Files
Job-Info-Prod/frontend/public/auth.js
T

182 lines
5.1 KiB
JavaScript

// PocketBase auth bootstrap shared by pages
(function (global) {
const pb = new PocketBase('https://pocketbase.ccllc.pro');
const GRAPH_TOKEN_KEY = 'graphAccessToken';
const USER_ID_KEY = 'userId';
function authHeaders() {
if (pb.authStore.isValid && pb.authStore.token) {
return { Authorization: `Bearer ${pb.authStore.token}` };
}
return {};
}
function getDisplayName() {
const model = pb.authStore.model || {};
return (
model.display_name ||
model.name ||
model.email ||
model.username ||
'Unknown'
);
}
function getEmail() {
const model = pb.authStore.model || {};
return model.email || model.username || null;
}
function getUserId() {
return pb.authStore.model?.id || localStorage.getItem(USER_ID_KEY) || null;
}
// Get Graph token - first from localStorage, then try to refresh from backend
async function getGraphToken() {
// First check localStorage
let token = localStorage.getItem(GRAPH_TOKEN_KEY);
// If we have a valid PB session but no graph token, try to get from backend
if (!token && pb.authStore.isValid) {
try {
const response = await fetch('/api/auth/refresh-token?type=graph', {
headers: authHeaders()
});
if (response.ok) {
const data = await response.json();
if (data.token) {
token = data.token;
localStorage.setItem(GRAPH_TOKEN_KEY, token);
console.log('[Auth] Got Graph token from backend cache');
}
}
} catch (err) {
console.warn('[Auth] Could not get Graph token from backend:', err);
}
}
return token;
}
// Synchronous version for backwards compatibility
function getGraphTokenSync() {
return localStorage.getItem(GRAPH_TOKEN_KEY);
}
async function ensureAuth() {
if (pb.authStore.isValid) {
// Try to refresh tokens from backend on page load
try {
await refreshTokensFromBackend();
} catch (err) {
console.warn('[Auth] Token refresh failed:', err);
}
return true;
}
const path = new URL(window.location.href).pathname;
if (!path.endsWith('signin.html')) {
window.location.href = 'signin.html';
}
return false;
}
// Refresh tokens from backend cache
async function refreshTokensFromBackend() {
if (!pb.authStore.isValid) return;
const userId = getUserId();
if (!userId) return;
try {
// Get fresh Graph token from backend
const response = await fetch('/api/auth/refresh-token?type=graph', {
headers: authHeaders()
});
if (response.ok) {
const data = await response.json();
if (data.token) {
localStorage.setItem(GRAPH_TOKEN_KEY, data.token);
console.log('[Auth] Refreshed Graph token from backend, source:', data.source);
}
} else if (response.status === 401) {
// Token expired or invalid in backend, but we might still have a valid PB session
// Try to re-store our current tokens
console.log('[Auth] Backend token expired, attempting to re-store');
await restoreTokensToBackend();
}
} catch (err) {
console.warn('[Auth] Token refresh error:', err);
}
}
// Re-store tokens to backend (in case backend cache was cleared)
async function restoreTokensToBackend() {
if (!pb.authStore.isValid) return;
try {
// Refresh PocketBase auth to potentially get a new Graph token
const authData = await pb.collection('users').authRefresh();
const graphToken = extractGraphToken(authData) || localStorage.getItem(GRAPH_TOKEN_KEY);
if (graphToken) {
const response = await fetch('/api/auth/login-callback', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
...authHeaders()
},
body: JSON.stringify({
pbToken: pb.authStore.token,
graphToken: graphToken,
refreshTokenPb: '',
refreshTokenGraph: authData?.meta?.refreshToken || '',
user: {
id: pb.authStore.model?.id,
email: pb.authStore.model?.email,
name: pb.authStore.model?.name || pb.authStore.model?.display_name
}
})
});
if (response.ok) {
console.log('[Auth] Re-stored tokens in backend');
}
}
} catch (err) {
console.warn('[Auth] Failed to re-store tokens:', err);
}
}
function extractGraphToken(authData) {
return (
authData?.meta?.graphAccessToken ||
authData?.meta?.graph_token ||
authData?.meta?.graphToken ||
authData?.meta?.accessToken ||
authData?.meta?.access_token ||
authData?.meta?.token ||
authData?.meta?.rawToken ||
authData?.meta?.authData?.access_token ||
''
);
}
global.Auth = {
pb,
authHeaders,
ensureAuth,
getDisplayName,
getEmail,
getUserId,
getGraphToken,
getGraphTokenSync,
refreshTokensFromBackend,
restoreTokensToBackend,
extractGraphToken,
GRAPH_TOKEN_KEY,
USER_ID_KEY
};
})(window);