monacousa-portal/server/api/auth/callback.get.ts

export default defineEventHandler(async (event) => {
  console.log('🔄 Callback endpoint called at:', new Date().toISOString());
  
  const query = getQuery(event);
  const { code, state } = query;
  
  console.log('📝 Callback query params:', { 
    hasCode: !!code, 
    hasState: !!state,
    state: state ? 'present' : 'missing'
  });

  if (!code || !state) {
    throw createError({
      statusCode: 400,
      statusMessage: 'Missing authorization code or state',
    });
  }

  // Verify state
  const storedState = getCookie(event, 'oauth-state');
  if (state !== storedState) {
    throw createError({
      statusCode: 400,
      statusMessage: 'Invalid state parameter',
    });
  }

  try {
    const keycloak = createKeycloakClient();
    const sessionManager = createSessionManager();

    // Exchange code for tokens
    const tokens = await keycloak.exchangeCodeForTokens(code as string);
    
    // Get user info
    const userInfo = await keycloak.getUserInfo(tokens.access_token);

    // Tier determination logic - admin > board > user priority
    const determineTier = (groups: string[]): 'user' | 'board' | 'admin' => {
      if (groups.includes('admin')) return 'admin';
      if (groups.includes('board')) return 'board';
      return 'user'; // Default tier
    };

    // Create session
    const sessionData = {
      user: {
        id: userInfo.sub,
        email: userInfo.email,
        name: userInfo.name || `${userInfo.given_name || ''} ${userInfo.family_name || ''}`.trim(),
        firstName: userInfo.given_name,
        lastName: userInfo.family_name,
        username: userInfo.preferred_username,
        tier: determineTier(userInfo.groups || []),
        groups: userInfo.groups || ['user'],
      },
      tokens: {
        accessToken: tokens.access_token,
        refreshToken: tokens.refresh_token,
        expiresAt: Date.now() + (tokens.expires_in * 1000),
      },
      createdAt: Date.now(),
      lastActivity: Date.now(),
    };

    const sessionCookie = sessionManager.createSession(sessionData);
    
    // Set session cookie
    setHeader(event, 'Set-Cookie', sessionCookie);
    
    // Clear state cookie
    deleteCookie(event, 'oauth-state');

    return sendRedirect(event, '/dashboard');
  } catch (error) {
    console.error('Auth callback error:', error);
    throw createError({
      statusCode: 500,
      statusMessage: 'Authentication failed',
    });
  }
});
Initialize Nuxt.js project with Docker deployment setup - Add core Nuxt.js application structure with TypeScript - Include Docker configuration and deployment guide - Set up project scaffolding with pages, composables, and middleware - Add environment configuration and Git ignore rules 2025-08-06 14:31:16 +02:00			`export default defineEventHandler(async (event) => {`
Add debug logging and cookie domain configuration to auth flow - Add comprehensive logging to login and callback endpoints for debugging - Configure cookie domain from environment variable for cross-subdomain support - Update cookie security settings based on NODE_ENV - Add Keycloak configuration validation with detailed error logging 2025-08-07 03:17:25 +02:00			`console.log('🔄 Callback endpoint called at:', new Date().toISOString());`

Initialize Nuxt.js project with Docker deployment setup - Add core Nuxt.js application structure with TypeScript - Include Docker configuration and deployment guide - Set up project scaffolding with pages, composables, and middleware - Add environment configuration and Git ignore rules 2025-08-06 14:31:16 +02:00			`const query = getQuery(event);`
			`const { code, state } = query;`
Add debug logging and cookie domain configuration to auth flow - Add comprehensive logging to login and callback endpoints for debugging - Configure cookie domain from environment variable for cross-subdomain support - Update cookie security settings based on NODE_ENV - Add Keycloak configuration validation with detailed error logging 2025-08-07 03:17:25 +02:00
			`console.log('📝 Callback query params:', {`
			`hasCode: !!code,`
			`hasState: !!state,`
			`state: state ? 'present' : 'missing'`
			`});`
Initialize Nuxt.js project with Docker deployment setup - Add core Nuxt.js application structure with TypeScript - Include Docker configuration and deployment guide - Set up project scaffolding with pages, composables, and middleware - Add environment configuration and Git ignore rules 2025-08-06 14:31:16 +02:00
			`if (!code \|\| !state) {`
			`throw createError({`
			`statusCode: 400,`
			`statusMessage: 'Missing authorization code or state',`
			`});`
			`}`

			`// Verify state`
			`const storedState = getCookie(event, 'oauth-state');`
			`if (state !== storedState) {`
			`throw createError({`
			`statusCode: 400,`
			`statusMessage: 'Invalid state parameter',`
			`});`
			`}`

			`try {`
			`const keycloak = createKeycloakClient();`
			`const sessionManager = createSessionManager();`

			`// Exchange code for tokens`
			`const tokens = await keycloak.exchangeCodeForTokens(code as string);`

			`// Get user info`
			`const userInfo = await keycloak.getUserInfo(tokens.access_token);`

Refactor authentication system with tier-based access control - Replace group-based auth with user/board/admin tier system - Add direct login functionality alongside OAuth - Implement role-based middleware for route protection - Create dashboard pages and admin API endpoints - Add error handling page and improved user management - Maintain backward compatibility with legacy role methods 2025-08-07 12:28:41 +02:00			`// Tier determination logic - admin > board > user priority`
			`const determineTier = (groups: string[]): 'user' \| 'board' \| 'admin' => {`
			`if (groups.includes('admin')) return 'admin';`
			`if (groups.includes('board')) return 'board';`
			`return 'user'; // Default tier`
			`};`

Initialize Nuxt.js project with Docker deployment setup - Add core Nuxt.js application structure with TypeScript - Include Docker configuration and deployment guide - Set up project scaffolding with pages, composables, and middleware - Add environment configuration and Git ignore rules 2025-08-06 14:31:16 +02:00			`// Create session`
			`const sessionData = {`
			`user: {`
			`id: userInfo.sub,`
			`email: userInfo.email,`
Refactor authentication system with tier-based access control - Replace group-based auth with user/board/admin tier system - Add direct login functionality alongside OAuth - Implement role-based middleware for route protection - Create dashboard pages and admin API endpoints - Add error handling page and improved user management - Maintain backward compatibility with legacy role methods 2025-08-07 12:28:41 +02:00			name: userInfo.name \|\| `${userInfo.given_name \|\| ''} ${userInfo.family_name \|\| ''}`.trim(),
			`firstName: userInfo.given_name,`
			`lastName: userInfo.family_name,`
			`username: userInfo.preferred_username,`
			`tier: determineTier(userInfo.groups \|\| []),`
			`groups: userInfo.groups \|\| ['user'],`
Initialize Nuxt.js project with Docker deployment setup - Add core Nuxt.js application structure with TypeScript - Include Docker configuration and deployment guide - Set up project scaffolding with pages, composables, and middleware - Add environment configuration and Git ignore rules 2025-08-06 14:31:16 +02:00			`},`
			`tokens: {`
			`accessToken: tokens.access_token,`
			`refreshToken: tokens.refresh_token,`
			`expiresAt: Date.now() + (tokens.expires_in * 1000),`
			`},`
			`createdAt: Date.now(),`
			`lastActivity: Date.now(),`
			`};`

			`const sessionCookie = sessionManager.createSession(sessionData);`

			`// Set session cookie`
			`setHeader(event, 'Set-Cookie', sessionCookie);`

			`// Clear state cookie`
			`deleteCookie(event, 'oauth-state');`

			`return sendRedirect(event, '/dashboard');`
			`} catch (error) {`
			`console.error('Auth callback error:', error);`
			`throw createError({`
			`statusCode: 500,`
			`statusMessage: 'Authentication failed',`
			`});`
			`}`
			`});`