feat(FE) : start integrate api
This commit is contained in:
Yusron alamsyah
@@ -0,0 +1,110 @@
|
||||
// server/api/auth/logout.post.ts
|
||||
export default defineEventHandler(async (event) => {
|
||||
try {
|
||||
const config = useRuntimeConfig();
|
||||
console.log('🚪 Logout handler called');
|
||||
|
||||
// Get the current session to retrieve tokens
|
||||
const sessionId = getCookie(event, 'user_session');
|
||||
let idToken = null;
|
||||
|
||||
if (sessionId) {
|
||||
try {
|
||||
const { getSession, deleteSession } = await import('~/server/utils/sessionStore');
|
||||
const session = getSession(sessionId);
|
||||
if (session) {
|
||||
idToken = session.idToken;
|
||||
console.log('🔑 ID token found in session:', !!idToken);
|
||||
// Delete session from store
|
||||
deleteSession(sessionId);
|
||||
}
|
||||
} catch (error) {
|
||||
console.warn('⚠️ Could not retrieve session:', error);
|
||||
}
|
||||
} else {
|
||||
console.warn('⚠️ No session cookie found');
|
||||
}
|
||||
|
||||
// Clear all auth-related cookies
|
||||
console.log('🧹 Clearing session cookies...');
|
||||
deleteCookie(event, 'user_session');
|
||||
deleteCookie(event, 'oauth_state');
|
||||
|
||||
// Also clear with different path variations to be thorough
|
||||
deleteCookie(event, 'user_session', { path: '/' });
|
||||
deleteCookie(event, 'oauth_state', { path: '/' });
|
||||
|
||||
console.log('✅ Session cleared successfully');
|
||||
|
||||
// Construct the Keycloak logout URL with proper parameters
|
||||
// IMPORTANT: The post_logout_redirect_uri must be registered in Keycloak client settings
|
||||
// Use custom logout URI from env if provided, otherwise use default
|
||||
const logoutPath = config.keycloakLogoutUri || `${config.keycloakIssuer}/protocol/openid-connect/logout`;
|
||||
const logoutUrl = new URL(logoutPath);
|
||||
|
||||
// Debug: Log the authUrl and logout URI being used
|
||||
console.log('🔧 Using authUrl from config:', config.public.authUrl);
|
||||
if (config.keycloakLogoutUri) {
|
||||
console.log('🔧 Using custom logout URI from env:', config.keycloakLogoutUri);
|
||||
} else {
|
||||
console.log('🔧 Using default logout URI:', logoutPath);
|
||||
}
|
||||
|
||||
// Build the redirect URI - must match what's configured in Keycloak
|
||||
// Use custom post-logout redirect URI from env if provided, otherwise use just the base URL
|
||||
// Using base URL (e.g., http://localhost:3005) is more likely to be whitelisted in Keycloak
|
||||
const postLogoutRedirectUri = config.postLogoutRedirectUri || config.public.authUrl;
|
||||
|
||||
if (config.postLogoutRedirectUri) {
|
||||
console.log('🔧 Using custom post-logout redirect URI from env:', config.postLogoutRedirectUri);
|
||||
} else {
|
||||
console.log('🔧 Using base authUrl as post-logout redirect URI:', postLogoutRedirectUri);
|
||||
}
|
||||
|
||||
// Add required parameters for proper Keycloak logout
|
||||
logoutUrl.searchParams.set('client_id', config.keycloakClientId);
|
||||
logoutUrl.searchParams.set('post_logout_redirect_uri', postLogoutRedirectUri);
|
||||
|
||||
// If we have an ID token, add it for proper session termination
|
||||
// This ensures Keycloak properly terminates the SSO session
|
||||
if (idToken) {
|
||||
logoutUrl.searchParams.set('id_token_hint', idToken);
|
||||
console.log('🔑 Added id_token_hint to logout URL');
|
||||
} else {
|
||||
console.warn('⚠️ No ID token available for logout hint - logout may not fully terminate Keycloak session');
|
||||
}
|
||||
|
||||
console.log('🔗 Keycloak logout URL constructed:', logoutUrl.toString());
|
||||
console.log('📍 Post-logout redirect URI:', postLogoutRedirectUri);
|
||||
console.log('⚠️ Make sure this redirect URI is configured in Keycloak client settings!');
|
||||
|
||||
// Return the logout URL to the client for redirect
|
||||
// This approach gives better control to the client-side code
|
||||
return {
|
||||
success: true,
|
||||
logoutUrl: logoutUrl.toString(),
|
||||
message: 'Session cleared successfully'
|
||||
};
|
||||
|
||||
} catch (error: any) {
|
||||
console.error('❌ Logout error:', error);
|
||||
console.error('❌ Error stack:', error.stack);
|
||||
|
||||
// Even if there's an error, try to provide a basic logout URL
|
||||
const config = useRuntimeConfig();
|
||||
const postLogoutRedirectUri = config.postLogoutRedirectUri || config.public.authUrl;
|
||||
const logoutPath = config.keycloakLogoutUri || `${config.keycloakIssuer}/protocol/openid-connect/logout`;
|
||||
const fallbackLogoutUrl = new URL(logoutPath);
|
||||
fallbackLogoutUrl.searchParams.set('client_id', config.keycloakClientId);
|
||||
fallbackLogoutUrl.searchParams.set('post_logout_redirect_uri', postLogoutRedirectUri);
|
||||
|
||||
console.warn('⚠️ Using fallback logout URL due to error');
|
||||
|
||||
return {
|
||||
success: false,
|
||||
logoutUrl: fallbackLogoutUrl.toString(),
|
||||
error: 'Logout encountered an error, but providing fallback logout URL',
|
||||
message: error.message
|
||||
};
|
||||
}
|
||||
});
|
||||
Reference in New Issue
Block a user