feat: Monadical SSO as replacement of Fief (#393)

* sso: first pass for integrating SSO

still have issue on refreshing
maybe customize the login page, or completely avoid it
make 100% to understand how session server/client are working
need to test with different configuration option (features flags and
requireLogin)

* sso: correctly handle refresh token, with pro-active refresh

Going on interceptors make extra calls to reflector when 401.
We need then to circle back with NextJS backend to update the jwt,
session, then retry the failed request.

I prefered to go pro-active, and ensure the session AND jwt are always
up to date.

A minute before the expiration, we'll try to refresh it. useEffect() of
NextJS cannot be asynchronous, so we cannot wait for the token to be
refreshed.

Every 20s, a minute before the expiration (so 3x in total max) we'll try
to renew. When the accessToken is renewed, the session is updated, and
dispatching up to the client, which updates the useApi().

Therefore, no component will left without a incorrect token.

* fixes: issue with missing key on react-select-search because the default value is undefined

* sso: fixes login/logout button, and avoid seeing the login with authentik page when clicking

* sso: ensure /transcripts/new is not behind protected page, and feature flags page are honored

* sso: fixes user sub->id

* fixes: remove old layout not used

* fixes: set default NEXT_PUBLIC_SITE_URL as localhost

* fixes: removing fief again due to merge with main

* sso: ensure session is always ready before doing any action

* sso: add migration from fief to jwt in server, only from transcripts list

* fixes: user tests

* fixes: compilation issues

www/middleware.ts

@@ -1,11 +1,85 @@
+import { withAuth } from "next-auth/middleware";
+import { getConfig } from "./app/lib/edgeConfig";
+import { NextResponse } from "next/server";
+
+const LOGIN_REQUIRED_PAGES = [
+  "/transcripts/[!new]",
+  "/browse(.*)",
+  "/rooms(.*)",
+];
+
+const PROTECTED_PAGES = new RegExp(
+  LOGIN_REQUIRED_PAGES.map((page) => `^${page}$`).join("|"),
+);
+
+export const config = {
+  matcher: [
+    "/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
+
+    // must be a copy of LOGIN_REQUIRED_PAGES
+    // cannot use anything dynamic (...LOGIN_REQUIRED_PAGES, or .concat(LOGIN_REQUIRED_PAGES))
+    // as per https://nextjs.org/docs/messages/invalid-page-config
+    "/",
+    "/transcripts(.*)",
+    "/browse(.*)",
+    "/rooms(.*)",
+  ],
+};
+
+export default withAuth(
+  async function middleware(request) {
+    const config = await getConfig();
+    const pathname = request.nextUrl.pathname;
+
+    // feature-flags protected paths
+    if (
+      (!config.features.browse && pathname.startsWith("/browse")) ||
+      (!config.features.rooms && pathname.startsWith("/rooms"))
+    ) {
+      return NextResponse.redirect(request.nextUrl.origin);
+    }
+  },
+  {
+    callbacks: {
+      async authorized({ req, token }) {
+        const config = await getConfig();
+
+        if (
+          config.features.requireLogin &&
+          PROTECTED_PAGES.test(req.nextUrl.pathname)
+        ) {
+          return !!token;
+        }
+
+        return true;
+      },
+    },
+  },
+);
+
+/**
+
 import { NextResponse, NextRequest } from "next/server";
 
-import { getFiefAuthMiddleware } from "./app/lib/fief";
+// import { getFiefAuthMiddleware } from "./app/lib/fief";
+import { getToken } from "next-auth/jwt";
 import { getConfig } from "./app/lib/edgeConfig";
+import { authOptions } from "./app/api/auth/[...nextauth]/route";
+
 
 export async function middleware(request: NextRequest) {
   const config = await getConfig();
 
+  console.log(
+    "---------------------------------------------------------------",
+  );
+  console.log(
+    "middleware",
+    "request.nextUrl.pathname",
+    request.nextUrl.pathname,
+  );
+  console.log("middleware", "config", config);
+
   if (
     request.nextUrl.pathname.match(
       "^/((?!api|_next/static|_next/image|favicon.ico).*)",
@@ -17,6 +91,7 @@ export async function middleware(request: NextRequest) {
         request.nextUrl.pathname.startsWith("/browse")) ||
       (!config.features.rooms && request.nextUrl.pathname.startsWith("/rooms"))
     ) {
+      console.log("!! redirecting to", request.nextUrl.origin);
       return NextResponse.redirect(request.nextUrl.origin);
     }
 
@@ -29,3 +104,4 @@ export async function middleware(request: NextRequest) {
 
   return NextResponse.next();
 }
+**/