diff --git a/sso.js b/sso.js index 646d9c0..abff4fe 100644 --- a/sso.js +++ b/sso.js @@ -85,65 +85,76 @@ app.post("/api/v1/sso/kcauth", async (req, res) => { const cookies = req.cookies; const tokenSSO = cookies[cookieName]; + const oldssotoken = cookies['oldssotoken']; - let decodedToken = ""; - if (useBMA) { - decodedToken = jwt.decode(tokenSSO); + if (tokenSSO !== oldssotoken) { + + let decodedToken = ""; + if (useBMA) { + decodedToken = jwt.decode(tokenSSO); + } else { + decodedToken = jwt.verify(tokenSSO, publicKeyLanding); + } + + let d = JSON.parse(JSON.stringify(decodedToken)); + // console.log("==== username from cookies ====", d); + const username = d.username; + + // create body for admin token + let body = { + client_id: clientId, + client_secret: clientSecret, + grant_type: "client_credentials", + }; + + const postData = querystring.stringify(body); + + // get admin token + const response = await axios.post(urlKeycloakToken, postData, { + headers: { + "Content-Type": "application/x-www-form-urlencoded", + }, + }); + // console.log("==== admin token ===="); + const adminToken = response.data.access_token; + // console.log(adminToken); + + // create body for user token + let body2 = { + client_id: clientId, + client_secret: clientSecret, + grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", + subject_token: adminToken, + requested_token_type: "urn:ietf:params:oauth:token-type:refresh_token", + audience: clientId, + requested_subject: username, + }; + + const postData2 = querystring.stringify(body2); + // console.log("==== postData2 ===="); + // console.log(body2); + + // get admin token + const tokenResponse = await axios.post(urlKeycloakToken, postData2, { + headers: { + "Content-Type": "application/x-www-form-urlencoded", + }, + }); + + // console.log("==== user token ===="); + // console.log(tokenResponse.data); + // await postLog('เข้าสู่ระบบ', tokenResponse.data.access_token); + res.cookie('oldssotoken', tokenSSO, { + maxAge: 1000 * 60 * 60 * 24, // กำหนด timeout หน่วยเป็น millisecond + path: "/", + httpOnly: true, + }); + + res.status(200).send(tokenResponse.data); } else { - decodedToken = jwt.verify(tokenSSO, publicKeyLanding); + res.status(200).send({ isLogin: true }); } - let d = JSON.parse(JSON.stringify(decodedToken)); - // console.log("==== username from cookies ====", d); - const username = d.username; - - // create body for admin token - let body = { - client_id: clientId, - client_secret: clientSecret, - grant_type: "client_credentials", - }; - - const postData = querystring.stringify(body); - - // get admin token - const response = await axios.post(urlKeycloakToken, postData, { - headers: { - "Content-Type": "application/x-www-form-urlencoded", - }, - }); - // console.log("==== admin token ===="); - const adminToken = response.data.access_token; - // console.log(adminToken); - - // create body for user token - let body2 = { - client_id: clientId, - client_secret: clientSecret, - grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", - subject_token: adminToken, - requested_token_type: "urn:ietf:params:oauth:token-type:refresh_token", - audience: clientId, - requested_subject: username, - }; - - const postData2 = querystring.stringify(body2); - // console.log("==== postData2 ===="); - // console.log(body2); - - // get admin token - const tokenResponse = await axios.post(urlKeycloakToken, postData2, { - headers: { - "Content-Type": "application/x-www-form-urlencoded", - }, - }); - - // console.log("==== user token ===="); - // console.log(tokenResponse.data); - // await postLog('เข้าสู่ระบบ', tokenResponse.data.access_token); - - res.status(200).send(tokenResponse.data); - } catch (error) { // console.log("error===>", error);