chore: WIP uilisant d'un CSRF global à l'appli

Front-End/src/pages/api/auth/[...nextauth].js

@@ -0,0 +1,79 @@
+import NextAuth from 'next-auth';
+import CredentialsProvider from 'next-auth/providers/credentials';
+import jwt from 'jsonwebtoken';
+import { csrfMiddleware } from '@/csrfMiddleware'; // Importez le middleware csrfMiddleware
+
+const options = {
+  providers: [
+    CredentialsProvider({
+      name: 'Credentials',
+      credentials: {
+        email: { label: 'Email', type: 'email' },
+        password: { label: 'Password', type: 'password' }
+      },
+      authorize: (credentials, req) => {
+        console.log('Credentials:', credentials); // Vérifiez si ce log s'affiche
+
+        // Utilisez le token CSRF injecté par le middleware
+        const csrfToken = req.csrfToken;
+        console.log("data to send : ", JSON.stringify({
+          email: credentials.email,
+          password: credentials.password
+        }), "csrfToken : ", csrfToken);
+
+        return fetch(`${process.env.NEXT_PUBLIC_API_URL}/Auth/login`, {
+          method: 'POST',
+          headers: { 
+            'Content-Type': 'application/json',
+            'X-CSRFToken': csrfToken // Utiliser le token CSRF ici
+          },
+          body: JSON.stringify({
+            email: credentials.email,
+            password: credentials.password
+          }),
+          credentials: 'include'
+        })
+        .then(response => response.text())
+        .then(text => {
+          console.log('Response Text:', text); // Loggez la réponse
+          const user = JSON.parse(text); // Parsez la réponse en JSON
+
+          if (response.ok && user) {
+            return user;
+          } else {
+            throw new Error(user.errorMessage || 'Invalid credentials');
+          }
+        })
+        .catch(error => {
+          console.error('Error during authentication:', error);
+          throw new Error('Authentication failed');
+        });
+      }
+    })
+  ],
+  session: {
+    jwt: true
+  },
+  callbacks: {
+    async jwt(token, user) {
+      if (user) {
+        token.id = user.id;
+        token.email = user.email;
+        token.role = user.role;
+      }
+      return token;
+    },
+    async session(session, token) {
+      session.user.id = token.id;
+      session.user.email = token.email;
+      session.user.role = token.role;
+      return session;
+    }
+  },
+  pages: {
+    signIn: '/[locale]/users/login'
+  },
+  csrf: false // Désactiver la gestion CSRF de NextAuth.js
+};
+
+export default csrfMiddleware((req, res) => NextAuth(req, res, options));

Front-End/src/pages/api/auth/signin.js

@@ -0,0 +1,22 @@
+import { getCsrfToken } from 'next-auth/react';
+import useCsrfToken from '@/hooks/useCsrfToken';
+import DjangoCSRFToken from '@/components/DjangoCSRFToken'
+
+export default function SignIn({ csrfToken }) {
+
+  const csrfToken = useCsrfToken();
+  return (
+    <form method="post" action="/api/auth/callback/credentials">
+      <DjangoCSRFToken csrfToken={csrfToken} />
+      <label>
+        Email
+        <input name="email" type="email" />
+      </label>
+      <label>
+        Password
+        <input name="password" type="password" />
+      </label>
+      <button type="submit">Sign in</button>
+    </form>
+  );
+}

Front-End/src/pages/api/auth/signout.js

@@ -0,0 +1,9 @@
+import { signOut } from 'next-auth/client';
+
+export default function SignOut() {
+  return (
+    <button onClick={() => signOut({ callbackUrl: '/' })}>
+      Sign out
+    </button>
+  );
+}