85 lines
1.8 KiB
TypeScript
85 lines
1.8 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { gql, GraphQLClient } from 'graphql-request';
|
|
|
|
const LOGIN_MUTATION = gql`
|
|
mutation Login($username: String!, $password: String!) {
|
|
login(input: { username: $username, password: $password }) {
|
|
token
|
|
}
|
|
}
|
|
`
|
|
|
|
const GET_USER_QUERY = gql`
|
|
query GetUser {
|
|
currentUser {
|
|
id
|
|
username
|
|
email
|
|
}
|
|
}
|
|
`
|
|
|
|
const GET_PERMISSION_PAIRS = gql`
|
|
query GetPermissionPairs {
|
|
getUserPermissions {
|
|
resource
|
|
action
|
|
}
|
|
}
|
|
`
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const body = await request.json();
|
|
|
|
const jwt = body.jwt;
|
|
|
|
const client = new GraphQLClient(process.env.GRAPHQL_BACKEND_URL || 'http://localhost:3050/graphql', {
|
|
headers: {
|
|
'Authorization': `Bearer ${jwt}`
|
|
}
|
|
});
|
|
|
|
await client.request(GET_USER_QUERY);
|
|
const permissionPairs = await client.request(GET_PERMISSION_PAIRS);
|
|
const res = NextResponse.json({ ok: true, token: jwt, permissionPairs })
|
|
|
|
res.cookies.set('jwt', jwt, {
|
|
httpOnly: true,
|
|
secure: true,
|
|
sameSite: 'lax',
|
|
path: '/',
|
|
maxAge: 60 * 60 * 24, // 1d
|
|
})
|
|
return res
|
|
|
|
|
|
} catch (error) {
|
|
|
|
console.error('Login error:', error);
|
|
const res = NextResponse.json(
|
|
{
|
|
error: 'Internal server error',
|
|
message: error instanceof Error ? error.message : 'Unknown error'
|
|
},
|
|
{ status: 500 }
|
|
);
|
|
|
|
res.cookies.delete('jwt');
|
|
return res;
|
|
}
|
|
}
|
|
|
|
export async function GET(request: NextRequest) {
|
|
return NextResponse.json({
|
|
message: 'BFF endpoint - use POST for GraphQL queries',
|
|
usage: {
|
|
method: 'POST',
|
|
body: {
|
|
query: 'GraphQL query string',
|
|
variables: 'Query variables object (optional)',
|
|
operationName: 'Operation name (optional)'
|
|
}
|
|
}
|
|
});
|
|
} |