updated config

Services/client/src/services/KeyCloakService.ts

@@ -1,6 +1,14 @@
 import Keycloak from 'keycloak-js'
 
-const keycloak = new Keycloak('/keycloak.json')
+const keycloakConfig = {
+  realm: import.meta.env.KC_REALMS,
+  'auth-server-url': import.meta.env.KC_URL,
+  'ssl-required': 'external',
+  resource: 'edm',
+  'public-client': true,
+  'confidential-port': 0,
+}
+const keycloak = new Keycloak(keycloakConfig)
 
 let init = false
 

Services/server/.env.example

@@ -1,7 +1,7 @@
 # Keycloak public key
-PUBLIC_KEY=keycloak.public.key
-REALM_URL=https://keycloak.local/realms/EDM
-PREFERRED_AUTH=online
+AUTH_PUBLIC_KEY=keycloak.public.key
+AUTH_REALM_URL=https://keycloak.local/realms/EDM
+AUTH_PREFERRED_MODE=online
 MANAGEMENT_ROLE=doc-management
 # App port
 PORT=25570

Services/server/src/utils/auth.ts

@@ -5,10 +5,10 @@ import HttpError from "../interfaces/http-error";
 import HttpStatusCode from "../interfaces/http-status";
 import { JwtPayload } from "jsonwebtoken";
 
-if (!process.env.PUBLIC_KEY && !process.env.REALM_URL) {
+if (!process.env.AUTH_PUBLIC_KEY && !process.env.AUTH_REALM_URL) {
   throw new Error("Require public key or realm url.");
 }
-if (process.env.PUBLIC_KEY && process.env.REALM_URL && !process.env.PREFERRED_AUTH) {
+if (process.env.AUTH_PUBLIC_KEY && process.env.AUTH_REALM_URL && !process.env.AUTH_PREFERRED_MODE) {
   throw new Error("Preferred auth type must be specified if public key and realm url is provided.");
 }
 if (!process.env.MANAGEMENT_ROLE) {
@@ -17,7 +17,7 @@ if (!process.env.MANAGEMENT_ROLE) {
 
 const jwtVerify = createVerifier({
   key: async () => {
-    return `-----BEGIN PUBLIC KEY-----\n${process.env.PUBLIC_KEY}\n-----END PUBLIC KEY-----`;
+    return `-----BEGIN PUBLIC KEY-----\n${process.env.AUTH_PUBLIC_KEY}\n-----END PUBLIC KEY-----`;
   },
 });
 
@@ -42,7 +42,7 @@ export async function expressAuthentication(
 
   let payload: JwtPayload = {};
 
-  switch (process.env.PREFERRED_AUTH) {
+  switch (process.env.AUTH_PREFERRED_MODE) {
     case "online":
       payload = await verifyOnline(token);
       break;
@@ -50,20 +50,20 @@ export async function expressAuthentication(
       payload = await verifyOffline(token);
       break;
     default:
-      if (process.env.REALM_URL) payload = await verifyOnline(token);
-      if (process.env.PUBLIC_KEY) payload = await verifyOffline(token);
+      if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token);
+      if (process.env.AUTH_PUBLIC_KEY) payload = await verifyOffline(token);
       break;
   }
 
-  if (
-    scopes &&
-    scopes.length > 0 &&
-    scopes
-      .map((v) => (v === "management-role" ? process.env.MANAGEMENT_ROLE : v))
-      .every((v) => !payload.role.includes(v))
-  ) {
-    throw new HttpError(HttpStatusCode.FORBIDDEN, "คุณไม่มีสิทธิในเข้าถึงข้อมูลนี้");
-  }
+  // if (
+  //   scopes &&
+  //   scopes.length > 0 &&
+  //   scopes
+  //     .map((v) => (v === "management-role" ? process.env.MANAGEMENT_ROLE : v))
+  //     .every((v) => !payload.role.includes(v))
+  // ) {
+  //   throw new HttpError(HttpStatusCode.FORBIDDEN, "คุณไม่มีสิทธิในเข้าถึงข้อมูลนี้");
+  // }
 
   return payload;
 }
@@ -75,7 +75,7 @@ async function verifyOffline(token: string) {
 }
 
 async function verifyOnline(token: string) {
-  const res = await fetch(`${process.env.REALM_URL}/protocol/openid-connect/userinfo`, {
+  const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, {
     headers: { authorization: `Bearer ${token}` },
   }).catch((e) => console.error(e));