matt/monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor authentication system with tier-based access control
All checks were successful
Build And Push Image / docker (push) Successful in 2m59s
Details

Browse Source 
- Replace group-based auth with user/board/admin tier system
- Add direct login functionality alongside OAuth
- Implement role-based middleware for route protection
- Create dashboard pages and admin API endpoints
- Add error handling page and improved user management
- Maintain backward compatibility with legacy role methods
This commit is contained in:
Matt
2025-08-07 12:28:41 +02:00
parent 2c2c0f5c33
commit cd29123e23
15 changed files with 1893 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/api/auth/callback.get.ts
View File

@@ -36,14 +36,24 @@ export default defineEventHandler(async (event) => {
// Get user info
const userInfo = await keycloak.getUserInfo(tokens.access_token);
// Tier determination logic - admin > board > user priority
const determineTier = (groups: string[]): 'user' | 'board' | 'admin' => {
if (groups.includes('admin')) return 'admin';
if (groups.includes('board')) return 'board';
return 'user'; // Default tier
};
// Create session
const sessionData = {
user: {
id: userInfo.sub,
email: userInfo.email,
name: userInfo.name || `${userInfo.given_name} ${userInfo.family_name}`.trim(),
groups: userInfo.groups || [],
tier: userInfo.tier,
name: userInfo.name || `${userInfo.given_name || ''} ${userInfo.family_name || ''}`.trim(),
firstName: userInfo.given_name,
lastName: userInfo.family_name,
username: userInfo.preferred_username,
tier: determineTier(userInfo.groups || []),
groups: userInfo.groups || ['user'],
},
tokens: {
accessToken: tokens.access_token,

15
server/api/auth/direct-login.post.ts
View File

@@ -203,15 +203,24 @@ export default defineEventHandler(async (event) => {
name: userInfo.name
});
// Tier determination logic - admin > board > user priority
const determineTier = (groups: string[]): 'user' | 'board' | 'admin' => {
if (groups.includes('admin')) return 'admin';
if (groups.includes('board')) return 'board';
return 'user'; // Default tier
};
// Create session data with extended expiry if remember me
const sessionData = {
user: {
id: userInfo.sub,
email: userInfo.email,
name: userInfo.name || `${userInfo.given_name || ''} ${userInfo.family_name || ''}`.trim(),
groups: userInfo.groups || [],
tier: userInfo.tier,
username: userInfo.preferred_username || username
firstName: userInfo.given_name,
lastName: userInfo.family_name,
username: userInfo.preferred_username || username,
tier: determineTier(userInfo.groups || []),
groups: userInfo.groups || ['user']
},
tokens: {
accessToken: tokens.access_token,