111 lines
3.6 KiB
TypeScript
111 lines
3.6 KiB
TypeScript
import type { KeycloakAdminConfig } from '~/utils/types';
|
|
|
|
export class KeycloakAdminClient {
|
|
private config: KeycloakAdminConfig;
|
|
|
|
constructor(config: KeycloakAdminConfig) {
|
|
this.config = config;
|
|
}
|
|
|
|
/**
|
|
* Get an admin access token using client credentials grant
|
|
*/
|
|
async getAdminToken(): Promise<string> {
|
|
const response = await fetch(`${this.config.issuer}/protocol/openid-connect/token`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
'User-Agent': 'MonacoUSA-Portal/1.0'
|
|
},
|
|
body: new URLSearchParams({
|
|
grant_type: 'client_credentials',
|
|
client_id: this.config.clientId,
|
|
client_secret: this.config.clientSecret
|
|
})
|
|
});
|
|
|
|
if (!response.ok) {
|
|
const errorText = await response.text().catch(() => 'Unknown error');
|
|
throw new Error(`Failed to get admin token: ${response.status} - ${errorText}`);
|
|
}
|
|
|
|
const tokenData = await response.json();
|
|
return tokenData.access_token;
|
|
}
|
|
|
|
/**
|
|
* Find a user by email address
|
|
*/
|
|
async findUserByEmail(email: string, adminToken: string): Promise<any[]> {
|
|
const adminBaseUrl = this.config.issuer.replace('/realms/', '/admin/realms/');
|
|
|
|
const response = await fetch(`${adminBaseUrl}/users?email=${encodeURIComponent(email)}&exact=true`, {
|
|
headers: {
|
|
'Authorization': `Bearer ${adminToken}`,
|
|
'User-Agent': 'MonacoUSA-Portal/1.0'
|
|
}
|
|
});
|
|
|
|
if (!response.ok) {
|
|
const errorText = await response.text().catch(() => 'Unknown error');
|
|
throw new Error(`Failed to search users: ${response.status} - ${errorText}`);
|
|
}
|
|
|
|
return response.json();
|
|
}
|
|
|
|
/**
|
|
* Send password reset email to a user
|
|
*/
|
|
async sendPasswordResetEmail(userId: string, adminToken: string, portalClientId: string, callbackUrl: string): Promise<void> {
|
|
const adminBaseUrl = this.config.issuer.replace('/realms/', '/admin/realms/');
|
|
const resetUrl = new URL(`${adminBaseUrl}/users/${userId}/execute-actions-email`);
|
|
|
|
// Add query parameters for better email template rendering
|
|
resetUrl.searchParams.set('clientId', portalClientId);
|
|
resetUrl.searchParams.set('redirectUri', callbackUrl.replace('/auth/callback', '/login'));
|
|
resetUrl.searchParams.set('lifespan', '43200'); // 12 hours
|
|
|
|
// Create AbortController for timeout handling
|
|
const controller = new AbortController();
|
|
const timeoutId = setTimeout(() => controller.abort(), 30000); // 30 second timeout
|
|
|
|
try {
|
|
const response = await fetch(resetUrl.toString(), {
|
|
method: 'PUT',
|
|
headers: {
|
|
'Authorization': `Bearer ${adminToken}`,
|
|
'Content-Type': 'application/json',
|
|
'User-Agent': 'MonacoUSA-Portal/1.0'
|
|
},
|
|
body: JSON.stringify(['UPDATE_PASSWORD']),
|
|
signal: controller.signal
|
|
});
|
|
|
|
clearTimeout(timeoutId);
|
|
|
|
if (!response.ok) {
|
|
const errorText = await response.text().catch(() => 'Unknown error');
|
|
throw new Error(`Failed to send reset email: ${response.status} - ${errorText}`);
|
|
}
|
|
} catch (error) {
|
|
clearTimeout(timeoutId);
|
|
throw error;
|
|
}
|
|
}
|
|
}
|
|
|
|
export function createKeycloakAdminClient(): KeycloakAdminClient {
|
|
const config = useRuntimeConfig() as any;
|
|
|
|
if (!config.keycloakAdmin?.clientId || !config.keycloakAdmin?.clientSecret || !config.keycloak?.issuer) {
|
|
throw new Error('Missing Keycloak admin configuration');
|
|
}
|
|
|
|
return new KeycloakAdminClient({
|
|
issuer: config.keycloak.issuer,
|
|
clientId: config.keycloakAdmin.clientId,
|
|
clientSecret: config.keycloakAdmin.clientSecret
|
|
});
|
|
}
|