core/Projektarbeit-MYP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Verbessere OAuth-Konfiguration mit explicit Redirect-URIs

Browse Source 
- Konfiguriere Redirect-URI für GitHub OAuth explizit
- Füge NEXT_PUBLIC_FRONTEND_URL für konsistente OAuth-Callbacks hinzu
- Verwende hostname in Redirect-URIs für bessere Kompatibilität
- Aktualisiere Scripts, um Frontend-URL in Umgebungsvariablen zu setzen
- Füge bessere Fehlerdiagnose für OAuth-Prozess hinzu

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Till Tomczak 2025-04-01 14:02:17 +02:00
parent a9a1bf52db
commit a7760a12ce
5 changed files with 56 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/reservation-platform/setup-backend-url.sh
View File

@ -39,6 +39,9 @@ cat > "$ENV_FILE" << EOL
# Backend API Konfiguration # Backend API Konfiguration
NEXT_PUBLIC_API_URL=${BACKEND_URL} NEXT_PUBLIC_API_URL=${BACKEND_URL}
# Frontend-URL für OAuth Callback
NEXT_PUBLIC_FRONTEND_URL=http://$(hostname):3000
# OAuth Konfiguration (falls nötig) # OAuth Konfiguration (falls nötig)
OAUTH_CLIENT_ID=client_id OAUTH_CLIENT_ID=client_id
OAUTH_CLIENT_SECRET=client_secret OAUTH_CLIENT_SECRET=client_secret

7
packages/reservation-platform/src/app/auth/login/callback/route.ts
View File

@ -34,7 +34,12 @@ export async function GET(request: Request): Promise<Response> {
} }
try { try {
const tokens = await github.validateAuthorizationCode(code); // Explizit die redirect_uri übergeben, um Konsistenz zu gewährleisten
const callbackUrl = new URL("/auth/login/callback", process.env.NEXT_PUBLIC_FRONTEND_URL || "http://localhost:3000").toString();
// Übergabe der redirect_uri bei der Token-Validierung
const tokens = await github.validateAuthorizationCode(code, callbackUrl);
const githubUserResponse = await fetch("https://git.i.mercedes-benz.com/api/v3/user", { const githubUserResponse = await fetch("https://git.i.mercedes-benz.com/api/v3/user", {
headers: { headers: {
Authorization: `Bearer ${tokens.accessToken}`, Authorization: `Bearer ${tokens.accessToken}`,

9
packages/reservation-platform/src/app/auth/login/route.ts
View File

@ -6,8 +6,13 @@ export const dynamic = "force-dynamic";
export async function GET(): Promise<Response> { export async function GET(): Promise<Response> {
const state = generateState(); const state = generateState();
// Explizit die redirect_uri übergeben, um Konsistenz zu gewährleisten
const callbackUrl = new URL("/auth/login/callback", process.env.NEXT_PUBLIC_FRONTEND_URL || "http://localhost:3000").toString();
const url = await github.createAuthorizationURL(state, { const url = await github.createAuthorizationURL(state, {
scopes: ["user"], scopes: ["user"],
redirectURI: callbackUrl,
}); });
const ONE_HOUR = 60 * 60; const ONE_HOUR = 60 * 60;
@ -19,5 +24,9 @@ export async function GET(): Promise<Response> {
sameSite: "lax", sameSite: "lax",
}); });
// Log zur Fehlersuche
console.log(`GitHub OAuth redirect zu: ${url.toString()}`);
console.log(`Verwendete Callback-URL: ${callbackUrl}`);
return Response.redirect(url); return Response.redirect(url);
} }

36
packages/reservation-platform/src/server/auth/oauth.ts
View File

@ -1,8 +1,38 @@
import { GitHub } from "arctic"; import { GitHub } from "arctic";
export const github = new GitHub(process.env.OAUTH_CLIENT_ID as string, process.env.OAUTH_CLIENT_SECRET as string, { // Bestimme die Callback-URL basierend auf der NEXT_PUBLIC_API_URL für das Backend
enterpriseDomain: "https://git.i.mercedes-benz.com", // und dem Standardport 3000 für das Frontend
}); const getCallbackUrl = () => {
// Extrahiere die Basis-URL (Hostname) aus der Backend-URL, falls vorhanden
let baseUrl = "http://localhost:3000";
try {
const apiUrlEnv = process.env.NEXT_PUBLIC_API_URL;
if (apiUrlEnv) {
// Wenn wir eine Backend-URL haben, extrahieren wir nur den Hostname-Teil für das Frontend
const apiUrl = new URL(apiUrlEnv);
const hostname = apiUrl.hostname;
// Verwende den Hostname, aber mit Frontend-Port 3000
baseUrl = `http://${hostname}:3000`;
}
} catch (error) {
console.error("Fehler beim Parsen der API-URL:", error);
// Fallback auf localhost
}
return `${baseUrl}/auth/login/callback`;
};
export const github = new GitHub(
process.env.OAUTH_CLIENT_ID as string,
process.env.OAUTH_CLIENT_SECRET as string,
{
enterpriseDomain: "https://git.i.mercedes-benz.com",
redirectURI: getCallbackUrl(),
}
);
export interface GitHubUserResult { export interface GitHubUserResult {
id: number; id: number;

5
raspi-frontend-deploy.sh
View File

@ -102,6 +102,9 @@ configure_backend_url() {
# Backend API Konfiguration # Backend API Konfiguration
NEXT_PUBLIC_API_URL=${backend_url} NEXT_PUBLIC_API_URL=${backend_url}
# Frontend-URL für OAuth Callback
NEXT_PUBLIC_FRONTEND_URL=http://$(hostname):3000
# OAuth Konfiguration (falls nötig) # OAuth Konfiguration (falls nötig)
OAUTH_CLIENT_ID=client_id OAUTH_CLIENT_ID=client_id
OAUTH_CLIENT_SECRET=client_secret OAUTH_CLIENT_SECRET=client_secret
@ -241,6 +244,7 @@ services:
container_name: ${CONTAINER_NAME} container_name: ${CONTAINER_NAME}
environment: environment:
- NEXT_PUBLIC_API_URL=${BACKEND_URL} - NEXT_PUBLIC_API_URL=${BACKEND_URL}
- NEXT_PUBLIC_FRONTEND_URL=http://$(hostname):3000
- OAUTH_CLIENT_ID=client_id - OAUTH_CLIENT_ID=client_id
- OAUTH_CLIENT_SECRET=client_secret - OAUTH_CLIENT_SECRET=client_secret
ports: ports:
@ -302,6 +306,7 @@ start_container_run() {
if ! docker run -d --name "$CONTAINER_NAME" \ if ! docker run -d --name "$CONTAINER_NAME" \
-p 3000:3000 \ -p 3000:3000 \
-e "NEXT_PUBLIC_API_URL=$BACKEND_URL" \ -e "NEXT_PUBLIC_API_URL=$BACKEND_URL" \
-e "NEXT_PUBLIC_FRONTEND_URL=http://$(hostname):3000" \
-e "OAUTH_CLIENT_ID=client_id" \ -e "OAUTH_CLIENT_ID=client_id" \
-e "OAUTH_CLIENT_SECRET=client_secret" \ -e "OAUTH_CLIENT_SECRET=client_secret" \
-v "$DB_VOLUME_DIR:/app/db" \ -v "$DB_VOLUME_DIR:/app/db" \