ENH: make keycloak configurable

55f9c761 · Timm Fitschen · dfb0dac4 · 55f9c761 · 55f9c761 · 55f9c761
Verified Commit 55f9c761 authored 4 months ago by Timm Fitschen
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,19 +23,26 @@ COPY --from=deps /app/refine/node_modules ./node_modules
 COPY . .


-ENV PORT 3000
+ENV PORT 8000
 ARG NEXT_PUBLIC_API_URL
 ARG KEY_CLOAK_CLIENT_SECRET
+ARG KEY_CLOAK_CLIENT_ID
+ARG KEY_CLOAK_ISSUER
 ARG NEXT_PUBLIC_HANDLE_SYSTEM_BASE_URI
 ARG NEXT_PUBLIC_HANDLE_SYSTEM_DOWNLOAD_PROXY
+ARG NEXTAUTH_URL
+ARG NEXTAUTH_URL_INTERNAL
+
+ENV KEY_CLOAK_ISSUER=${KEY_CLOAK_ISSUER}
+ENV KEY_CLOAK_CLIENT_SECRET=${KEY_CLOAK_CLIENT_SECRET}
+ENV KEY_CLOAK_CLIENT_ID=${KEY_CLOAK_CLIENT_ID}

 ENV NEXT_PUBLIC_HANDLE_SYSTEM_DOWNLOAD_PROXY=${NEXT_PUBLIC_HANDLE_SYSTEM_DOWNLOAD_PROXY}
 ENV NEXT_PUBLIC_HANDLE_SYSTEM_BASE_URI=${NEXT_PUBLIC_HANDLE_SYSTEM_BASE_URI}
 ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL:-"https://manager.testbed.pid.gwdg.de/api/v1"}
-ENV KEY_CLOAK_CLIENT_SECRET=${KEY_CLOAK_CLIENT_SECRET}
+ENV NEXTAUTH_URL=${NEXTAUTH_URL}
+ENV NEXTAUTH_URL_INTERNAL=${NEXTAUTH_URL_INTERNAL}

-#EXPOSE 3000
-#CMD ["npm", "run", "dev"]
 RUN npm run build

 FROM base AS runner
@@ -52,7 +59,11 @@ COPY --from=builder --chown=refine:nodejs /app/refine/.next/static ./.next/stati

 USER refine

-ENV PORT 3000
-ENV NEXT_PUBLIC_API_URL=http://localhost:8000/api/v1
-ENV KEY_CLOAK_CLIENT_SECRET ""
+ENV PORT 8000
+ENV KEY_CLOAK_ISSUER=${KEY_CLOAK_ISSUER}
+ENV KEY_CLOAK_CLIENT_SECRET=${KEY_CLOAK_CLIENT_SECRET}
+ENV KEY_CLOAK_CLIENT_ID=${KEY_CLOAK_CLIENT_ID}
+ENV NEXTAUTH_URL=${NEXTAUTH_URL}
+ENV NEXTAUTH_URL_INTERNAL=${NEXTAUTH_URL_INTERNAL}
+
 CMD ["node", "server.js"]
--- a/next.config.js
+++ b/next.config.js
@@ -4,6 +4,14 @@ module.exports = {
  i18n,
  transpilePackages: ["@refinedev/nextjs-router"],
  output: "standalone",
+  env: {
+    KEY_CLOAK_ISSUER: process.env.KEY_CLOAK_ISSUER,
+    KEY_CLOAK_CLIENT_SECRET: process.env.KEY_CLOAK_CLIENT_SECRET,
+    KEY_CLOAK_CLIENT_ID: process.env.KEY_CLOAK_CLIENT_ID,
+    PORT: process.env.PORT,
+    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
+    NEXTAUTH_URL_INTERNAL: process.env.NEXTAUTH_URL_INTERNAL,
+  },
  eslint: {
    ignoreDuringBuilds: true,
  },

--- a/pages/_app.tsx
+++ b/pages/_app.tsx
@@ -14,7 +14,7 @@ import {
 import type { NextPage } from 'next'
 import { SessionProvider, signIn, signOut, useSession } from 'next-auth/react'
 import { AppProps } from 'next/app'
-import { useRouter } from 'next/router'
+import { usePathname } from 'next/navigation'
 import React from 'react'

 import { Header } from '@components/header'
@@ -43,8 +43,7 @@ const App = (props: React.PropsWithChildren) => {
  const { t, i18n } = useTranslation()

  const { data, status } = useSession()
-  const router = useRouter()
-  const { to } = router.query
+  const to = usePathname()

  const i18nProvider = {
    translate: (key: string, params: object) => t(key, params),
@@ -60,7 +59,7 @@ const App = (props: React.PropsWithChildren) => {
    login: async () => {
      // console.log('login')
      signIn('keycloak', {
-        callbackUrl: to ? to.toString() : '/about',
+        callbackUrl: to ? to.toString() : '/fdo',
        redirect: true
      })

@@ -72,7 +71,7 @@ const App = (props: React.PropsWithChildren) => {
      // console.log('logout')
      signOut({
        redirect: true,
-        callbackUrl: '/about'
+        callbackUrl: '/fdo'
      })

      return {

--- a/pages/api/auth/[...nextauth].ts
+++ b/pages/api/auth/[...nextauth].ts
@@ -2,9 +2,9 @@ import NextAuth from 'next-auth'
 import KeycloakProvider from 'next-auth/providers/keycloak'

 const secretSessionKey = process.env.SECRET_SESSION_KEY || 'UItTuD1HcGXIj8ZfHUswhYdNd40Lc325R8VlxQPUoR0='
-const clientId = 'gwdg-fdoman-test'
+const clientId = process.env.KEY_CLOAK_CLIENT_ID || 'gwdg-fdoman-test'
 const clientSecret = process.env.KEY_CLOAK_CLIENT_SECRET || ''
-const issuer = 'https://keycloak.sso.gwdg.de/auth/realms/academiccloud'
+const issuer = process.env.KEY_CLOAK_ISSUER || 'https://keycloak.sso.gwdg.de/auth/realms/academiccloud'

 async function refreshAccessToken (token: any) {
  try {
@@ -29,7 +29,7 @@ async function refreshAccessToken (token: any) {
    if (!response.ok) {
      throw refreshedTokens
    }
-    // console.log('### refreshToken', new Date().toISOString(), refreshedTokens, '### ### ###')
+    console.log('### refreshToken', new Date().toISOString(), refreshedTokens, '### ### ###')

    return {
      ...token,
@@ -38,7 +38,7 @@ async function refreshAccessToken (token: any) {
      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken // Fall back to old refresh token
    }
  } catch (error) {
-    // console.log('### RefreshAccessTokenError', error, '### ### ###')
+    console.log('### RefreshAccessTokenError', error, '### ### ###')

    return {
      ...token,
@@ -62,7 +62,7 @@ export const authOptions = {
      issuer,
      // authorization: { params: { scope: 'openid profile email' } },
      profile (profile) {
-        // console.log('### profile', profile, '### ### ###')
+        console.log('### profile', profile, '### ### ###')
        return {
          id: profile.sub,
          name: profile.name ?? profile.preferred_username
@@ -72,11 +72,11 @@ export const authOptions = {
  ],
  callbacks: {
    async signIn ({ user, account, profile, email, credentials }: any) {
-      // console.log('### signIn', user, account, profile, email, credentials, '### ### ###')
+      console.log('### signIn', user, account, profile, email, credentials, '### ### ###')
      return true
    },
    async session ({ session, user, token }: any) {
-      // console.log('### session', session, user, token, '### ### ###')
+      console.log('### session', session, user, token, '### ### ###')

      session.user = token.user
      session.accessToken = token.accessToken
@@ -85,11 +85,11 @@ export const authOptions = {
      return session
    },
    async redirect ({ url, baseUrl }: any) {
-      // console.log('### redirect', url, baseUrl, '### ### ###')
+      console.log('### redirect', url, baseUrl, '### ### ###')
      return Promise.resolve(url)
    },
    async jwt ({ token, user, account, profile, isNewUser }: any) {
-      // console.log('### jwt', token, user, account, profile, isNewUser, '### ### ###')
+      console.log('### jwt', token, user, account, profile, isNewUser, '### ### ###')

      // Initial sign in
      if (account && user) {