feat: add route handler that fetches configs

danskernesdigitalebibliotek · Nov 18, 2024 · 2d8e1e2 · 2d8e1e2
1 parent 006f1e5
commit 2d8e1e2
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 17 deletions.
diff --git a/app/auth/config/route.ts b/app/auth/config/route.ts
@@ -0,0 +1,36 @@
+export const revalidate = 1
+
+export const query = `
+  query getUniLoginConfiguration {
+    dplConfiguration {
+      unilogin {
+        unilogin_api_url
+        unilogin_api_wellknown_url
+        unilogin_api_client_id
+        unilogin_api_client_secret
+      }
+    }
+  }`
+
+export async function GET() {
+  const res = await fetch(`${process.env.NEXT_PUBLIC_GRAPHQL_SCHEMA_ENDPOINT_DPL_CMS}`, {
+    method: "POST",
+    ...{
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: "Basic " + process.env.GRAPHQL_SCHEMA_ENDPOINT_DPL_CMS_AUTH_HEADER,
+      },
+    },
+    body: JSON.stringify({ query }),
+  })
+
+  const json = await res.json()
+
+  if (json.errors) {
+    const { message } = json.errors[0]
+
+    throw new Error(message)
+  }
+
+  return Response.json(json.data)
+}
diff --git a/app/auth/login/unilogin/route.ts b/app/auth/login/unilogin/route.ts
@@ -1,24 +1,62 @@
-import { generators } from "openid-client"
+import { Issuer, generators } from "openid-client"
 
-import { getUniloginClient, uniloginClientConfig } from "@/lib/session/oauth/uniloginClient"
 import { getSession } from "@/lib/session/session"
 
+export const revalidate = 1
+
+export async function getUniloginClient({
+  client_id,
+  client_secret,
+  redirect_uri,
+  wellKnownUrl,
+}: {
+  client_id: string
+  client_secret: string
+  redirect_uri: string
+  wellKnownUrl: string
+}) {
+  const UniloginIssuer = await Issuer.discover(wellKnownUrl!)
+  const client = new UniloginIssuer.Client({
+    client_id: client_id!,
+    client_secret: client_secret!,
+    response_types: ["code"],
+    redirect_uris: [redirect_uri],
+    token_endpoint_auth_method: "client_secret_post",
+  })
+  return client
+}
+
 export async function GET() {
+  const configResponse = await fetch(`${process.env.NEXT_PUBLIC_APP_URL}/auth/config`)
+  if (!configResponse.ok) {
+    throw new Error("Failed to fetch config")
+  }
+
+  const config = await configResponse.json()
+
+  const uniloginConfig = config?.dplConfiguration?.unilogin
+
   const session = await getSession()
 
   session.code_verifier = generators.codeVerifier()
 
   const code_challenge = generators.codeChallenge(session.code_verifier)
 
-  const client = await getUniloginClient()
+  const client = await getUniloginClient({
+    client_id: uniloginConfig.unilogin_api_client_id,
+    client_secret: uniloginConfig.unilogin_api_client_secret,
+    redirect_uri: `${process.env.NEXT_PUBLIC_APP_URL}/auth/callback/unilogin`,
+    wellKnownUrl: uniloginConfig.unilogin_api_wellknown_url,
+  })
   const url = client.authorizationUrl({
-    scope: uniloginClientConfig.scope,
-    audience: uniloginClientConfig.audience,
-    redirect_uri: uniloginClientConfig.redirect_uri,
+    scope: "openid",
+    audience: process.env.UNILOGIN_API_URL,
+    redirect_uri: `${process.env.NEXT_PUBLIC_APP_URL}/auth/callback/unilogin`,
     code_challenge,
     code_challenge_method: "S256",
   })
 
   await session.save()
+
   return Response.redirect(url)
 }
diff --git a/lib/session/oauth/uniloginClient.ts b/lib/session/oauth/uniloginClient.ts
@@ -2,28 +2,23 @@ import { Issuer } from "openid-client"
 
 import goConfig from "@/lib/config/config"
 
-const appUrl = goConfig("app.url") as string
-const uniloginApiUrl = goConfig("service.unilogin.api.url") as string
-const uniloginWellKnownUrl = goConfig("service.unilogin.wellknown.url") as string
-const clientId = goConfig("service.unilogin.client-id") as string
-const clientSecret = goConfig("service.unilogin.client-secret") as string
+const appUrl = goConfig("app.url")
 
 export const uniloginClientConfig = {
-  wellKnownUrl: uniloginWellKnownUrl,
-  url: uniloginApiUrl,
+  wellKnownUrl: process.env.UNILOGIN_WELKNOWN_URL,
+  url: process.env.UNILOGIN_API_URL,
   audience: process.env.UNILOGIN_API_URL,
-  client_id: clientId,
-  client_secret: clientSecret,
+  client_id: process.env.UNILOGIN_CLIENT_ID,
+  client_secret: process.env.UNILOGIN_CLIENT_SECRET,
   scope: "openid",
   redirect_uri: `${appUrl}/auth/callback/unilogin`,
   post_logout_redirect_uri: `${appUrl}`,
   response_type: "code",
   grant_type: "authorization_code",
   post_login_route: `${appUrl}/user/profile`,
 }
-
 export async function getUniloginClient() {
-  const UniloginIssuer = await Issuer.discover(uniloginClientConfig.wellKnownUrl)
+  const UniloginIssuer = await Issuer.discover(uniloginClientConfig.wellKnownUrl!)
   const client = new UniloginIssuer.Client({
     client_id: uniloginClientConfig.client_id!,
     client_secret: uniloginClientConfig.client_secret!,