diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml index 8a76b0c..878e316 100644 --- a/.gitea/workflows/build-and-deploy.yml +++ b/.gitea/workflows/build-and-deploy.yml @@ -37,6 +37,7 @@ jobs: NUXT_OAUTH_AUTHENTIK_CLIENT_ID: ${{ secrets.NUXT_OAUTH_AUTHENTIK_CLIENT_ID }} NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET: ${{ secrets.NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET }} NUXT_OAUTH_AUTHENTIK_SERVER_URL: ${{ vars.NUXT_OAUTH_AUTHENTIK_SERVER_URL }} + NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL: ${{ vars.NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL }} NUXT_OAUTH_AUTHENTIK_REDIRECT_URL: ${{ vars.NUXT_OAUTH_AUTHENTIK_REDIRECT_URL }} NUXT_PUBLIC_APP_URL: ${{ vars.NUXT_PUBLIC_APP_URL }} NUXT_SESSION_PASSWORD: ${{ secrets.NUXT_SESSION_PASSWORD }} diff --git a/docker-compose.yml b/docker-compose.yml index 38c09b1..c4d9c6a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,7 @@ services: - NUXT_OAUTH_AUTHENTIK_CLIENT_ID=${NUXT_OAUTH_AUTHENTIK_CLIENT_ID} - NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET=${NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET} - NUXT_OAUTH_AUTHENTIK_SERVER_URL=${NUXT_OAUTH_AUTHENTIK_SERVER_URL} + - NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL=${NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL} - NUXT_OAUTH_AUTHENTIK_REDIRECT_URL=${NUXT_OAUTH_AUTHENTIK_REDIRECT_URL} # Public URL - NUXT_PUBLIC_APP_URL=${NUXT_PUBLIC_APP_URL} diff --git a/nuxt4-app/nuxt.config.ts b/nuxt4-app/nuxt.config.ts index e63d2a4..73b072a 100644 --- a/nuxt4-app/nuxt.config.ts +++ b/nuxt4-app/nuxt.config.ts @@ -17,6 +17,7 @@ export default defineNuxtConfig({ clientId: process.env.NUXT_OAUTH_AUTHENTIK_CLIENT_ID || '', clientSecret: process.env.NUXT_OAUTH_AUTHENTIK_CLIENT_SECRET || '', serverUrl: process.env.NUXT_OAUTH_AUTHENTIK_SERVER_URL || '', + serverUrlInternal: process.env.NUXT_OAUTH_AUTHENTIK_SERVER_URL_INTERNAL || '', redirectURL: process.env.NUXT_OAUTH_AUTHENTIK_REDIRECT_URL || '' } }, diff --git a/nuxt4-app/server/api/auth/authentik.get.ts b/nuxt4-app/server/api/auth/authentik.get.ts index 646ac64..a874afa 100644 --- a/nuxt4-app/server/api/auth/authentik.get.ts +++ b/nuxt4-app/server/api/auth/authentik.get.ts @@ -16,12 +16,14 @@ export default defineEventHandler(async (event) => { clientId: runtimeConfig.oauth.authentik.clientId, clientSecret: runtimeConfig.oauth.authentik.clientSecret, serverUrl: runtimeConfig.oauth.authentik.serverUrl, + serverUrlInternal: runtimeConfig.oauth.authentik.serverUrlInternal || runtimeConfig.oauth.authentik.serverUrl, redirectURL: runtimeConfig.oauth.authentik.redirectURL, scope: ['openid', 'profile', 'email'], } console.log('OAuth Authentik - Iniciando flujo:', { serverUrl: config.serverUrl, + serverUrlInternal: config.serverUrlInternal, redirectURL: config.redirectURL, hasCode: !!query.code }) @@ -29,8 +31,8 @@ export default defineEventHandler(async (event) => { // Handle OAuth callback if (query.code) { try { - // Exchange code for tokens - const tokenUrl = `${config.serverUrl}/application/o/token/` + // Exchange code for tokens (usar URL interna para comunicaciĆ³n servidor-a-servidor) + const tokenUrl = `${config.serverUrlInternal}/application/o/token/` const tokenResponse = await $fetch(tokenUrl, { method: 'POST', headers: { @@ -47,8 +49,8 @@ export default defineEventHandler(async (event) => { const tokens = tokenResponse as any - // Get user info - const userInfoUrl = `${config.serverUrl}/application/o/userinfo/` + // Get user info (usar URL interna para comunicaciĆ³n servidor-a-servidor) + const userInfoUrl = `${config.serverUrlInternal}/application/o/userinfo/` const user = await $fetch(userInfoUrl, { headers: { Authorization: `Bearer ${tokens.access_token}`,