@devcoffee/nuxt-core 1.0.2 → 1.1.1

package/dist/runtime/server/core/nuxtForwardHandler.d.ts

@@ -0,0 +1,18 @@
+import type { SessionContext } from '@devcoffee/nuxt-core';
+import type { CoreLogLevel, H3Event, ProxyOptions } from '#devcoffee-core/server/adapters/http';
+import type { Configuration } from '#devcoffee-core/server/adapters/oidc';
+type ForwardInit = {
+    forwardUrl: string;
+} & ProxyOptions;
+type ForwardRequestOptions = {
+    logLevel: CoreLogLevel;
+    targetBaseUrl?: string;
+    proxyPrefix: string;
+    onBeforeRequest?: (forwardInit: ForwardInit, parameters: {
+        event: H3Event;
+        session: Nullable<SessionContext>;
+        oidConfig: Configuration;
+    }) => Awaitable<ForwardInit>;
+};
+export default function NuxtForwardRequestHandler(opts?: DeepPartial<ForwardRequestOptions> | (() => DeepPartial<ForwardRequestOptions>)): any;
+export {};

package/dist/runtime/server/core/nuxtForwardHandler.js

@@ -0,0 +1,60 @@
+import {
+  createError,
+  eventHandler,
+  getRequestHeaders,
+  proxyRequest,
+  useRuntimeConfig
+} from "#devcoffee-core/server/adapters/http";
+import { deepMerge } from "#devcoffee-core/server/adapters/utils";
+import useServerLogger from "#devcoffee-core/server/composables/useServerLogger";
+import { getOpenIdConfiguration, getSession } from "./helpers.js";
+const defaultOpts = {
+  logLevel: 2,
+  proxyPrefix: ""
+};
+function resolveOptions(opts) {
+  let resolvedOpts = {};
+  if (typeof opts === "function") {
+    resolvedOpts = opts();
+  } else {
+    resolvedOpts = opts || resolvedOpts;
+  }
+  return deepMerge({ ...defaultOpts }, resolvedOpts || {});
+}
+export default function NuxtForwardRequestHandler(opts) {
+  const { logLevel, targetBaseUrl, proxyPrefix, onBeforeRequest } = resolveOptions(opts);
+  const logger = useServerLogger({ tag: "forward-request", level: logLevel });
+  if (!targetBaseUrl) {
+    logger.error("no targetBaseUrl");
+    throw createError({
+      statusCode: 500,
+      fatal: true,
+      statusMessage: "Internal Server Error",
+      message: `Option targetBaseUrl is required.`
+    });
+  }
+  const {
+    openid: { wellKnownUrl, cache, clientId, clientSecret },
+    sessions: {
+      secret = "",
+      storage: { name: storageName, prefix: storagePrefix }
+    }
+  } = useRuntimeConfig().nuxtCore.authts;
+  return eventHandler(async (event) => {
+    const oidConfig = await getOpenIdConfiguration(wellKnownUrl, { cache, clientId, clientSecret });
+    const session = await getSession(event.context.sessionId, { storageName, storagePrefix, secret });
+    const headers = getRequestHeaders(event);
+    if (session?.auth?.status === "authenticated" && session.auth.tokenSet?.accessToken) {
+      headers.Authorization = `${session.auth.tokenSet.tokenType} ${session.auth.tokenSet?.accessToken}`;
+    }
+    const params = { event, session, oidConfig };
+    const defaultForwardInit = {
+      forwardUrl: `${targetBaseUrl}${event.path.replace(proxyPrefix, "")}`,
+      fetchOptions: { ignoreResponseError: true },
+      headers
+    };
+    logger.info(`from '${event.path}' to '${defaultForwardInit.forwardUrl}' - auth stt='${session?.auth?.status}'`);
+    const { forwardUrl, ...proxyOption } = await onBeforeRequest?.(defaultForwardInit, params) || defaultForwardInit;
+    return await proxyRequest(event, forwardUrl, proxyOption);
+  });
+}

package/dist/runtime/server/dev/route/session.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/dist/runtime/server/dev/route/session.js

@@ -0,0 +1,8 @@
+import { defineEventHandler } from "h3";
+import { useRuntimeConfig } from "nitropack/runtime";
+import { getSession } from "../../core/helpers.js";
+export default defineEventHandler(async (event) => {
+  const { name: storageName, prefix: storagePrefix } = useRuntimeConfig(event).nuxtCore.authts.sessions.storage;
+  const { secret = "" } = useRuntimeConfig(event).nuxtCore.authts.sessions;
+  return await getSession(event.context.sessionId, { storageName, storagePrefix, secret });
+});

package/dist/runtime/server/plugins/authts.d.ts

@@ -0,0 +1,11 @@
+/**
+ * 🔐 Nitro plugin for session validation and cookie management.
+ *
+ * This plugin automatically validates the session ID from the incoming request cookie.
+ * If the session is invalid or expired, it will create or refresh the session ID and
+ * reassign it back to the request context and cookie.
+ *
+ * @since 1.0.0
+ */
+declare const _default: any;
+export default _default;

package/dist/runtime/server/plugins/authts.js

@@ -0,0 +1,55 @@
+import { defineNitroPlugin, getCookie, setCookie, useRuntimeConfig } from "#devcoffee-core/server/adapters/http";
+import { signSessionId } from "#devcoffee-core/server/core/crypto";
+import { getSession, refreshTokenIfNeeded, updateSession, validateSession } from "#devcoffee-core/server/core/helpers";
+export default defineNitroPlugin((nitroApp) => {
+  nitroApp.hooks.hook("request", async (event) => {
+    const {
+      enabled: authtsEnabled,
+      openid: { wellKnownUrl, cache, clientId, clientSecret, tokenRefreshBufferMs, distributedLock },
+      sessions: {
+        expiresIn,
+        secret = "",
+        storage: { name: storageName, prefix: storagePrefix },
+        names: { sessionId: cookieName }
+      }
+    } = useRuntimeConfig(event).nuxtCore.authts;
+    const session = await validateSession(getCookie(event, cookieName), {
+      storageName,
+      storagePrefix,
+      expiresIn,
+      secret
+    });
+    const { status = "unauthenticated", tokenSet } = session.auth || {};
+    if (authtsEnabled && status === "authenticated" && tokenSet) {
+      const sessionUpdate = await refreshTokenIfNeeded(session, {
+        wellKnownUrl,
+        cache,
+        clientId,
+        clientSecret,
+        tokenRefreshBufferMs,
+        distributedLock
+      });
+      if (Object.keys(sessionUpdate).length > 0) {
+        await updateSession(session.id, sessionUpdate, { storageName, storagePrefix, expiresIn, secret });
+      }
+    }
+    event.context.sessionId = session.id;
+  });
+  nitroApp.hooks.hook("beforeResponse", async (event) => {
+    const {
+      cookieOpts,
+      secret = "",
+      storage: { name: storageName, prefix: storagePrefix },
+      names: { sessionId: cookieName }
+    } = useRuntimeConfig(event).nuxtCore.authts.sessions;
+    const session = await getSession(event.context.sessionId, { storageName, storagePrefix, secret });
+    if (session) {
+      const cookieValue = secret ? signSessionId(session.id, secret) : session.id;
+      event.context.sessionId = session.id;
+      setCookie(event, cookieName, cookieValue, {
+        ...cookieOpts,
+        expires: new Date(session.expiresAt)
+      });
+    }
+  });
+});

package/dist/runtime/server/plugins/logging.js

@@ -1,7 +1,12 @@
+import useServerLogger from "#devcoffee-core/server/composables/useServerLogger";
 import { defineNitroPlugin } from "nitropack/runtime";
-import useServerLogger from "../composables/useServerLogger.js";
 export default defineNitroPlugin((nitroApp) => {
+  nitroApp.hooks.hook("error", (error, { event }) => {
+    const logger = useServerLogger({ event });
+    const formattedMessages = [` Nitro ERROR: ${error}`, event && `Request: [${event.method}] '${event.path}'`];
+    logger.error(formattedMessages.join("\n"));
+  });
   nitroApp.hooks.hook("request", async (event) => {
-    event.context.logger = useServerLogger(event);
+    event.context.logger = useServerLogger({ event });
   });
 });

package/dist/runtime/server/tsconfig.json

@@ -1,3 +1,3 @@
-{
-  "extends": "../../../.nuxt/tsconfig.server.json",
-}
+{
+  "extends": "../../../.nuxt/tsconfig.server.json",
+}

package/dist/runtime/types/global.env.d.ts

@@ -1,17 +1,25 @@
 declare global {
-  type GenericType<T = any, K extends string = string> = Record<K, T>
-
+  type GenericType<T = any, K extends string | number | symbol = string> = Record<K, T>
+  type MaybeArray<T> = T | T[]
   type Nullable<T> = T | null
 
   type Concrete<Type> = {
     [Property in keyof Type]-?: Type[Property]
   }
 
-  type DeepPartial<T> = T extends object
-    ? {
-        [P in keyof T]?: DeepPartial<T[P]>
-      }
-    : T
+  type DateTimeFormatToken = DateFormatToken | TimeFormatToken
+  type DateFormatToken = 'yyyy' | 'yy' | 'MM' | 'M' | 'dd' | 'd'
+  type TimeFormatToken = 'HH' | 'mm' | 'ss' | 'SSS' | 'Z'
+
+  type DeepPartial<T> = T extends (...args: any[]) => any
+    ? T // 🟩 Keep function types as-is
+    : T extends Date
+      ? T
+      : T extends Array<infer U>
+        ? Array<DeepPartial<U>> // 🟨 Recurse into array elements
+        : T extends object
+          ? { [K in keyof T]?: DeepPartial<T[K]> } // 🟦 Recurse into object properties
+          : T // 🟧 Primitives (string, number, etc.)
 
   type DeepReadonly<T> = T extends (infer R)[]
     ? ReadonlyArray<DeepReadonly<R>>
@@ -21,6 +29,10 @@ declare global {
         ? { readonly [P in keyof T]: DeepReadonly<T[P]> }
         : T
 
+  type DeepKeyOf<T extends GenericType> = {
+    [K in keyof T & string]: T[K] extends Record<string, any> ? K | `${K}.${DeepKeyOf<T[K]>}` : K
+  }[keyof T & string]
+
   type UnionKeyOf<T1, T2> = Array<Partial<keyof T1> & Partial<keyof T2>>
 
   type WithRequired<T, K extends keyof T> = T & { [P in K]-?: T[P] }
@@ -34,6 +46,8 @@ declare global {
   type MayBeDate = Date | string | number
 
   type Awaitable<T> = T | Promise<T>
+
+  type HintedString<T extends string> = (string & {}) | T
 }
 
 export {}

package/dist/runtime/types/nitro.d.ts

@@ -1,9 +1,14 @@
-import type { ConsolaInstance } from 'consola'
+import type { CoreLogInstance, CoreLogLevel, NuxtAuthOptions } from '@devcoffee/nuxt-core'
 
 declare module 'h3' {
   interface H3EventContext {
-    logger: ConsolaInstance
+    logger: CoreLogInstance
+    sessionId: string
   }
 }
 
+declare module 'nitropack/runtime' {
+  export type { CoreLogInstance, CoreLogLevel, NuxtAuthOptions }
+}
+
 export {}

package/dist/runtime/types/nuxt.d.ts

@@ -1,17 +1,37 @@
-import type { ConsolaInstance } from 'consola'
+import type {
+  AuthtsMiddlewareMeta,
+  CoreLogInstance,
+  CoreLogLevel,
+  ModuleOptions,
+  ModulePublicRuntimeConfig,
+  NuxtSessionContext,
+  NuxtSessionUpdateContext,
+} from '@devcoffee/nuxt-core'
 
-type NuxtCoreLogging = {
-  getLogger: (opts?: { tag?: string; level?: LogLevel }) => ConsolaInstance
+declare module 'nuxt/schema' {
+  interface RuntimeConfig {
+    nuxtCore: ModuleOptions
+  }
+
+  interface PublicRuntimeConfig {
+    nuxtCore: ModulePublicRuntimeConfig
+  }
 }
 
-declare module 'vue' {
-  interface ComponentCustomProperties {
-    $logging: NuxtCoreLogging
+declare module 'vue-router' {
+  interface RouteMeta {
+    authts?: AuthtsMiddlewareMeta
   }
 }
 
 declare module '#app' {
-  interface NuxtApp {
-    $logging: NuxtCoreLogging
+  interface PageMeta {
+    authts?: AuthtsMiddlewareMeta
   }
 }
+
+declare module '#app' {
+  export type { AuthtsMiddlewareMeta, NuxtSessionContext, NuxtSessionUpdateContext, CoreLogLevel, CoreLogInstance }
+}
+
+export {}

package/dist/runtime/utils.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Recursively merges source objects into a new object based on target shape.
+ * Matches lodash merge semantics: arrays overwrite (no concat), undefined values skipped.
+ * Does NOT mutate the target argument.
+ *
+ * @param target - The base object (not mutated).
+ * @param sources - One or more partial source objects to merge in order.
+ * @returns A new merged object.
+ * @since 1.0.0
+ */
+export declare function deepMerge<T extends object>(target: T, ...sources: object[]): T;
+/**
+ * Returns a new object excluding the specified keys.
+ * Does NOT mutate the source object.
+ *
+ * @param obj - The source object.
+ * @param keys - Array of keys to exclude.
+ * @returns A new object without the excluded keys.
+ * @since 1.0.0
+ */
+export declare function omit<T extends object, K extends keyof T>(obj: T, keys: K[]): Omit<T, K>;
+/**
+ * Returns a new object containing only the specified keys.
+ * Does NOT mutate the source object.
+ *
+ * @param obj - The source object.
+ * @param keys - Array of keys to include.
+ * @returns A new object with only the picked keys.
+ * @since 1.0.0
+ */
+export declare function pick<T extends object, K extends keyof T>(obj: T, keys: K[]): Pick<T, K>;

package/dist/runtime/utils.js

@@ -0,0 +1,28 @@
+export function deepMerge(target, ...sources) {
+  const result = { ...target };
+  for (const source of sources) {
+    if (!source || typeof source !== "object") continue;
+    for (const key of Object.keys(source)) {
+      const srcVal = source[key];
+      const tgtVal = result[key];
+      if (srcVal !== null && typeof srcVal === "object" && !Array.isArray(srcVal) && tgtVal !== null && typeof tgtVal === "object" && !Array.isArray(tgtVal)) {
+        result[key] = deepMerge(tgtVal, srcVal);
+      } else if (srcVal !== void 0) {
+        result[key] = srcVal;
+      }
+    }
+  }
+  return result;
+}
+export function omit(obj, keys) {
+  return Object.fromEntries(Object.entries(obj).filter(([k]) => !keys.includes(k)));
+}
+export function pick(obj, keys) {
+  const result = {};
+  for (const key of keys) {
+    if (key in obj) {
+      result[key] = obj[key];
+    }
+  }
+  return result;
+}

package/dist/types.d.mts

@@ -1,7 +1,9 @@
-import type { NuxtModule } from '@nuxt/schema'
+import type { ModulePublicRuntimeConfig } from './module.mjs'
 
-import type { default as Module } from './module.mjs'
-
-export type ModuleOptions = typeof Module extends NuxtModule<infer O> ? Partial<O> : Record<string, any>
+declare module '@nuxt/schema' {
+  interface PublicRuntimeConfig extends ModulePublicRuntimeConfig {}
+}
 
 export { default } from './module.mjs'
+
+export { type AuthData, type AuthorizedUser, type AuthtsMiddlewareMeta, type AuthtsModuleOptions, type CoreLogInstance, type CoreLogLevel, type InputModuleOptions, type LoggingModuleOptions, type LoggingOptions, type ModuleOptions, type ModulePublicRuntimeConfig, type NuxtAuthOptions, type NuxtCoreLogging, type NuxtSessionContext, type NuxtSessionUpdateContext, type SessionContext } from './module.mjs'

package/package.json

@@ -1,8 +1,25 @@
 {
   "name": "@devcoffee/nuxt-core",
-  "version": "1.0.2",
+  "version": "1.1.1",
   "author": "Hieu Nguyen <hieunguyen@devcoffee.tech>",
-  "description": "devcoffee core module for Nuxt",
+  "description": "Nuxt 4 module providing OpenID Connect / OAuth 2.0 authorization code grant with PKCE, server-side session management via Nitro, client-side auth state composables, and universal route protection middleware.",
+  "keywords": [
+    "nuxt",
+    "nuxt-module",
+    "nuxt4",
+    "oidc",
+    "oauth2",
+    "pkce",
+    "openid-connect",
+    "authentication",
+    "session",
+    "jwt",
+    "nitro",
+    "vue3",
+    "auth",
+    "middleware",
+    "composables"
+  ],
   "license": "MIT",
   "type": "module",
   "exports": {
@@ -20,46 +37,57 @@
     }
   },
   "files": [
-    "dist"
+    "dist",
+    "CHANGELOG.md",
+    "GUIDELINE.md"
   ],
   "nuxt": {
     "module": "src/module.ts"
   },
   "scripts": {
-    "dev": "npm run dev:prepare && nuxi dev playground",
+    "dev": "npm run dev:prepare && cross-env NODE_EXTRA_CA_CERTS=.certs/devcoffee.ca.pem nuxi dev playground",
     "dev:prepare": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground",
+    "cleanup": "nuxi cleanup && nuxi cleanup playground",
     "dev:build": "nuxi build playground",
     "prepack": "nuxt-module-build build",
-    "release": "npm run lint && npm run test && npm run prepack && changelogen --release && npm publish && git push --follow-tags",
-    "lint": "eslint .",
-    "test": "vitest run",
-    "test:watch": "vitest watch",
-    "test:types": "vue-tsc --noEmit && cd playground && vue-tsc --noEmit"
+    "release": "npm run lint && npm run test:all && npm run prepack && changelogen --release && npm publish && git push --follow-tags",
+    "lint": "eslint --fix src test",
+    "test": "cross-env NODE_OPTIONS=--no-deprecation vitest run test/unit",
+    "test:e2e": "cross-env NODE_OPTIONS=--no-deprecation vitest run test/e2e",
+    "test:e2e:ui": "cross-env NODE_OPTIONS=--no-deprecation PLAYWRIGHT_HEADLESS=false vitest run test/e2e",
+    "test:all": "cross-env NODE_OPTIONS=--no-deprecation vitest run",
+    "test:watch": "cross-env NODE_OPTIONS=--no-deprecation vitest watch test/unit",
+    "test:types": "vue-tsc --noEmit src --skipLibCheck --strict"
   },
   "dependencies": {
     "@nuxt/kit": "^4.1.3",
     "consola": "^3.4.2",
-    "lodash-es": "^4.17.21"
+    "cookie-es": "^1.2.2",
+    "openid-client": "^6.8.1"
   },
   "devDependencies": {
     "@ianvs/prettier-plugin-sort-imports": "^4.7.0",
     "@nuxt/devtools": "^2.6.5",
-    "@nuxt/eslint": "^1.9.0",
-    "@nuxt/eslint-config": "^1.9.0",
+    "@nuxt/devtools-kit": "^1.0.0",
+    "@nuxt/eslint": "^1.13.0",
+    "@nuxt/eslint-config": "^1.13.0",
     "@nuxt/module-builder": "^1.0.2",
     "@nuxt/schema": "^4.1.3",
     "@nuxt/test-utils": "^3.19.2",
-    "@types/lodash-es": "^4.17.12",
+    "@playwright/test": "^1.58.2",
     "@types/node": "latest",
+    "@vue/test-utils": "^2.4.6",
     "changelogen": "^0.6.2",
     "cross-env": "^10.1.0",
     "eslint": "^9.37.0",
     "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-prettier": "^5.5.4",
-    "nuxt": "^4.1.3",
-    "prettier": "^3.6.2",
+    "eslint-plugin-prettier": "^5.5.5",
+    "happy-dom": "^20.5.0",
+    "nuxt": "^4.2.2",
+    "playwright-core": "^1.58.2",
+    "prettier": "^3.8.1",
     "typescript": "~5.9.3",
     "vitest": "^3.2.4",
     "vue-tsc": "^3.1.0"
   }
-}
+}

package/dist/runtime/plugin.d.ts

@@ -1,2 +0,0 @@
-declare const _default: import("#app").Plugin<Record<string, unknown>> & import("#app").ObjectPlugin<Record<string, unknown>>;
-export default _default;

package/dist/runtime/plugin.js

@@ -1,4 +0,0 @@
-import { defineNuxtPlugin } from "#app";
-export default defineNuxtPlugin((_nuxtApp) => {
-  console.log("Plugin injected by my-module!");
-});