fix: return proper token response from casdoor-callback API route + remove hardcoded secret

This commit is contained in:
2026-06-30 01:14:42 +02:00
parent 4951f7f9e2
commit 03e0d5dc60
8 changed files with 146 additions and 60 deletions
+30
View File
@@ -0,0 +1,30 @@
export const handler = async () => {
const results = {};
try {
results.step1 = "started";
results.hasSecret = !!process.env.CASDOOR_CLIENT_SECRET;
results.hasClientId = !!process.env.NEXT_PUBLIC_CASDOOR_CLIENT_ID;
const r = await fetch("https://auth.falahos.my/api/login/oauth/access_token", {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
grant_type: "authorization_code",
client_id: process.env.NEXT_PUBLIC_CASDOOR_CLIENT_ID || "",
client_secret: process.env.CASDOOR_CLIENT_SECRET || "",
code: "test",
redirect_uri: process.env.NEXT_PUBLIC_CASDOOR_REDIRECT_URI || "",
}),
});
results.tokenStatus = r.status;
results.tokenBody = await r.text();
} catch (e) {
results.error = e.message;
results.errorStack = e.stack?.substring(0, 200);
}
return {
statusCode: 200,
headers: { "Content-Type": "application/json" },
body: JSON.stringify(results),
};
};