feat: FusionAuth

.env.local.example

@@ -1,5 +1,8 @@
 REVALIDATION_SECRET_TOKEN=
 
+# Hostname of this web application
+HOST=https://{frontendHost}
+
 # Hostname of backend storing user configurations (from browser)
 NEXT_PUBLIC_CONFIG_HOST=https://{backendHost}
 # When running rezervo-web in Docker
@@ -10,23 +13,7 @@ INTERNAL_CONFIG_HOST=https://{backendHost}
 # When running rezervo-web in Docker
 #INTERNAL_CONFIG_HOST=http://host.docker.internal:{backendPort}
 
-# A long secret value used to encrypt the session cookie (use 'openssl rand -hex 32' to generate a 32 bytes value)
-AUTH0_SECRET={yourAuth0Secret}
-
-# The base URL of your application.
-AUTH0_BASE_URL=https://{baseHost}
-
-# The URL of your Auth0 tenant domain
-AUTH0_ISSUER_BASE_URL=https://{yourTenant}.eu.auth0.com
-
-# Your Auth0 application's Client ID
-AUTH0_CLIENT_ID={yourClientId}
-
-# Your Auth0 application's Client Secret
-AUTH0_CLIENT_SECRET={yourClientSecret}
-
-# Your Auth0 application's Audience
-AUTH0_AUDIENCE={yourAudience}
-
-# Your VAPID public key for push notifications
-WEB_PUSH_PUBLIC_KEY={yourVapidPublicKey}
+# FusionAuth
+FUSIONAUTH_URL=
+FUSIONAUTH_CLIENT_ID=
+FUSIONAUTH_CLIENT_SECRET=

.env.production

@@ -3,9 +3,7 @@
 NEXT_PUBLIC_CONFIG_HOST=https://fa-api.rezervo.no
 
 # FusionAuth dummy values
-NEXT_PUBLIC_FUSIONAUTH_URL=https://auth.example.org
+FUSIONAUTH_URL=https://auth.example.org
 HOST=https://example.org
-FUSIONAUTH_ISSUER=example.org
-NEXT_PUBLIC_FUSIONAUTH_CLIENT_ID=0b8198f8-ab69-448b-a878-750ea7c9d9e4
+FUSIONAUTH_CLIENT_ID=0b8198f8-ab69-448b-a878-750ea7c9d9e4
 FUSIONAUTH_CLIENT_SECRET=exampleexampleexampleexampleexampleexampleexample
-FUSIONAUTH_TENANT_ID=43ebd302-eb4c-4e08-9e5b-caa30c86ca8f

next.config.mjs

@@ -8,7 +8,8 @@ const withSerwist = withSerwistInit({
 export default withSerwist({
   reactStrictMode: true,
   staticPageGenerationTimeout: 120,
-  output: process.env.BUILD_STANDALONE === "true" ? "standalone" : undefined,
+  output:
+    global.process.env.BUILD_STANDALONE === "true" ? "standalone" : undefined,
   async redirects() {
     return [
       {
@@ -29,7 +30,8 @@ export default withSerwist({
     remotePatterns: [
       {
         protocol: "https",
-        hostname: new URL(process.env["NEXT_PUBLIC_CONFIG_HOST"]).hostname,
+        hostname: new URL(global.process.env["NEXT_PUBLIC_CONFIG_HOST"])
+          .hostname,
       },
       {
         protocol: "https",

package.json

@@ -28,13 +28,15 @@
         "@mui/x-date-pickers": "^7.23.3",
         "@serwist/next": "^9.0.11",
         "js-cookie": "^3.0.5",
+        "jwt-decode": "^4.0.0",
         "luxon": "^3.5.0",
         "next": "14.2.2",
         "nuqs": "^2.2.3",
         "react": "^18.2.0",
         "react-device-detect": "^2.2.3",
         "react-dom": "^18.2.0",
         "react-dropzone": "^14.3.5",
+        "react-oauth2-code-pkce": "^1.22.2",
         "react-snowfall": "^2.2.0",
         "react-swipeable-views": "^0.14.0",
         "sharp": "^0.33.5",

src/app/api/auth/config/route.ts

@@ -0,0 +1,11 @@
+import { requireServerEnv } from "@/lib/helpers/env";
+
+export const GET = () => {
+    return Response.json({
+        clientId: requireServerEnv("FUSIONAUTH_CLIENT_ID"),
+        authorizationEndpoint: `${requireServerEnv("FUSIONAUTH_URL")}/oauth2/authorize`,
+        logoutEndpoint: `${requireServerEnv("FUSIONAUTH_URL")}/oauth2/logout`,
+        logoutRedirect: requireServerEnv("HOST"),
+        redirectUri: requireServerEnv("HOST"),
+    });
+};

src/app/api/auth/token/route.ts

@@ -0,0 +1,11 @@
+import { requireServerEnv } from "@/lib/helpers/env";
+
+export const POST = async (req: Request) => {
+    const data = await req.formData();
+    data.set("client_secret", requireServerEnv("FUSIONAUTH_CLIENT_SECRET"));
+    const res = await fetch(`${requireServerEnv("FUSIONAUTH_URL")}/oauth2/token`, {
+        method: "POST",
+        body: data,
+    });
+    return Response.json(await res.json());
+};

src/app/api/revalidate/route.ts

@@ -1,12 +1,13 @@
 import { revalidatePath } from "next/cache";
 import { NextRequest } from "next/server";
 
+import { requireServerEnv } from "@/lib/helpers/env";
 import { fetchActiveChains } from "@/lib/helpers/fetchers";
 
 export const GET = async (req: NextRequest) => {
     const secret = req.nextUrl.searchParams.get("secret");
 
-    if (secret !== process.env["REVALIDATION_SECRET_TOKEN"]) {
+    if (secret !== requireServerEnv("REVALIDATION_SECRET_TOKEN")) {
         return Response.json({ message: "Invalid secret" }, { status: 401 });
     }
 

src/app/layout.tsx

@@ -1,5 +1,4 @@
 "use client";
-import { UserProvider } from "@auth0/nextjs-auth0/client";
 import { CssBaseline, ThemeProvider } from "@mui/material";
 import InitColorSchemeScript from "@mui/material/InitColorSchemeScript";
 import { Roboto } from "next/font/google";
@@ -21,11 +20,9 @@ export default function RootLayout({ children }: { children: React.ReactNode })
 
             <ThemeProvider theme={theme} defaultMode={"system"}>
                 <CssBaseline enableColorScheme />
-                <UserProvider>
-                    <NuqsAdapter>
-                        <body>{children}</body>
-                    </NuqsAdapter>
-                </UserProvider>
+                <NuqsAdapter>
+                    <body>{children}</body>
+                </NuqsAdapter>
             </ThemeProvider>
         </html>
     );