feat: rewrite frontend auth — roles from org store, Logto org role names
Replace ID-token claim reads with org store lookups in useAuth and usePermissions; add currentOrgRoles to useOrgStore; update role names to Logto org role conventions (admin/member); remove username from Layout (no longer derived from token claims). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -1,35 +1,11 @@
|
||||
import { useLogto } from '@logto/react';
|
||||
import { useState, useEffect, useCallback } from 'react';
|
||||
import { useCallback } from 'react';
|
||||
import { useOrgStore } from './useOrganization';
|
||||
|
||||
interface IdTokenClaims {
|
||||
sub?: string;
|
||||
email?: string;
|
||||
name?: string;
|
||||
username?: string;
|
||||
roles?: string[];
|
||||
organization_id?: string;
|
||||
[key: string]: unknown;
|
||||
}
|
||||
|
||||
export function useAuth() {
|
||||
const { isAuthenticated, isLoading, getIdTokenClaims, signOut, signIn } = useLogto();
|
||||
const [claims, setClaims] = useState<IdTokenClaims | null>(null);
|
||||
const { isAuthenticated, isLoading, signOut, signIn } = useLogto();
|
||||
const { currentTenantId, isPlatformAdmin } = useOrgStore();
|
||||
|
||||
useEffect(() => {
|
||||
if (isAuthenticated) {
|
||||
getIdTokenClaims().then((c) => setClaims(c as IdTokenClaims));
|
||||
} else {
|
||||
setClaims(null);
|
||||
}
|
||||
}, [isAuthenticated, getIdTokenClaims]);
|
||||
|
||||
const username = claims?.username ?? claims?.name ?? claims?.email ?? claims?.sub ?? null;
|
||||
const roles = (claims?.roles as string[]) ?? [];
|
||||
// tenantId is the DB UUID from the org store (set by OrgResolver after /api/me)
|
||||
const tenantId = currentTenantId;
|
||||
|
||||
const logout = useCallback(() => {
|
||||
signOut(window.location.origin + '/login');
|
||||
}, [signOut]);
|
||||
@@ -37,9 +13,7 @@ export function useAuth() {
|
||||
return {
|
||||
isAuthenticated,
|
||||
isLoading,
|
||||
username,
|
||||
roles,
|
||||
tenantId,
|
||||
tenantId: currentTenantId,
|
||||
isPlatformAdmin,
|
||||
logout,
|
||||
signIn,
|
||||
|
||||
@@ -10,16 +10,19 @@ export interface OrgInfo {
|
||||
interface OrgState {
|
||||
currentOrgId: string | null; // Logto org ID — used for getAccessToken(resource, orgId)
|
||||
currentTenantId: string | null; // DB UUID — used for API calls like /api/tenants/{id}
|
||||
currentOrgRoles: string[] | null; // Logto org roles for the current org (e.g. 'admin', 'member')
|
||||
organizations: OrgInfo[];
|
||||
isPlatformAdmin: boolean;
|
||||
setCurrentOrg: (orgId: string | null) => void;
|
||||
setOrganizations: (orgs: OrgInfo[]) => void;
|
||||
setIsPlatformAdmin: (value: boolean) => void;
|
||||
setCurrentOrgRoles: (roles: string[] | null) => void;
|
||||
}
|
||||
|
||||
export const useOrgStore = create<OrgState>((set, get) => ({
|
||||
currentOrgId: null,
|
||||
currentTenantId: null,
|
||||
currentOrgRoles: null,
|
||||
organizations: [],
|
||||
isPlatformAdmin: false,
|
||||
setCurrentOrg: (orgId) => {
|
||||
@@ -36,4 +39,5 @@ export const useOrgStore = create<OrgState>((set, get) => ({
|
||||
});
|
||||
},
|
||||
setIsPlatformAdmin: (value) => set({ isPlatformAdmin: value }),
|
||||
setCurrentOrgRoles: (roles) => set({ currentOrgRoles: roles }),
|
||||
}));
|
||||
|
||||
Reference in New Issue
Block a user