diff options
Diffstat (limited to 'app/api/auth/[...nextauth]/saml/provider.ts')
| -rw-r--r-- | app/api/auth/[...nextauth]/saml/provider.ts | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/app/api/auth/[...nextauth]/saml/provider.ts b/app/api/auth/[...nextauth]/saml/provider.ts new file mode 100644 index 00000000..92099be0 --- /dev/null +++ b/app/api/auth/[...nextauth]/saml/provider.ts @@ -0,0 +1,128 @@ +import CredentialsProvider from "next-auth/providers/credentials" +import { getOrCreateSAMLUser, validateSAMLUserData } from '@/lib/users/saml-service' + +interface SAMLProviderOptions { + id: string + name: string + idp: { + sso_login_url: string + sso_logout_url: string + certificates: string[] + } + sp: { + entity_id: string + private_key: string + certificate: string + assert_endpoint: string + } +} + +export function SAMLProvider(options: SAMLProviderOptions) { + return CredentialsProvider({ + id: options.id, + name: options.name, + credentials: { + user: { + label: "User Data", + type: "text" + } + }, + async authorize(credentials) { + try { + if (!credentials?.user) { + console.error('No user data provided') + return null + } + + console.log('๐ SAML Provider: Processing user data') + + // ์ฌ์ฉ์ ๋ฐ์ดํฐ ํ์ฑ (UTF-8 ์ฒ๋ฆฌ ๊ฐ์ ) + const userDataString = credentials.user + console.log('๐ค Raw user data string:', userDataString.substring(0, 200) + '...') + + const userData = JSON.parse(userDataString) + + // ํ์ฑ๋ ๋ฐ์ดํฐ์ UTF-8 ํ์ธ + console.log('๐ค Parsed user data UTF-8 check:', { + name: userData.name, + nameLength: userData.name?.length, + charCodes: userData.name ? [...userData.name].map(c => c.charCodeAt(0)) : [] + }) + + if (!userData.id || !userData.email) { + console.error('Invalid SAML user data:', userData) + return null + } + + console.log('โ
SAML Provider: User authenticated successfully', { + id: userData.id, + email: userData.email, + name: userData.name + }) + + // ๐ฅ SAML ์ฌ์ฉ์ ๋ฐ์ดํฐ ๊ฒ์ฆ + const isValidData = await validateSAMLUserData(userData) + if (!isValidData) { + console.error('Invalid SAML user data structure:', userData) + return null + } + + // ๐ฅ JIT (Just-In-Time) ์ฌ์ฉ์ ์์ฑ ๋๋ ์กฐํ + const dbUser = await getOrCreateSAMLUser({ + email: userData.email, + name: userData.name, + // companyId: userData.companyId, + // techCompanyId: userData.techCompanyId, + // ! domain = evcp ์ด๋ฉด vendor๊ฐ ๊ฐ๋ companyId, techCompanyId๋ null + companyId: undefined, + techCompanyId: undefined, + domain: userData.domain + }) + + if (!dbUser) { + console.error('Failed to get or create SAML user') + return null + } + + // DB์์ ๊ฐ์ ธ์จ ์ค์ ์ฌ์ฉ์ ์ ๋ณด ๋ฐํ + const userResult = { + id: String(dbUser.id), // DB์ ์ค์ ID + name: dbUser.name, // DB์ ์ค์ ์ด๋ฆ + email: dbUser.email, // DB์ ์ค์ ์ด๋ฉ์ผ + companyId: dbUser.companyId, // DB์ ์ค์ ํ์ฌ ID + techCompanyId: dbUser.techCompanyId, // DB์ ์ค์ ๊ธฐ์ ํ์ฌ ID + domain: dbUser.domain, // DB์ ์ค์ ๋๋ฉ์ธ + imageUrl: dbUser.imageUrl, // DB์ ์ค์ ์ด๋ฏธ์ง URL + } + + console.log('โ
SAML Provider: Returning user data to NextAuth:', userResult) + return userResult + } catch (error) { + console.error('โ SAML Provider: Authentication failed', error) + return null + } + } + }) +} + +// SAML ๋ก๊ทธ์ธ URL ์์ฑ ํฌํผ ํจ์ +export function getSAMLLoginUrl(options: SAMLProviderOptions): string { + const params = new URLSearchParams({ + SAMLRequest: 'placeholder', // ์ค์ ๋ก๋ createAuthnRequest()๋ก ์์ฑ + RelayState: options.sp.assert_endpoint, + }) + + return `${options.idp.sso_login_url}?${params.toString()}` +} + +// SAML ์ค์ ๊ฒ์ฆ +export function validateSAMLOptions(options: SAMLProviderOptions): boolean { + const required = [ + options.idp.sso_login_url, + options.sp.entity_id, + options.sp.assert_endpoint + ] + + return required.every(field => field && field.length > 0) +} +
\ No newline at end of file |