Refactor auth route to use defineEventHandler

- Convert oauthAuthentikEventHandler wrapper to inline defineEventHandler
- Add detailed logging for OAuth flow debugging
- Follow Nuxt 4 server/routes/ convention
- Should fix 404 error on /auth/authentik

nuxt4-app/server/routes/auth/authentik.get.ts

@@ -1,4 +1,6 @@
-import { oauthAuthentikEventHandler } from '../../utils/oauth-authentik'
+import { getQuery } from 'h3'
+import { withQuery } from 'ufo'
+import { defu } from 'defu'
 
 /**
  * OAuth Authentik Login Handler
@@ -6,30 +8,86 @@ import { oauthAuthentikEventHandler } from '../../utils/oauth-authentik'
  *
  * Este endpoint inicia el flujo OAuth con Authentik
  */
-export default oauthAuthentikEventHandler({
-  config: {
-    emailRequired: true
-  },
-  async onSuccess(event, { user, tokens }) {
-    // Guardar información del usuario en la sesión
-    await setUserSession(event, {
-      user: {
-        id: user.id,
-        email: user.email,
-        name: user.name || user.preferred_username,
-        username: user.preferred_username,
-        picture: user.picture,
-        groups: user.groups || []
-      },
-      loggedInAt: Date.now()
-    })
+export default defineEventHandler(async (event) => {
+  const runtimeConfig = useRuntimeConfig(event)
+  const query = getQuery(event)
 
-    // Redirigir al dashboard después del login
-    return sendRedirect(event, '/')
-  },
-
-  async onError(event, error) {
-    console.error('Authentik OAuth error:', error)
-    return sendRedirect(event, '/error?message=auth_failed')
+  // Configuración de Authentik
+  const config = {
+    clientId: runtimeConfig.oauth.authentik.clientId,
+    clientSecret: runtimeConfig.oauth.authentik.clientSecret,
+    serverUrl: runtimeConfig.oauth.authentik.serverUrl,
+    redirectURL: runtimeConfig.oauth.authentik.redirectURL,
+    scope: ['openid', 'profile', 'email'],
   }
+
+  console.log('OAuth Authentik - Iniciando flujo:', {
+    serverUrl: config.serverUrl,
+    redirectURL: config.redirectURL,
+    hasCode: !!query.code
+  })
+
+  // Handle OAuth callback
+  if (query.code) {
+    try {
+      // Exchange code for tokens
+      const tokenUrl = `${config.serverUrl}/application/o/token/`
+      const tokenResponse = await $fetch(tokenUrl, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+          grant_type: 'authorization_code',
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code: query.code as string,
+          redirect_uri: config.redirectURL,
+        }),
+      })
+
+      const tokens = tokenResponse as any
+
+      // Get user info
+      const userInfoUrl = `${config.serverUrl}/application/o/userinfo/`
+      const user = await $fetch(userInfoUrl, {
+        headers: {
+          Authorization: `Bearer ${tokens.access_token}`,
+        },
+      })
+
+      // Guardar información del usuario en la sesión
+      await setUserSession(event, {
+        user: {
+          id: (user as any).sub,
+          email: (user as any).email,
+          name: (user as any).name || (user as any).preferred_username,
+          username: (user as any).preferred_username,
+          picture: (user as any).picture,
+          groups: (user as any).groups || []
+        },
+        loggedInAt: Date.now()
+      })
+
+      // Redirigir al dashboard después del login
+      return sendRedirect(event, '/')
+    } catch (error: any) {
+      console.error('Authentik OAuth error:', error)
+      return sendRedirect(event, '/error?message=auth_failed')
+    }
+  }
+
+  // Initial redirect to Authentik
+  const authorizationUrl = withQuery(
+    `${config.serverUrl}/application/o/authorize/`,
+    {
+      client_id: config.clientId,
+      redirect_uri: config.redirectURL,
+      response_type: 'code',
+      scope: config.scope.join(' '),
+    }
+  )
+
+  console.log('Redirecting to:', authorizationUrl)
+  return sendRedirect(event, authorizationUrl)
 })