From 6e0e4ecbfec3f270e0525d83fcabaed54eb32743 Mon Sep 17 00:00:00 2001 From: Debian Dev4 Date: Tue, 23 Sep 2025 06:09:00 +0000 Subject: [PATCH] feat(idnot): front-agnostic flow\n- add NEXT_PUBLIC_BACK_BASE & fixed redirect\n- request state from back and pass to IdNot\n- handle #authToken on callback --- next.config.js | 6 ++++ .../Layouts/Login/StepEmail/index.tsx | 34 +++++++++++++------ src/front/Config/VariablesFront.ts | 4 +++ src/pages/_app.tsx | 2 ++ src/pages/authorized-client.tsx | 23 ++++++------- 5 files changed, 47 insertions(+), 22 deletions(-) diff --git a/next.config.js b/next.config.js index a0616746..b4d9013b 100644 --- a/next.config.js +++ b/next.config.js @@ -20,6 +20,8 @@ const nextConfig = { NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID, NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL, NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI, + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED, + NEXT_PUBLIC_BACK_BASE: process.env.NEXT_PUBLIC_BACK_BASE, NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL, NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL, NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL, @@ -40,6 +42,8 @@ const nextConfig = { NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID, NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL, NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI, + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED, + NEXT_PUBLIC_BACK_BASE: process.env.NEXT_PUBLIC_BACK_BASE, NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL, NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL, NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL, @@ -60,6 +64,8 @@ const nextConfig = { NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID, NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL, NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI, + NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED, + NEXT_PUBLIC_BACK_BASE: process.env.NEXT_PUBLIC_BACK_BASE, NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL, NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL, NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL, diff --git a/src/front/Components/Layouts/Login/StepEmail/index.tsx b/src/front/Components/Layouts/Login/StepEmail/index.tsx index e43565cd..649f0373 100644 --- a/src/front/Components/Layouts/Login/StepEmail/index.tsx +++ b/src/front/Components/Layouts/Login/StepEmail/index.tsx @@ -49,18 +49,32 @@ export default function StepEmail(props: IProps) { const router = useRouter(); const error = router.query["error"]; - const redirectUserOnConnection = useCallback(() => { + const redirectUserOnConnection = useCallback(async () => { const variables = FrontendVariables.getInstance(); - let redirectUri = variables.IDNOT_REDIRECT_URI || ""; - if (!redirectUri) { - console.warn("[IDNOT] NEXT_PUBLIC_IDNOT_REDIRECT_URI vide; fallback sur FRONT_APP_HOST/authorized-client"); - redirectUri = `${variables.FRONT_APP_HOST}/authorized-client`; + try { + const nextUrl = typeof window !== 'undefined' ? `${window.location.origin}/authorized-client` : `${variables.FRONT_APP_HOST}/authorized-client`; + const backBase = variables.BACK_BASE || `${variables.BACK_API_PROTOCOL}://${variables.BACK_API_HOST}${variables.BACK_API_PORT ? `:${variables.BACK_API_PORT}` : ''}`; + const stateEndpoint = new URL(`/api/v1/idnot/state`, backBase); + const resp = await fetch(stateEndpoint.toString(), { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ next_url: nextUrl }) + }); + if (!resp.ok) { + console.error('[IDNOT] Failed to create state', resp.status); + setIsErrorModalOpen(4); + return; + } + const { state } = await resp.json(); + const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'http://local.4nkweb.com:3000/authorized-client'; + const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`; + const authorizeUrl = `${authorizeBase}?client_id=${encodeURIComponent(variables.IDNOT_CLIENT_ID)}&redirect_uri=${encodeURIComponent(fixedRedirect)}&scope=openid,profile&response_type=code&state=${encodeURIComponent(state)}`; + router.push(authorizeUrl); + } catch (e) { + console.error('[IDNOT] Unexpected error while starting login', e); + setIsErrorModalOpen(4); } - const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`; - router.push( - `${authorizeBase}?client_id=${variables.IDNOT_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=openid,profile&response_type=code`, - ); - }, [router]); + }, [router, setIsErrorModalOpen]); const openErrorModal = useCallback((index: number) => { setIsErrorModalOpen(index); diff --git a/src/front/Config/VariablesFront.ts b/src/front/Config/VariablesFront.ts index 2038a65a..a117c47d 100644 --- a/src/front/Config/VariablesFront.ts +++ b/src/front/Config/VariablesFront.ts @@ -21,6 +21,10 @@ export class FrontendVariables { public IDNOT_REDIRECT_URI?: string; + public IDNOT_REDIRECT_URI_FIXED?: string; + + public BACK_BASE?: string; + public DOCAPOST_API_URL!: string; public KEY_DATA!: string; diff --git a/src/pages/_app.tsx b/src/pages/_app.tsx index 61464e44..c6f73f2d 100644 --- a/src/pages/_app.tsx +++ b/src/pages/_app.tsx @@ -74,6 +74,8 @@ const MyApp = (({ instance.IDNOT_AUTHORIZE_ENDPOINT = idNotAuthorizeEndpoint; instance.IDNOT_CLIENT_ID = idNotClientId; instance.IDNOT_REDIRECT_URI = (publicRuntimeConfig as any).NEXT_PUBLIC_IDNOT_REDIRECT_URI; + instance.IDNOT_REDIRECT_URI_FIXED = (publicRuntimeConfig as any).NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED; + instance.BACK_BASE = (publicRuntimeConfig as any).NEXT_PUBLIC_BACK_BASE; instance.FC_AUTHORIZE_ENDPOINT = fcAuthorizeEndpoint; instance.FC_CLIENT_ID = fcClientId; instance.DOCAPOST_API_URL = docaposteApiUrl; diff --git a/src/pages/authorized-client.tsx b/src/pages/authorized-client.tsx index 6d86b436..bbdd6882 100644 --- a/src/pages/authorized-client.tsx +++ b/src/pages/authorized-client.tsx @@ -1,21 +1,20 @@ import LoginCallBack from "@Front/Components/Layouts/LoginCallback"; import { useEffect } from "react"; +import CookieService from "@Front/Services/CookieService/CookieService"; export default function Route() { useEffect(() => { if (typeof window !== "undefined") { - const origin = window.location.origin; - const search = window.location.search || ""; - // Forcer HTTPS et domaine dev4 après retour ID.not - if (!origin.startsWith("https://dev4.4nkweb.com")) { - const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`; - window.location.replace(target); - return; - } - if (origin.startsWith("http://local.4nkweb.com:3000")) { - const search = window.location.search || ""; - const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`; - window.location.replace(target); + // Nouveau flux: le backend redirige ici avec #authToken + const hash = window.location.hash || ""; + if (hash.startsWith('#authToken=')) { + const token = decodeURIComponent(hash.replace('#authToken=', '')); + if (token && token.length > 10) { + CookieService.getInstance().setCookie('leCoffreAccessToken', token, 1, '/'); + // Nettoyer le hash pour éviter de laisser trainer le token dans l'URL + const cleanUrl = window.location.href.split('#')[0]; + window.history.replaceState(null, '', cleanUrl); + } } } }, []);