fix autherization error for morph management

Author: gnowgi

nodebook-base/frontend/src/NodeCard.tsx

@@ -6,6 +6,7 @@ import { Subgraph } from './Subgraph';
 import { NLPParsingModal } from './NLPParsingModal';
 import type { Node, Edge, AttributeType, Morph } from './types';
 import { API_BASE_URL } from './api-config';
+import { keycloakAuth } from './services/keycloakAuth';
 import './NodeCard.css';
 
 interface NodeCardProps {
@@ -34,23 +35,29 @@ export function NodeCard({ node, allNodes, allRelations, attributes, isActive, o
   // Morph change state
   const [isChangingMorph, setIsChangingMorph] = useState(false);
 
-  // Helper function for authenticated API calls
-  const authenticatedFetch = (url: string, options: RequestInit = {}) => {
-    const token = localStorage.getItem('token');
+  // Helper function for authenticated API calls with token refresh
+  const authenticatedFetch = async (url: string, options: RequestInit = {}) => {
+    // Ensure access token is valid (refresh if near expiry)
+    await keycloakAuth.ensureValidToken();
+    let token = localStorage.getItem('token');
     const headers: Record<string, string> = {
-      ...options.headers,
-      'Authorization': `Bearer ${token}`,
+      ...options.headers as Record<string, string>,
     };
-    
-    // Only set Content-Type for requests that have a body
-    if (options.body) {
-      headers['Content-Type'] = 'application/json';
+    if (token) headers['Authorization'] = `Bearer ${token}`;
+    if (options.body) headers['Content-Type'] = headers['Content-Type'] || 'application/json';
+
+    let res = await fetch(url, { ...options, headers });
+    if (res.status === 401) {
+      // Try to refresh and retry once
+      const refreshed = await keycloakAuth.refreshAccessToken();
+      token = localStorage.getItem('token');
+      const retryHeaders: Record<string, string> = { ...headers };
+      if (refreshed && token) {
+        retryHeaders['Authorization'] = `Bearer ${token}`;
+        res = await fetch(url, { ...options, headers: retryHeaders });
+      }
     }
-    
-    return fetch(url, {
-      ...options,
-      headers,
-    });
+    return res;
   };
 
   // NLP parsing function

nodebook-base/server.js

@@ -17,7 +17,7 @@ import { createDataStore } from './data-store.js';
 import CNLSuggestionService from './cnl-suggestion-service.js';
 
 // Keycloak authentication integration
-const KEYCLOAK_URL = process.env.KEYCLOAK_URL || 'http://keycloak:8080';
+const KEYCLOAK_URL = process.env.KEYCLOAK_URL || 'http://localhost:8080';
 const KEYCLOAK_REALM = process.env.KEYCLOAK_REALM || 'nodebook';
 const KEYCLOAK_CLIENT_ID = process.env.KEYCLOAK_CLIENT_ID || 'nodebook-frontend';
 const KEYCLOAK_CLIENT_SECRET = process.env.KEYCLOAK_CLIENT_SECRET || 'nodebook-frontend-secret';
@@ -35,6 +35,7 @@ const auth = {
       });
 
       if (!response.ok) {
+        console.warn(`Keycloak token verification failed: ${response.status} ${response.statusText}`);
         return null;
       }
 
@@ -48,6 +49,8 @@ const auth = {
       };
     } catch (error) {
       console.error('Keycloak token verification error:', error);
+      // In development, if Keycloak is not available, we could fall back to a dev mode
+      // For now, return null to maintain security
       return null;
     }
   },