integrate login page wih api and keycloak
This commit is contained in:
Yusron alamsyah
@@ -0,0 +1,82 @@
|
||||
// server/api/auth/logout.post.ts
|
||||
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const asString = (value: unknown): string => (typeof value === 'string' ? value : '');
|
||||
|
||||
const buildLogoutUrl = (idToken?: string) => {
|
||||
const config = useRuntimeConfig();
|
||||
const keycloakIssuer = asString(config.keycloakIssuer);
|
||||
const keycloakClientId = asString(config.keycloakClientId);
|
||||
const authUrl = asString(config.public.authUrl);
|
||||
const baseUrl = asString(config.public.baseUrl);
|
||||
const keycloakLogoutUri = asString(config.keycloakLogoutUri);
|
||||
const postLogoutRedirectUriConfig = asString(config.postLogoutRedirectUri);
|
||||
|
||||
const logoutPath = keycloakLogoutUri || `${keycloakIssuer}/protocol/openid-connect/logout`;
|
||||
const postLogoutRedirectUri = postLogoutRedirectUriConfig || baseUrl || authUrl;
|
||||
|
||||
const logoutUrl = new URL(logoutPath);
|
||||
logoutUrl.searchParams.set('client_id', keycloakClientId);
|
||||
|
||||
if (postLogoutRedirectUri) {
|
||||
logoutUrl.searchParams.set('post_logout_redirect_uri', postLogoutRedirectUri);
|
||||
}
|
||||
|
||||
if (idToken) {
|
||||
logoutUrl.searchParams.set('id_token_hint', idToken);
|
||||
}
|
||||
|
||||
return logoutUrl.toString();
|
||||
};
|
||||
|
||||
try {
|
||||
// Retrieve token from the active session when available.
|
||||
const sessionId = getCookie(event, 'user_session');
|
||||
let idToken: string | undefined;
|
||||
|
||||
if (sessionId) {
|
||||
try {
|
||||
const { getUserSession, deleteUserSession } = await import('~/server/utils/sessionStore');
|
||||
const session = getUserSession(sessionId);
|
||||
|
||||
if (session) {
|
||||
idToken = session.idToken;
|
||||
deleteUserSession(sessionId);
|
||||
}
|
||||
} catch {
|
||||
// Ignore session-store retrieval failures; cookies are still cleared below.
|
||||
}
|
||||
}
|
||||
|
||||
// Always clear auth-related cookies.
|
||||
deleteCookie(event, 'user_session');
|
||||
deleteCookie(event, 'oauth_state');
|
||||
deleteCookie(event, 'user_session', { path: '/' });
|
||||
deleteCookie(event, 'oauth_state', { path: '/' });
|
||||
|
||||
const logoutUrl = buildLogoutUrl(idToken);
|
||||
|
||||
return {
|
||||
success: true,
|
||||
logoutUrl,
|
||||
message: 'Session cleared successfully',
|
||||
};
|
||||
|
||||
} catch {
|
||||
let fallbackLogoutUrl = '';
|
||||
|
||||
try {
|
||||
fallbackLogoutUrl = buildLogoutUrl();
|
||||
} catch {
|
||||
// Keep empty fallback URL if runtime config is not usable.
|
||||
}
|
||||
|
||||
return {
|
||||
success: false,
|
||||
logoutUrl: fallbackLogoutUrl,
|
||||
error: 'Logout encountered an error, but providing fallback logout URL',
|
||||
message: 'Logout failed',
|
||||
};
|
||||
}
|
||||
});
|
||||
Reference in New Issue
Block a user