From 986d127c03d342142e4a10b57dcd09aaa9aab36f Mon Sep 17 00:00:00 2001 From: josedario87 Date: Sat, 11 Oct 2025 17:46:48 -0600 Subject: [PATCH] Refactor auth route to use defineEventHandler - Convert oauthAuthentikEventHandler wrapper to inline defineEventHandler - Add detailed logging for OAuth flow debugging - Follow Nuxt 4 server/routes/ convention - Should fix 404 error on /auth/authentik --- nuxt4-app/server/routes/auth/authentik.get.ts | 108 ++++++++++++++---- 1 file changed, 83 insertions(+), 25 deletions(-) diff --git a/nuxt4-app/server/routes/auth/authentik.get.ts b/nuxt4-app/server/routes/auth/authentik.get.ts index 130c7bd..022c08c 100644 --- a/nuxt4-app/server/routes/auth/authentik.get.ts +++ b/nuxt4-app/server/routes/auth/authentik.get.ts @@ -1,4 +1,6 @@ -import { oauthAuthentikEventHandler } from '../../utils/oauth-authentik' +import { getQuery } from 'h3' +import { withQuery } from 'ufo' +import { defu } from 'defu' /** * OAuth Authentik Login Handler @@ -6,30 +8,86 @@ import { oauthAuthentikEventHandler } from '../../utils/oauth-authentik' * * Este endpoint inicia el flujo OAuth con Authentik */ -export default oauthAuthentikEventHandler({ - config: { - emailRequired: true - }, - async onSuccess(event, { user, tokens }) { - // Guardar información del usuario en la sesión - await setUserSession(event, { - user: { - id: user.id, - email: user.email, - name: user.name || user.preferred_username, - username: user.preferred_username, - picture: user.picture, - groups: user.groups || [] - }, - loggedInAt: Date.now() - }) +export default defineEventHandler(async (event) => { + const runtimeConfig = useRuntimeConfig(event) + const query = getQuery(event) - // Redirigir al dashboard después del login - return sendRedirect(event, '/') - }, - - async onError(event, error) { - console.error('Authentik OAuth error:', error) - return sendRedirect(event, '/error?message=auth_failed') + // Configuración de Authentik + const config = { + clientId: runtimeConfig.oauth.authentik.clientId, + clientSecret: runtimeConfig.oauth.authentik.clientSecret, + serverUrl: runtimeConfig.oauth.authentik.serverUrl, + redirectURL: runtimeConfig.oauth.authentik.redirectURL, + scope: ['openid', 'profile', 'email'], } + + console.log('OAuth Authentik - Iniciando flujo:', { + serverUrl: config.serverUrl, + redirectURL: config.redirectURL, + hasCode: !!query.code + }) + + // Handle OAuth callback + if (query.code) { + try { + // Exchange code for tokens + const tokenUrl = `${config.serverUrl}/application/o/token/` + const tokenResponse = await $fetch(tokenUrl, { + method: 'POST', + headers: { + 'Content-Type': 'application/x-www-form-urlencoded', + }, + body: new URLSearchParams({ + grant_type: 'authorization_code', + client_id: config.clientId, + client_secret: config.clientSecret, + code: query.code as string, + redirect_uri: config.redirectURL, + }), + }) + + const tokens = tokenResponse as any + + // Get user info + const userInfoUrl = `${config.serverUrl}/application/o/userinfo/` + const user = await $fetch(userInfoUrl, { + headers: { + Authorization: `Bearer ${tokens.access_token}`, + }, + }) + + // Guardar información del usuario en la sesión + await setUserSession(event, { + user: { + id: (user as any).sub, + email: (user as any).email, + name: (user as any).name || (user as any).preferred_username, + username: (user as any).preferred_username, + picture: (user as any).picture, + groups: (user as any).groups || [] + }, + loggedInAt: Date.now() + }) + + // Redirigir al dashboard después del login + return sendRedirect(event, '/') + } catch (error: any) { + console.error('Authentik OAuth error:', error) + return sendRedirect(event, '/error?message=auth_failed') + } + } + + // Initial redirect to Authentik + const authorizationUrl = withQuery( + `${config.serverUrl}/application/o/authorize/`, + { + client_id: config.clientId, + redirect_uri: config.redirectURL, + response_type: 'code', + scope: config.scope.join(' '), + } + ) + + console.log('Redirecting to:', authorizationUrl) + return sendRedirect(event, authorizationUrl) })