data for Keycloak user:', fetchError);
|
||||
return;
|
||||
}
|
||||
|
||||
// If user already has Medusa account, we're done
|
||||
if (accountData?.medusa_account_id) {
|
||||
console.log('Keycloak user already has Medusa account:', accountData.medusa_account_id);
|
||||
return;
|
||||
}
|
||||
|
||||
const { medusaLoginOrRegister } = await import('../../features/medusa-storefront/src/lib/data/customer');
|
||||
|
||||
const medusaAccountId = await medusaLoginOrRegister({
|
||||
email: user.email,
|
||||
supabaseUserId: user.id,
|
||||
name: accountData?.name ?? '-',
|
||||
lastName: accountData?.last_name ?? '-',
|
||||
});
|
||||
|
||||
// Update the account with the Medusa account ID
|
||||
const { error: updateError } = await this.client
|
||||
.schema('medreport')
|
||||
.from('accounts')
|
||||
.update({ medusa_account_id: medusaAccountId })
|
||||
.eq('primary_owner_user_id', user.id)
|
||||
.eq('is_personal_account', true);
|
||||
|
||||
if (updateError) {
|
||||
console.error('Error updating account with Medusa ID:', updateError);
|
||||
return;
|
||||
}
|
||||
|
||||
console.log('Successfully set up Medusa account for Keycloak user:', medusaAccountId);
|
||||
} catch (error) {
|
||||
console.error('Error setting up Medusa account for Keycloak user:', error);
|
||||
}
|
||||
}
|
||||
|
||||
private adjustUrlHostForLocalDevelopment(url: URL, host: string | null) {
|
||||
if (this.isLocalhost(url.host) && !this.isLocalhost(host)) {
|
||||
url.host = host as string;
|
||||
@@ -231,15 +260,19 @@ class AuthCallbackService {
|
||||
}
|
||||
}
|
||||
|
||||
function onError({
|
||||
interface ErrorURLParameters {
|
||||
error: string;
|
||||
code?: string;
|
||||
searchParams: string;
|
||||
}
|
||||
|
||||
export function getErrorURLParameters({
|
||||
error,
|
||||
path,
|
||||
code,
|
||||
}: {
|
||||
error: string;
|
||||
path: string;
|
||||
code?: string;
|
||||
}) {
|
||||
}): ErrorURLParameters {
|
||||
const errorMessage = getAuthErrorMessage({ error, code });
|
||||
|
||||
console.error(
|
||||
@@ -255,10 +288,10 @@ function onError({
|
||||
code: code ?? '',
|
||||
});
|
||||
|
||||
const nextPath = `${path}?${searchParams.toString()}`;
|
||||
|
||||
return {
|
||||
nextPath,
|
||||
error: errorMessage,
|
||||
code: code ?? '',
|
||||
searchParams: searchParams.toString(),
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user