feat(idnot): front-agnostic flow\n- add NEXT_PUBLIC_BACK_BASE & fixed redirect\n- request state from back and pass to IdNot\n- handle #authToken on callback
All checks were successful
build-and-push-ext / build_push (push) Successful in 59s
All checks were successful
build-and-push-ext / build_push (push) Successful in 59s
This commit is contained in:
Debian Dev4
parent
6eb4b6e0be
commit
6e0e4ecbfe
@ -20,6 +20,8 @@ const nextConfig = {
|
|||||||
NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
|
NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
|
||||||
NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
|
NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
|
||||||
NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
|
NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
|
||||||
|
NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED,
|
||||||
|
NEXT_PUBLIC_BACK_BASE: process.env.NEXT_PUBLIC_BACK_BASE,
|
||||||
NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
|
NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
|
||||||
NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
|
NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
|
||||||
NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
|
NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
|
||||||
@ -40,6 +42,8 @@ const nextConfig = {
|
|||||||
NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
|
NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
|
||||||
NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
|
NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
|
||||||
NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
|
NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
|
||||||
|
NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED,
|
||||||
|
NEXT_PUBLIC_BACK_BASE: process.env.NEXT_PUBLIC_BACK_BASE,
|
||||||
NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
|
NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
|
||||||
NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
|
NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
|
||||||
NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
|
NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
|
||||||
@ -60,6 +64,8 @@ const nextConfig = {
|
|||||||
NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
|
NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
|
||||||
NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
|
NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
|
||||||
NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
|
NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
|
||||||
|
NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED,
|
||||||
|
NEXT_PUBLIC_BACK_BASE: process.env.NEXT_PUBLIC_BACK_BASE,
|
||||||
NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
|
NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
|
||||||
NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
|
NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
|
||||||
NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
|
NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
|
||||||
|
|||||||
@ -49,18 +49,32 @@ export default function StepEmail(props: IProps) {
|
|||||||
|
|
||||||
const router = useRouter();
|
const router = useRouter();
|
||||||
const error = router.query["error"];
|
const error = router.query["error"];
|
||||||
const redirectUserOnConnection = useCallback(() => {
|
const redirectUserOnConnection = useCallback(async () => {
|
||||||
const variables = FrontendVariables.getInstance();
|
const variables = FrontendVariables.getInstance();
|
||||||
let redirectUri = variables.IDNOT_REDIRECT_URI || "";
|
try {
|
||||||
if (!redirectUri) {
|
const nextUrl = typeof window !== 'undefined' ? `${window.location.origin}/authorized-client` : `${variables.FRONT_APP_HOST}/authorized-client`;
|
||||||
console.warn("[IDNOT] NEXT_PUBLIC_IDNOT_REDIRECT_URI vide; fallback sur FRONT_APP_HOST/authorized-client");
|
const backBase = variables.BACK_BASE || `${variables.BACK_API_PROTOCOL}://${variables.BACK_API_HOST}${variables.BACK_API_PORT ? `:${variables.BACK_API_PORT}` : ''}`;
|
||||||
redirectUri = `${variables.FRONT_APP_HOST}/authorized-client`;
|
const stateEndpoint = new URL(`/api/v1/idnot/state`, backBase);
|
||||||
|
const resp = await fetch(stateEndpoint.toString(), {
|
||||||
|
method: 'POST',
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
body: JSON.stringify({ next_url: nextUrl })
|
||||||
|
});
|
||||||
|
if (!resp.ok) {
|
||||||
|
console.error('[IDNOT] Failed to create state', resp.status);
|
||||||
|
setIsErrorModalOpen(4);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const { state } = await resp.json();
|
||||||
|
const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'http://local.4nkweb.com:3000/authorized-client';
|
||||||
|
const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`;
|
||||||
|
const authorizeUrl = `${authorizeBase}?client_id=${encodeURIComponent(variables.IDNOT_CLIENT_ID)}&redirect_uri=${encodeURIComponent(fixedRedirect)}&scope=openid,profile&response_type=code&state=${encodeURIComponent(state)}`;
|
||||||
|
router.push(authorizeUrl);
|
||||||
|
} catch (e) {
|
||||||
|
console.error('[IDNOT] Unexpected error while starting login', e);
|
||||||
|
setIsErrorModalOpen(4);
|
||||||
}
|
}
|
||||||
const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`;
|
}, [router, setIsErrorModalOpen]);
|
||||||
router.push(
|
|
||||||
`${authorizeBase}?client_id=${variables.IDNOT_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=openid,profile&response_type=code`,
|
|
||||||
);
|
|
||||||
}, [router]);
|
|
||||||
|
|
||||||
const openErrorModal = useCallback((index: number) => {
|
const openErrorModal = useCallback((index: number) => {
|
||||||
setIsErrorModalOpen(index);
|
setIsErrorModalOpen(index);
|
||||||
|
|||||||
@ -21,6 +21,10 @@ export class FrontendVariables {
|
|||||||
|
|
||||||
public IDNOT_REDIRECT_URI?: string;
|
public IDNOT_REDIRECT_URI?: string;
|
||||||
|
|
||||||
|
public IDNOT_REDIRECT_URI_FIXED?: string;
|
||||||
|
|
||||||
|
public BACK_BASE?: string;
|
||||||
|
|
||||||
public DOCAPOST_API_URL!: string;
|
public DOCAPOST_API_URL!: string;
|
||||||
|
|
||||||
public KEY_DATA!: string;
|
public KEY_DATA!: string;
|
||||||
|
|||||||
@ -74,6 +74,8 @@ const MyApp = (({
|
|||||||
instance.IDNOT_AUTHORIZE_ENDPOINT = idNotAuthorizeEndpoint;
|
instance.IDNOT_AUTHORIZE_ENDPOINT = idNotAuthorizeEndpoint;
|
||||||
instance.IDNOT_CLIENT_ID = idNotClientId;
|
instance.IDNOT_CLIENT_ID = idNotClientId;
|
||||||
instance.IDNOT_REDIRECT_URI = (publicRuntimeConfig as any).NEXT_PUBLIC_IDNOT_REDIRECT_URI;
|
instance.IDNOT_REDIRECT_URI = (publicRuntimeConfig as any).NEXT_PUBLIC_IDNOT_REDIRECT_URI;
|
||||||
|
instance.IDNOT_REDIRECT_URI_FIXED = (publicRuntimeConfig as any).NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED;
|
||||||
|
instance.BACK_BASE = (publicRuntimeConfig as any).NEXT_PUBLIC_BACK_BASE;
|
||||||
instance.FC_AUTHORIZE_ENDPOINT = fcAuthorizeEndpoint;
|
instance.FC_AUTHORIZE_ENDPOINT = fcAuthorizeEndpoint;
|
||||||
instance.FC_CLIENT_ID = fcClientId;
|
instance.FC_CLIENT_ID = fcClientId;
|
||||||
instance.DOCAPOST_API_URL = docaposteApiUrl;
|
instance.DOCAPOST_API_URL = docaposteApiUrl;
|
||||||
|
|||||||
@ -1,21 +1,20 @@
|
|||||||
import LoginCallBack from "@Front/Components/Layouts/LoginCallback";
|
import LoginCallBack from "@Front/Components/Layouts/LoginCallback";
|
||||||
import { useEffect } from "react";
|
import { useEffect } from "react";
|
||||||
|
import CookieService from "@Front/Services/CookieService/CookieService";
|
||||||
|
|
||||||
export default function Route() {
|
export default function Route() {
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
if (typeof window !== "undefined") {
|
if (typeof window !== "undefined") {
|
||||||
const origin = window.location.origin;
|
// Nouveau flux: le backend redirige ici avec #authToken
|
||||||
const search = window.location.search || "";
|
const hash = window.location.hash || "";
|
||||||
// Forcer HTTPS et domaine dev4 après retour ID.not
|
if (hash.startsWith('#authToken=')) {
|
||||||
if (!origin.startsWith("https://dev4.4nkweb.com")) {
|
const token = decodeURIComponent(hash.replace('#authToken=', ''));
|
||||||
const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`;
|
if (token && token.length > 10) {
|
||||||
window.location.replace(target);
|
CookieService.getInstance().setCookie('leCoffreAccessToken', token, 1, '/');
|
||||||
return;
|
// Nettoyer le hash pour éviter de laisser trainer le token dans l'URL
|
||||||
}
|
const cleanUrl = window.location.href.split('#')[0];
|
||||||
if (origin.startsWith("http://local.4nkweb.com:3000")) {
|
window.history.replaceState(null, '', cleanUrl);
|
||||||
const search = window.location.search || "";
|
}
|
||||||
const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`;
|
|
||||||
window.location.replace(target);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}, []);
|
}, []);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user