perbaikan keycloak dan config

server/api/auth/session.get.ts

@@ -1,4 +1,5 @@
 // server/api/auth/session.get.ts
+import type { SessionResponse } from '~/types/auth'
 
 // Helper function to safely decode the JWT payload (Access Token or ID Token)
 const decodeTokenPayload = (token: string | undefined): any | null => {
@@ -23,10 +24,10 @@ const decodeTokenPayload = (token: string | undefined): any | null => {
 export default defineEventHandler(async (event) => {
   console.log("🔍 Session endpoint called");
 
-  const sessionCookie = getCookie(event, "user_session");
-  console.log("🍪 Session cookie exists:", !!sessionCookie);
+  const sessionId = getCookie(event, "user_session");
+  console.log("🍪 Session cookie exists:", !!sessionId);
 
-  if (!sessionCookie) {
+  if (!sessionId) {
     console.log("❌ No session cookie found");
     throw createError({
       statusCode: 401,
@@ -35,8 +36,20 @@ export default defineEventHandler(async (event) => {
   }
 
   try {
-    const session = JSON.parse(sessionCookie);
-    console.log("📋 Session parsed successfully");
+    // Get session from server-side store using session ID
+    const { getSession } = await import('~/server/utils/sessionStore');
+    const session = getSession(sessionId);
+    
+    if (!session) {
+      console.log("❌ Session not found or expired");
+      deleteCookie(event, "user_session");
+      throw createError({
+        statusCode: 401,
+        statusMessage: "Session expired or invalid",
+      });
+    }
+    
+    console.log("📋 Session retrieved from store successfully");
 
     const isExpired = Date.now() > session.expiresAt;
     console.log("   Is Expired:", isExpired);
@@ -55,27 +68,29 @@ export default defineEventHandler(async (event) => {
     const idTokenPayload = decodeTokenPayload(session.idToken);
     const accessTokenPayload = decodeTokenPayload(session.accessToken);
 
-    // Final response object for the frontend debug page
-    const sessionResponse = {
+    // Final response object - ensure it matches SessionResponse interface
+    const sessionResponse: SessionResponse & { 
+      idTokenPayload?: any
+      accessTokenPayload?: any
+      fullSessionObject?: any
+      status?: string
+    } = {
+      success: true,
       // Basic User Info
       user: session.user,
 
-      // Raw Tokens
-      idToken: session.idToken,
+      // Raw Tokens (optional in SessionResponse)
       accessToken: session.accessToken,
       refreshToken: session.refreshToken,
 
-      // Session Timestamps
+      // Session Timestamps (optional in SessionResponse)
       expiresAt: session.expiresAt,
-      createdAt: session.createdAt,
 
-      // Parsed Payloads
+      // Additional debug fields (not in SessionResponse interface)
+      idToken: session.idToken,
       idTokenPayload: idTokenPayload,
       accessTokenPayload: accessTokenPayload,
-
-      // Raw Session Data (for Debug section)
       fullSessionObject: session,
-
       status: "authenticated",
     };