third commit

2026-04-07 17:54:00 +02:00
parent 23fb1ce7ad
commit 63558973ff
51 changed files with 905 additions and 0 deletions
--- a/module/src/lib/keycloak.module.ts
+++ b/module/src/lib/keycloak.module.ts
@@ -0,0 +1,67 @@
+import { Module } from '@nestjs/common';
+import { AuthGuard, ResourceGuard, RoleGuard } from 'nest-keycloak-connect';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import {
+  KeycloakConnectModule,
+  PolicyEnforcementMode,
+  TokenValidation,
+} from 'nest-keycloak-connect';
+import { KeycloakConfigKeys } from '@appweb/shared';
+import { APP_GUARD } from '@nestjs/core';
+
+@Module({
+  imports: [
+    KeycloakConnectModule.registerAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: async (config: ConfigService) => {
+        console.debug('URL: ', KeycloakConfigKeys.BASE_URL);
+        console.debug('CLIENT_ID: ', KeycloakConfigKeys.CLIENT_ID);
+        console.debug('REALM: ', KeycloakConfigKeys.REALM);
+        console.debug('CLIENT_SECRET: ', KeycloakConfigKeys.CLIENT_SECRET);
+        // Recuperiamo i valori assicurandoci che non siano undefined
+        const authServerUrl = config.get<string>(KeycloakConfigKeys.BASE_URL);
+        const realm = config.get<string>(KeycloakConfigKeys.REALM);
+        const clientId = config.get<string>(KeycloakConfigKeys.CLIENT_ID);
+        const secret = config.get<string>(KeycloakConfigKeys.CLIENT_SECRET);
+
+        console.debug('authServerUrl: ', authServerUrl);
+        console.debug('realm: ', realm);
+        console.debug('clientId: ', clientId);
+        console.debug('secret: ', secret);
+
+        // Se mancano, NestJS lancerà un errore chiaro all'avvio
+        if (!authServerUrl || !realm || !clientId || !secret) {
+          throw new Error("Mancano variabili d'ambiente critiche per Keycloak");
+        }
+
+        return {
+          authServerUrl,
+          realm,
+          clientId,
+          secret,
+          // Aggiungi queste se necessario per completare il tipo richiesto
+          policyEnforcement: PolicyEnforcementMode.PERMISSIVE,
+          tokenValidation: TokenValidation.ONLINE,
+        };
+      },
+    }),
+  ],
+  providers: [
+    // Registriamo i Guard qui dentro!
+    {
+      provide: APP_GUARD,
+      useClass: AuthGuard,
+    },
+    {
+      provide: APP_GUARD,
+      useClass: ResourceGuard,
+    },
+    {
+      provide: APP_GUARD,
+      useClass: RoleGuard,
+    },
+  ],
+  exports: [KeycloakConnectModule],
+})
+export class KeycloakModule {}