add Keycloak, add better canvas

2025-08-21 15:26:35 +02:00
parent 126b2f96f8
commit d5f8de1e4c
14 changed files with 1268 additions and 77 deletions
--- a/server/keycloak.ts
+++ b/server/keycloak.ts
@@ -0,0 +1,56 @@
+
+import Keycloak from 'keycloak-connect';
+import session from 'express-session';
+import { type Express } from 'express';
+
+interface KeycloakConfig {
+  realm: string;
+  'auth-server-url': string;
+  'ssl-required': string;
+  resource: string;
+  'public-client': boolean;
+  'confidential-port': number;
+}
+
+// Keycloak Konfiguration aus Umgebungsvariablen oder Standard
+const keycloakConfig: KeycloakConfig = {
+  realm: process.env.KEYCLOAK_REALM || 'rplace',
+  'auth-server-url': process.env.KEYCLOAK_AUTH_URL || 'http://localhost:8080/auth',
+  'ssl-required': 'external',
+  resource: process.env.KEYCLOAK_CLIENT_ID || 'rplace-client',
+  'public-client': true,
+  'confidential-port': 0,
+};
+
+// Session Store für Keycloak
+const memoryStore = session.MemoryStore ? new session.MemoryStore() : undefined;
+
+export function setupKeycloak(app: Express) {
+  // Session Middleware
+  const sessionConfig = {
+    secret: process.env.SESSION_SECRET || 'rplace-secret-key',
+    resave: false,
+    saveUninitialized: true,
+    store: memoryStore,
+    cookie: {
+      secure: process.env.NODE_ENV === 'production',
+      httpOnly: true,
+      maxAge: 24 * 60 * 60 * 1000, // 24 Stunden
+    },
+  };
+
+  app.use(session(sessionConfig));
+
+  // Keycloak initialisieren
+  const keycloak = new Keycloak({ store: memoryStore }, keycloakConfig);
+
+  // Keycloak Middleware
+  app.use(keycloak.middleware({
+    logout: '/logout',
+    admin: '/',
+  }));
+
+  return keycloak;
+}
+
+export { keycloakConfig };