Refactoring

2026-03-01 22:00:28 +00:00
parent c0e2c4da45
commit 6b28cf751e
469 changed files with 26866 additions and 14768 deletions
--- a/keycloak-config.sh
+++ b/keycloak-config.sh
@@ -0,0 +1,208 @@
+#!/bin/bash
+
+# Script complet de configuration Keycloak
+
+KEYCLOAK_URL="http://localhost:8180"
+ADMIN_USER="admin"
+ADMIN_PASS="admin"
+REALM_NAME="unionflow"
+CLIENT_ID="unionflow-client"
+
+echo "🔧 Configuration automatique de Keycloak..."
+echo ""
+
+# Obtenir le token
+echo "1. Obtention du token admin..."
+TOKEN_RESPONSE=$(curl -s -X POST "$KEYCLOAK_URL/realms/master/protocol/openid-connect/token" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "username=$ADMIN_USER" \
+  -d "password=$ADMIN_PASS" \
+  -d "grant_type=password" \
+  -d "client_id=admin-cli")
+
+TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
+
+if [ -z "$TOKEN" ]; then
+    echo "❌ Impossible d'obtenir le token admin"
+    exit 1
+fi
+echo "✅ Token obtenu"
+
+# Créer le realm (ignore si existe déjà)
+echo ""
+echo "2. Création du realm..."
+curl -s -X POST "$KEYCLOAK_URL/admin/realms" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{\"realm\":\"$REALM_NAME\",\"enabled\":true,\"displayName\":\"UnionFlow\"}" > /dev/null 2>&1
+echo "✅ Realm vérifié"
+
+# Créer les rôles
+echo ""
+echo "3. Création des rôles..."
+curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/roles" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name":"SUPER_ADMIN","description":"Super admin"}' > /dev/null 2>&1
+
+curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/roles" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name":"ADMIN_ENTITE","description":"Admin entite"}' > /dev/null 2>&1
+
+curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/roles" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name":"MEMBRE","description":"Membre"}' > /dev/null 2>&1
+
+curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/roles" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name":"GESTIONNAIRE_MEMBRE","description":"Gestionnaire"}' > /dev/null 2>&1
+echo "✅ Rôles vérifiés"
+
+# Créer le client
+echo ""
+echo "4. Création du client..."
+curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/clients" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{\"clientId\":\"$CLIENT_ID\",\"enabled\":true,\"protocol\":\"openid-connect\",\"publicClient\":false,\"directAccessGrantsEnabled\":true,\"standardFlowEnabled\":true,\"implicitFlowEnabled\":false,\"rootUrl\":\"http://localhost:8086\",\"redirectUris\":[\"http://localhost:8086/*\"],\"webOrigins\":[\"http://localhost:8086\"],\"attributes\":{\"post.logout.redirect.uris\":\"http://localhost:8086/*\"}}" > /dev/null 2>&1
+echo "✅ Client vérifié"
+
+# Récupérer l'UUID du client
+echo ""
+echo "5. Récupération du client UUID..."
+curl -s -X GET "$KEYCLOAK_URL/admin/realms/$REALM_NAME/clients" \
+  -H "Authorization: Bearer $TOKEN" > clients_temp.json
+
+# Sauvegarder dans un fichier pour debug
+cat clients_temp.json > clients_debug.json
+
+# Extraire seulement l'entrée du client unionflow-client
+# On cherche la ligne complète qui contient notre client
+CLIENT_UUID=$(cat clients_temp.json | tr ',' '\n' | grep -A 10 "\"clientId\":\"$CLIENT_ID\"" | grep "\"id\":" | head -1 | grep -o '"[a-f0-9-]*"' | tr -d '"')
+
+if [ -z "$CLIENT_UUID" ]; then
+    echo "❌ Impossible de trouver le client UUID"
+    echo "Contenu du fichier (premiers 500 caractères):"
+    head -c 500 clients_debug.json
+    exit 1
+fi
+echo "✅ Client UUID: $CLIENT_UUID"
+
+# Récupérer le client secret
+echo ""
+echo "6. Récupération du client secret..."
+SECRET_JSON=$(curl -s -X GET "$KEYCLOAK_URL/admin/realms/$REALM_NAME/clients/$CLIENT_UUID/client-secret" \
+  -H "Authorization: Bearer $TOKEN")
+
+CLIENT_SECRET=$(echo "$SECRET_JSON" | grep -o '"value":"[^"]*' | cut -d'"' -f4)
+
+if [ -z "$CLIENT_SECRET" ]; then
+    echo "❌ Impossible de récupérer le client secret"
+    echo "Contenu reçu: $SECRET_JSON"
+    exit 1
+fi
+echo "✅ Client Secret: $CLIENT_SECRET"
+
+# Configurer le mapper de rôles
+echo ""
+echo "7. Configuration du mapper de rôles..."
+SCOPES_JSON=$(curl -s -X GET "$KEYCLOAK_URL/admin/realms/$REALM_NAME/clients/$CLIENT_UUID/default-client-scopes" \
+  -H "Authorization: Bearer $TOKEN")
+
+SCOPE_ID=$(echo "$SCOPES_JSON" | grep -o '"id":"[^"]*"' | grep -A5 "dedicated" | head -1 | cut -d'"' -f4)
+
+if [ -n "$SCOPE_ID" ]; then
+    curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/client-scopes/$SCOPE_ID/protocol-mappers/models" \
+      -H "Authorization: Bearer $TOKEN" \
+      -H "Content-Type: application/json" \
+      -d '{"name":"realm-roles","protocol":"openid-connect","protocolMapper":"oidc-usermodel-realm-role-mapper","config":{"multivalued":"true","userinfo.token.claim":"true","id.token.claim":"true","access.token.claim":"true","claim.name":"roles","jsonType.label":"String"}}' > /dev/null 2>&1
+    echo "✅ Mapper configuré"
+else
+    echo "⚠️  Scope non trouvé, mapper à configurer manuellement"
+fi
+
+# Créer l'utilisateur test
+echo ""
+echo "8. Création de l'utilisateur test..."
+curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/users" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"username":"test@unionflow.dev","email":"test@unionflow.dev","firstName":"Test","lastName":"User","enabled":true,"emailVerified":true}' > /dev/null 2>&1
+
+# Récupérer l'ID de l'utilisateur
+USER_JSON=$(curl -s -X GET "$KEYCLOAK_URL/admin/realms/$REALM_NAME/users?username=test@unionflow.dev" \
+  -H "Authorization: Bearer $TOKEN")
+
+USER_ID=$(echo "$USER_JSON" | grep -o '"id":"[^"]*' | head -1 | cut -d'"' -f4)
+
+if [ -n "$USER_ID" ]; then
+    # Définir le mot de passe
+    curl -s -X PUT "$KEYCLOAK_URL/admin/realms/$REALM_NAME/users/$USER_ID/reset-password" \
+      -H "Authorization: Bearer $TOKEN" \
+      -H "Content-Type: application/json" \
+      -d '{"type":"password","value":"test123","temporary":false}' > /dev/null 2>&1
+    echo "✅ Utilisateur créé (test@unionflow.dev / test123)"
+
+    # Récupérer et assigner les rôles
+    ROLES_JSON=$(curl -s -X GET "$KEYCLOAK_URL/admin/realms/$REALM_NAME/roles" \
+      -H "Authorization: Bearer $TOKEN")
+
+    ROLE_MEMBRE=$(echo "$ROLES_JSON" | grep -B2 '"name":"MEMBRE"' | grep '"id"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)
+    ROLE_ADMIN=$(echo "$ROLES_JSON" | grep -B2 '"name":"ADMIN_ENTITE"' | grep '"id"' | grep -o '"id":"[^"]*' | cut -d'"' -f4)
+
+    if [ -n "$ROLE_MEMBRE" ]; then
+        curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/users/$USER_ID/role-mappings/realm" \
+          -H "Authorization: Bearer $TOKEN" \
+          -H "Content-Type: application/json" \
+          -d "[{\"id\":\"$ROLE_MEMBRE\",\"name\":\"MEMBRE\"}]" > /dev/null 2>&1
+        echo "  ✅ Rôle MEMBRE assigné"
+    fi
+
+    if [ -n "$ROLE_ADMIN" ]; then
+        curl -s -X POST "$KEYCLOAK_URL/admin/realms/$REALM_NAME/users/$USER_ID/role-mappings/realm" \
+          -H "Authorization: Bearer $TOKEN" \
+          -H "Content-Type: application/json" \
+          -d "[{\"id\":\"$ROLE_ADMIN\",\"name\":\"ADMIN_ENTITE\"}]" > /dev/null 2>&1
+        echo "  ✅ Rôle ADMIN_ENTITE assigné"
+    fi
+else
+    echo "⚠️  Utilisateur non trouvé"
+fi
+
+# Sauvegarder dans .env
+echo ""
+echo "9. Sauvegarde de la configuration..."
+cat > .env << EOF
+# Configuration Keycloak générée automatiquement
+# Date: $(date)
+
+KEYCLOAK_CLIENT_SECRET=$CLIENT_SECRET
+UNIONFLOW_BACKEND_URL=http://localhost:8085
+
+# Informations de connexion pour tests
+# Username: test@unionflow.dev
+# Password: test123
+EOF
+
+echo "✅ Fichier .env créé"
+
+# Résumé
+echo ""
+echo "========================================================"
+echo "✅ Configuration terminée avec succès!"
+echo "========================================================"
+echo ""
+echo "📋 Résumé:"
+echo "   - Realm: $REALM_NAME"
+echo "   - Client ID: $CLIENT_ID"
+echo "   - Client Secret: $CLIENT_SECRET"
+echo "   - Utilisateur: test@unionflow.dev / test123"
+echo ""
+echo "🚀 Prochaines étapes:"
+echo "   1. Lancez: ./start-local.sh (ou start-local.bat)"
+echo "   2. Accédez à: http://localhost:8086"
+echo "   3. Connectez-vous avec test@unionflow.dev / test123"
+echo ""