@devcoffee/nuxt-core 1.1.1 → 1.2.3

package/CHANGELOG.md

@@ -1,5 +1,73 @@
 # Changelog
 
+## v1.2.3
+
+[compare changes](https://github.com/coolkg1412/devcoffee-nuxt-core/compare/v1.2.2...v1.2.3)
+
+## v1.2.2
+
+[compare changes](https://github.com/coolkg1412/devcoffee-nuxt-core/compare/v1.2.1...v1.2.2)
+
+### 🩹 Fixes
+
+- Ensure sanitizeError function returns H3Error type consistently ([de54a04](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/de54a04))
+
+### 🏡 Chore
+
+- Add publishConfig access public for scoped npm package ([3c080be](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/3c080be))
+
+### ❤️ Contributors
+
+- Hieu Nguyen <hieu.nguyen@devcoffee.tech>
+
+## v1.2.1
+
+[compare changes](https://github.com/coolkg1412/devcoffee-nuxt-core/compare/v1.2.0...v1.2.1)
+
+### 🩹 Fixes
+
+- Resolve session double encryption issue by decrypting tokenSet in validateSession and updating getSession usage in updateSession ([6ed8fb6](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/6ed8fb6))
+- Populate nodeReferences and sharedReferences in prepare:types hook ([83b41e2](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/83b41e2))
+- Include devcoffee-nitro-core.d.ts in server TypeScript project via nitro:config hook ([20b35e0](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/20b35e0))
+- **typecheck:** Exclude test, playground, and eslint config from tsconfig.app.json ([9d9c857](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/9d9c857))
+
+### ❤️ Contributors
+
+- Hieu Nguyen <hieu.nguyen@devcoffee.tech>
+
+## v1.2.0
+
+[compare changes](https://github.com/coolkg1412/devcoffee-nuxt-core/compare/v1.1.1...v1.2.0)
+
+### 🚀 Enhancements
+
+- **quick-260328-uf7:** Create admin-board test fixture ([45dae18](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/45dae18))
+- **quick-260328-uf7:** Add admin-board OIDC e2e test ([20bf504](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/20bf504))
+
+### 🩹 Fixes
+
+- **types:** Explicitly type module export as NuxtModule for better type inference ([33e140e](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/33e140e))
+- **types:** Resolve TypeScript errors in middleware and plugins ([df23475](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/df23475))
+- Resolve #devcoffee-core subpath import warnings in build ([#19](https://github.com/coolkg1412/devcoffee-nuxt-core/pull/19))
+- Eliminate duplicate Redis sessions on SSR first load and refactor event.context.session ([#20](https://github.com/coolkg1412/devcoffee-nuxt-core/pull/20))
+- Rotate session on logout and remove console.log debug statement ([fbe129f](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/fbe129f))
+- Resolve autoFetchUser SSR divergence on first render ([1f15ac7](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/1f15ac7))
+- **lint:** Remove unused destructure aliases in SSR session mapping ([cfe7884](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/cfe7884))
+
+### 📖 Documentation
+
+- **quick:** Create plan for admin-board OIDC e2e test ([ce8c611](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/ce8c611))
+- **quick-260328-uf7:** Complete admin-board OIDC e2e plan ([23c0945](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/23c0945))
+
+### ✅ Tests
+
+- Update deleteSession tests to reflect renewSession LOGOUT behavior ([b444baa](https://github.com/coolkg1412/devcoffee-nuxt-core/commit/b444baa))
+
+### ❤️ Contributors
+
+- Hieu Nguyen <hieu.nguyen@devcoffee.tech>
+- Hiếu Nguyễn ([@coolkg1412](https://github.com/coolkg1412))
+
 ## v1.1.1
 
 [compare changes](https://github.com/coolkg1412/devcoffee-nuxt-core/compare/v1.0...v1.1.1)

package/dist/module.d.mts

@@ -1,6 +1,7 @@
-import { CookieSerializeOptions } from '#devcoffee-core/runtime/server/adapters/http';
-import { OidcUserInfo } from '#devcoffee-core/runtime/server/adapters/oidc';
-import { ConsolaInstance, LogLevel as LogLevel$1, ConsolaOptions } from 'consola';
+import { NuxtModule } from '@nuxt/schema';
+import { CookieSerializeOptions } from '../dist/runtime/server/adapters/http.js';
+import { OidcUserInfo } from '../dist/runtime/server/adapters/oidc.js';
+import { LogLevel as LogLevel$1, ConsolaOptions, ConsolaInstance } from 'consola';
 
 interface AuthorizedUser {
   id: string
@@ -294,7 +295,7 @@ type ModulePublicRuntimeConfig = Pick<ModuleOptions, 'defaultLocale' | 'defaultT
 
 type InputModuleOptions = DeepPartial<ModuleOptions>
 
-declare const _default: any;
+declare const _module: NuxtModule<InputModuleOptions>;
 
-export { _default as default };
+export { _module as default };
 export type { AuthData, AuthorizedUser, AuthtsMiddlewareMeta, AuthtsModuleOptions, CoreLogInstance, CoreLogLevel, InputModuleOptions, LoggingModuleOptions, LoggingOptions, ModuleOptions, ModulePublicRuntimeConfig, NuxtAuthOptions, NuxtCoreLogging, NuxtSessionContext, NuxtSessionUpdateContext, SessionContext };

package/dist/module.d.ts

@@ -1,6 +1,7 @@
-import { CookieSerializeOptions } from '#devcoffee-core/runtime/server/adapters/http';
-import { OidcUserInfo } from '#devcoffee-core/runtime/server/adapters/oidc';
-import { ConsolaInstance, LogLevel as LogLevel$1, ConsolaOptions } from 'consola';
+import { NuxtModule } from '@nuxt/schema';
+import { CookieSerializeOptions } from '../dist/runtime/server/adapters/http.js';
+import { OidcUserInfo } from '../dist/runtime/server/adapters/oidc.js';
+import { LogLevel as LogLevel$1, ConsolaOptions, ConsolaInstance } from 'consola';
 
 interface AuthorizedUser {
   id: string
@@ -294,7 +295,7 @@ type ModulePublicRuntimeConfig = Pick<ModuleOptions, 'defaultLocale' | 'defaultT
 
 type InputModuleOptions = DeepPartial<ModuleOptions>
 
-declare const _default: any;
+declare const _module: NuxtModule<InputModuleOptions>;
 
-export { _default as default };
+export { _module as default };
 export type { AuthData, AuthorizedUser, AuthtsMiddlewareMeta, AuthtsModuleOptions, CoreLogInstance, CoreLogLevel, InputModuleOptions, LoggingModuleOptions, LoggingOptions, ModuleOptions, ModulePublicRuntimeConfig, NuxtAuthOptions, NuxtCoreLogging, NuxtSessionContext, NuxtSessionUpdateContext, SessionContext };

package/dist/module.json

@@ -1,6 +1,6 @@
 {
   "name": "nuxt-core",
-  "version": "1.1.1",
+  "version": "1.2.3",
   "configKey": "nuxtCore",
   "compatibility": {
     "nuxt": "^4.0.0"

package/dist/module.mjs

@@ -1,8 +1,8 @@
 import { addCustomTab } from '@nuxt/devtools-kit';
-import { defineNuxtModule, useLogger, createResolver, addServerImports, addServerImportsDir, addServerPlugin, addImportsDir, addPlugin, addRouteMiddleware, addTemplate, addServerHandler } from '@nuxt/kit';
+import { defineNuxtModule, useLogger, createResolver, addTemplate, addServerImports, addServerImportsDir, addServerPlugin, addImportsDir, addPlugin, addRouteMiddleware, addServerHandler } from '@nuxt/kit';
 import { deepMerge, pick } from '../dist/runtime/utils.js';
 
-const version = "1.1.1";
+const version = "1.2.3";
 
 const defaultLocale = "vi-VN";
 const defaultLanguage = "vi";
@@ -113,7 +113,7 @@ function normalizePublicRuntimeConfig(inputOpts) {
 
 const moduleName = "nuxt-core";
 const configKey = "nuxtCore";
-const module = defineNuxtModule({
+const _module = defineNuxtModule({
   meta: {
     name: moduleName,
     version,
@@ -140,6 +140,25 @@ const module = defineNuxtModule({
       }
     });
     _nuxt.options.alias["#devcoffee-core"] = resolver.resolve("./runtime");
+    const globalTypes = addTemplate({
+      filename: "types/devcoffee-global.d.ts",
+      src: resolver.resolve("./runtime/types/global.env.d.ts")
+    });
+    const nuxtTypes = addTemplate({
+      filename: "types/devcoffee-nuxt-core.d.ts",
+      src: resolver.resolve("./runtime/types/nuxt.d.ts")
+    });
+    const nitroTypes = addTemplate({
+      filename: "types/devcoffee-nitro-core.d.ts",
+      src: resolver.resolve("./runtime/types/nitro.d.ts")
+    });
+    _nuxt.options.nitro = deepMerge(_nuxt.options.nitro || {}, {
+      typescript: {
+        tsConfig: {
+          include: [globalTypes.dst]
+        }
+      }
+    });
     addServerImports([
       {
         from: resolver.resolve("./runtime/server/core/nuxtAuthtsHandler"),
@@ -185,29 +204,20 @@ const module = defineNuxtModule({
     addRouteMiddleware([{ name: "authts", path: resolver.resolve("./runtime/app/middleware/authts"), global: true }], {
       prepend: true
     });
-    const globalTypes = addTemplate({
-      filename: "types/devcoffee-global.d.ts",
-      src: resolver.resolve("./runtime/types/global.env.d.ts")
-    });
-    _nuxt.options.nitro = deepMerge(_nuxt.options.nitro || {}, {
-      typescript: {
-        tsConfig: {
-          include: [globalTypes.dst]
-        }
-      }
-    });
-    const nuxtTypes = addTemplate({
-      filename: "types/devcoffee-nuxt-core.d.ts",
-      src: resolver.resolve("./runtime/types/nuxt.d.ts")
-    });
-    const nitroTypes = addTemplate({
-      filename: "types/devcoffee-nitro-core.d.ts",
-      src: resolver.resolve("./runtime/types/nitro.d.ts")
-    });
     _nuxt.hook("prepare:types", (opts) => {
       opts.references.push({ path: globalTypes.dst });
       opts.references.push({ path: nuxtTypes.dst });
       opts.references.push({ path: nitroTypes.dst });
+      opts.nodeReferences.push({ path: globalTypes.dst });
+      opts.nodeReferences.push({ path: nitroTypes.dst });
+      opts.sharedReferences.push({ path: globalTypes.dst });
+      opts.sharedReferences.push({ path: globalTypes.dst });
+    });
+    _nuxt.hook("nitro:config", (nitroConfig) => {
+      nitroConfig.typescript ??= {};
+      nitroConfig.typescript.tsConfig ??= {};
+      nitroConfig.typescript.tsConfig.include ??= [];
+      nitroConfig.typescript.tsConfig.include.push(nitroTypes.dst);
     });
     if (_nuxt.options?.devtools) {
       addCustomTab({
@@ -228,4 +238,4 @@ const module = defineNuxtModule({
   }
 });
 
-export { module as default };
+export { _module as default };

package/dist/runtime/app/composables/useAuthContext.js

@@ -1,4 +1,4 @@
-import { useRequestURL } from "#app";
+import { useRequestEvent, useRequestURL, useRuntimeConfig } from "#app";
 import {
   computed,
   createError,
@@ -9,6 +9,7 @@ import {
   useRequestFetch,
   useSessionContext
 } from "#imports";
+import { deleteCookie, setCookie } from "h3";
 export function useAuthContext(initiator) {
   const { callHook, runWithContext } = useNuxtApp();
   const { getValue } = useSessionContext();
@@ -58,7 +59,15 @@ export function useAuthContext(initiator) {
         processing.value = true;
       }
     }).then(
-      async ({ redirectUrl }) => runWithContext(async () => await navigateTo(redirectUrl, { external: true, replace: true }))
+      async ({ redirectUrl, cookies }) => runWithContext(async () => {
+        if (import.meta.server) {
+          const event = useRequestEvent();
+          if (event) {
+            cookies.forEach(([n, v, o]) => setCookie(event, n, v, o));
+          }
+        }
+        return await navigateTo(redirectUrl, { external: true, replace: true });
+      })
     ).catch((ex) => {
       logger.log(`[login] failed error:${ex}`, ex);
       throw sanitizeError(ex);
@@ -76,7 +85,18 @@ export function useAuthContext(initiator) {
       await runWithContext(async () => await callHook("user:loggedIn"));
       return response;
     }).then(
-      async ({ redirectUrl }) => runWithContext(async () => await navigateTo(redirectUrl))
+      async ({ redirectUrl }) => runWithContext(async () => {
+        if (import.meta.server) {
+          const event = useRequestEvent();
+          if (event) {
+            const { cookieOpts, names: cookienames } = useRuntimeConfig(event).nuxtCore.authts.sessions;
+            Array.of(cookienames.state, cookienames.pkce, cookienames.redirectUrl).forEach(
+              (cookie) => deleteCookie(event, cookie, cookieOpts)
+            );
+          }
+        }
+        return await navigateTo(redirectUrl);
+      })
     ).catch((ex) => {
       logger.log(`[authorize] failed error:${ex}`, ex);
       throw sanitizeError(ex);
@@ -90,7 +110,16 @@ export function useAuthContext(initiator) {
         processing.value = true;
       }
     }).then(async (response) => {
-      await runWithContext(async () => await callHook("user:loggedOut"));
+      await runWithContext(async () => {
+        if (import.meta.server) {
+          const event = useRequestEvent();
+          if (event) {
+            const { cookieOpts, names: cookienames } = useRuntimeConfig(event).nuxtCore.authts.sessions;
+            deleteCookie(event, cookienames.sessionId, cookieOpts);
+          }
+        }
+        return await callHook("user:loggedOut");
+      });
       return response;
     }).then(
       async ({ redirectUrl }) => runWithContext(async () => await navigateTo(redirectUrl))

package/dist/runtime/app/middleware/authts.js

@@ -3,7 +3,6 @@ import {
   createError,
   defineNuxtRouteMiddleware,
   navigateTo,
-  refreshNuxtData,
   useCookie,
   useNuxtApp,
   useRequestEvent,
@@ -68,7 +67,7 @@ export default defineNuxtRouteMiddleware(async (to) => {
     logger.debug(`Bypassing auth checks for ignored path: ${normalizedPath}`);
     return;
   }
-  if (import.meta.env.DEV && ignoreRegexPatternsDev.length && ignoreRegexPatternsDev.some((pattern) => pattern.test(normalizedPath))) {
+  if (import.meta.dev && ignoreRegexPatternsDev.length && ignoreRegexPatternsDev.some((pattern) => pattern.test(normalizedPath))) {
     logger.debug(`Bypassing auth checks for ignored path (dev): ${normalizedPath}`);
     return;
   }
@@ -83,7 +82,7 @@ export default defineNuxtRouteMiddleware(async (to) => {
     );
   }
   if (import.meta.client) {
-    await refreshNuxtData("authts:session");
+    await nuxtApp.$sessionContext.refetch();
   }
   const { isAuthenticated } = useAuthContext("core.app.authts.middleware");
   const loginPath = loginUri.toLowerCase();

package/dist/runtime/app/plugins/authts.js

@@ -2,10 +2,10 @@ import { watch } from "vue";
 import {
   createError,
   defineNuxtPlugin,
-  refreshNuxtData,
   useAsyncData,
   useCookie,
   useNuxtApp,
+  useRequestEvent,
   useRequestFetch,
   useRuntimeConfig,
   useState
@@ -21,8 +21,25 @@ export default defineNuxtPlugin(async (_nuxtApp) => {
     }
   );
   async function __getServerSession(initiator) {
+    logger.debug(`[__getServerSession] Called with initiator: '${initiator}'`);
+    if (import.meta.server) {
+      const event = useRequestEvent();
+      const session = event?.context?.session ?? null;
+      if (!session) {
+        throw createError({
+          status: 500,
+          fatal: true,
+          statusMessage: "Failed to fetch session",
+          message: "Server session not found on event context"
+        });
+      }
+      const { auth, ...rest } = session;
+      return {
+        ...rest,
+        isAuthenticated: auth?.status === "authenticated" && Boolean(auth?.tokenSet && session.user?.id)
+      };
+    }
     try {
-      logger.debug(`[__getServerSession] Called with initiator: '${initiator}'`);
       return await fetchRequest("/api/_auth/session");
     } catch (ex) {
       throw createError({
@@ -41,36 +58,17 @@ export default defineNuxtPlugin(async (_nuxtApp) => {
   _nuxtApp.provide("sessionReady", sessionReady);
   const sessionId = useCookie(useRuntimeConfig().public.nuxtCore.authts.sessionCookie);
   logger.debug(`Initial session fetch on plugin init with sessionId: ${sessionId.value}`);
-  if (sessionId.value) {
-    const { data } = await useAsyncData("authts:session", () => __getServerSession("plugin initialization"));
-    if (data.value) {
-      context.value = data.value;
-    }
-    watch(data, (newData) => {
+  const { data, refresh } = await useAsyncData("authts:session", () => __getServerSession("plugin initialization"));
+  watch(
+    data,
+    (newData) => {
       if (newData) context.value = newData;
-    });
-  } else {
-    context.value = {
-      id: "",
-      isAuthenticated: false,
-      user: {
-        id: "",
-        sub: "",
-        email: "",
-        firstName: "Anonymous",
-        lastName: "User",
-        locale: "",
-        language: "",
-        timezone: ""
-      },
-      data: {}
-    };
-  }
-  resolveReady();
+    },
+    { immediate: true }
+  );
   _nuxtApp.hooks.addHooks({
-    // session:fetch calls refreshNuxtData to stay coherent with useAsyncData cache (D-04)
     "session:fetch": async (_initiator) => {
-      await refreshNuxtData("authts:session");
+      await refresh({ dedupe: "cancel" });
     },
     "user:loggedIn": async () => {
       await _nuxtApp.callHook("session:fetch", "user:loggedIn");
@@ -88,4 +86,5 @@ export default defineNuxtPlugin(async (_nuxtApp) => {
     await _nuxtApp.callHook("session:fetch");
   }
   _nuxtApp.provide("sessionContext", { getValue, refetch });
+  resolveReady();
 });

package/dist/runtime/server/core/helpers.d.ts

@@ -10,8 +10,8 @@ type SessionCreateOptions = {
 /**
  * Check whether a candidate redirect URL is same-origin with the request URL.
  *
- * Uses the WHATWG URL constructor — malformed URLs and relative paths return false
- * instead of throwing, guarding against attacker-controlled input.
+ * Uses the WHATWG URL constructor — relative paths are considered same-origin.
+ * Malformed URLs return false, guarding against attacker-controlled input.
  *
  * @param redirectUrl - The candidate redirect URL string (from query param or cookie).
  * @param requestUrl - The trusted request URL from the h3 event.

package/dist/runtime/server/core/helpers.js

@@ -47,8 +47,11 @@ function getSessionStorageKey(storagePrefix, sessionId) {
   return storagePrefix ? `${storagePrefix}:${sessionId}` : sessionId;
 }
 export function isSameOrigin(redirectUrl, requestUrl) {
+  if (redirectUrl.includes(" ")) {
+    return false;
+  }
   try {
-    return new URL(redirectUrl).origin === requestUrl.origin;
+    return new URL(redirectUrl, requestUrl.href).origin === requestUrl.origin;
   } catch {
     return false;
   }
@@ -112,6 +115,14 @@ export async function validateSession(sessionCookieId, opts) {
     await removeSessionData(opts.storageName, deleteSessionKey);
   }
   await setSessionData(opts.storageName, sessionKey, session, opts.expiresIn / 1e3 | 0);
+  if (session.auth?.tokenSet && session.auth.tokenSet.encrypted === true) {
+    if (opts.secret) {
+      const decrypted = decryptTokenSet(session.auth.tokenSet, opts.secret);
+      session.auth.tokenSet = decrypted ?? void 0;
+    } else {
+      session.auth.tokenSet = void 0;
+    }
+  }
   return session;
 }
 export async function updateSession(sessionId, input, opts) {
@@ -121,7 +132,7 @@ export async function updateSession(sessionId, input, opts) {
     input,
     ["id", "issuedAt", "expiresAt"]
   );
-  let session = await getSessionData(opts.storageName, serverKey);
+  let session = await getSession(sessionId, opts);
   if (!session) {
     throw createError({
       status: 500,

package/dist/runtime/server/core/nuxtAuthtsHandler.d.ts

@@ -1,4 +1,10 @@
 import type { NuxtAuthOptions } from '#devcoffee-core/server/adapters/http';
+declare module 'nitropack' {
+    interface NitroApp {
+        /** Registered userInfo callback from NuxtAuthtsHandler — used by server plugin for SSR autoFetchUser enrichment. */
+        _sessionUserInfo?: NuxtAuthOptions['userInfo'];
+    }
+}
 /**
  * Creates a universal authentication handler for Nuxt, integrating with OpenID Connect.
  *

package/dist/runtime/server/core/nuxtAuthtsHandler.js

@@ -10,15 +10,14 @@ import {
   useRuntimeConfig
 } from "#devcoffee-core/server/adapters/http";
 import { deepMerge, omit } from "#devcoffee-core/server/adapters/utils";
-import { useStorage } from "nitropack/runtime";
+import { useNitroApp, useStorage } from "nitropack/runtime";
 import {
   authorizationCodeGrant,
   buildAuthorizationUrl,
   constructTokenSet,
-  deleteSession,
   fetchUserInfo,
-  getSession,
   isSameOrigin,
+  renewSession,
   revokeTokens,
   updateSession
 } from "./helpers.js";
@@ -67,20 +66,17 @@ const defaultNuxtAuthOptions = {
 export default function NuxtAuthtsHandler(options) {
   const { enabled: authEnabled, sessions: sessionConfig, openid, auth } = useRuntimeConfig().nuxtCore.authts;
   const nuxtAuthOptions = deepMerge({ ...defaultNuxtAuthOptions }, options || {});
+  useNitroApp()._sessionUserInfo = nuxtAuthOptions.userInfo;
   return eventHandler(async (event) => {
     const requestUrl = getRequestURL(event);
     const queryParams = getQuery(event);
     const authAction = getAuthAction(requestUrl);
-    let session = await getSession(event.context.sessionId, {
-      storageName: sessionConfig.storage.name,
-      storagePrefix: sessionConfig.storage.prefix,
-      secret: sessionConfig.secret || ""
-    });
+    let session = event.context.session;
     if (!session) {
       throw createError({
         status: 500,
         fatal: true,
-        message: `session '${event.context.sessionId}' was not found!`
+        message: `session was not found on event context!`
       });
     }
     if (!authEnabled && !["session" /* GET_SESSION */].includes(authAction)) {
@@ -114,7 +110,7 @@ export default function NuxtAuthtsHandler(options) {
             secret: sessionConfig.secret || ""
           });
         }
-        event.context.sessionId = session.id;
+        event.context.session = session;
         return nuxtAuthOptions.session(omit(session, ["auth"]), session.auth);
       case "authorize-url" /* AUTHORIZE_URL */:
         const { authorizeUrl, state, pkceCodeVerifier } = await buildAuthorizationUrl(session, {
@@ -131,8 +127,10 @@ export default function NuxtAuthtsHandler(options) {
           sessionStorageName: sessionConfig.storage.name,
           sessionStoragePrefix: sessionConfig.storage.prefix
         });
+        const result = { redirectUrl: authorizeUrl, cookies: [] };
         if (pkceCodeVerifier) {
           setCookie(event, sessionConfig.names.pkce, pkceCodeVerifier, authCookieOpts);
+          result.cookies.push([sessionConfig.names.pkce, pkceCodeVerifier, authCookieOpts]);
         }
         if (queryParams.redirectUrl) {
           const candidateUrl = String(queryParams.redirectUrl);
@@ -144,10 +142,12 @@ export default function NuxtAuthtsHandler(options) {
             });
           }
           setCookie(event, sessionConfig.names.redirectUrl, candidateUrl, authCookieOpts);
+          result.cookies.push([sessionConfig.names.redirectUrl, candidateUrl, authCookieOpts]);
         }
         setCookie(event, sessionConfig.names.state, state, authCookieOpts);
-        event.context.sessionId = session.id;
-        return { redirectUrl: authorizeUrl };
+        result.cookies.push([sessionConfig.names.state, state, authCookieOpts]);
+        event.context.session = session;
+        return result;
       case "token" /* TOKEN */:
         const formData = await readFormData(event);
         const openIdTokenSet = await authorizationCodeGrant(
@@ -198,13 +198,13 @@ export default function NuxtAuthtsHandler(options) {
           });
           sessionData.user = await nuxtAuthOptions.userInfo(session.user, { openidUser, tokenSet });
         }
-        await updateSession(session.id, sessionData, {
+        session = await updateSession(session.id, sessionData, {
           storageName: sessionConfig.storage.name,
           storagePrefix: sessionConfig.storage.prefix,
           expiresIn: sessionConfig.expiresIn,
           secret: sessionConfig.secret || ""
         });
-        event.context.sessionId = session.id;
+        event.context.session = session;
         return { redirectUrl };
       case "logout" /* LOGOUT */:
         redirectUrl = auth.defaultLogoutRedirectUri;
@@ -217,14 +217,15 @@ export default function NuxtAuthtsHandler(options) {
             wellKnownUrl: openid.wellKnownUrl
           });
         }
-        await deleteSession(session.id, {
+        const newSession = await renewSession(session.id, {
           storageName: sessionConfig.storage.name,
-          storagePrefix: sessionConfig.storage.prefix
+          storagePrefix: sessionConfig.storage.prefix,
+          expiresIn: sessionConfig.expiresIn,
+          secret: sessionConfig.secret || ""
         });
         const cacheStorage = useStorage("cache");
         await cacheStorage.removeItem(`${openid.cache.prefix}:userinfo:${session.id}`);
-        deleteCookie(event, sessionConfig.names.sessionId, authCookieOpts);
-        event.context.sessionId = "";
+        event.context.session = newSession;
         return { redirectUrl };
       default:
         break;

package/dist/runtime/server/core/nuxtForwardHandler.js

@@ -7,7 +7,7 @@ import {
 } from "#devcoffee-core/server/adapters/http";
 import { deepMerge } from "#devcoffee-core/server/adapters/utils";
 import useServerLogger from "#devcoffee-core/server/composables/useServerLogger";
-import { getOpenIdConfiguration, getSession } from "./helpers.js";
+import { getOpenIdConfiguration } from "./helpers.js";
 const defaultOpts = {
   logLevel: 2,
   proxyPrefix: ""
@@ -34,15 +34,11 @@ export default function NuxtForwardRequestHandler(opts) {
     });
   }
   const {
-    openid: { wellKnownUrl, cache, clientId, clientSecret },
-    sessions: {
-      secret = "",
-      storage: { name: storageName, prefix: storagePrefix }
-    }
+    openid: { wellKnownUrl, cache, clientId, clientSecret }
   } = useRuntimeConfig().nuxtCore.authts;
   return eventHandler(async (event) => {
     const oidConfig = await getOpenIdConfiguration(wellKnownUrl, { cache, clientId, clientSecret });
-    const session = await getSession(event.context.sessionId, { storageName, storagePrefix, secret });
+    const session = event.context.session;
     const headers = getRequestHeaders(event);
     if (session?.auth?.status === "authenticated" && session.auth.tokenSet?.accessToken) {
       headers.Authorization = `${session.auth.tokenSet.tokenType} ${session.auth.tokenSet?.accessToken}`;

package/dist/runtime/server/dev/route/session.d.ts

@@ -1,2 +1,2 @@
-declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, any>;
 export default _default;

package/dist/runtime/server/dev/route/session.js

@@ -1,8 +1,4 @@
 import { defineEventHandler } from "h3";
-import { useRuntimeConfig } from "nitropack/runtime";
-import { getSession } from "../../core/helpers.js";
-export default defineEventHandler(async (event) => {
-  const { name: storageName, prefix: storagePrefix } = useRuntimeConfig(event).nuxtCore.authts.sessions.storage;
-  const { secret = "" } = useRuntimeConfig(event).nuxtCore.authts.sessions;
-  return await getSession(event.context.sessionId, { storageName, storagePrefix, secret });
+export default defineEventHandler((event) => {
+  return event.context.session;
 });

package/dist/runtime/server/plugins/authts.d.ts

@@ -2,8 +2,8 @@
  * 🔐 Nitro plugin for session validation and cookie management.
  *
  * This plugin automatically validates the session ID from the incoming request cookie.
- * If the session is invalid or expired, it will create or refresh the session ID and
- * reassign it back to the request context and cookie.
+ * If the session is invalid or expired, it will create or refresh the session and
+ * store the full session object on event.context.session for downstream handlers.
  *
  * @since 1.0.0
  */

package/dist/runtime/server/plugins/authts.js

@@ -1,11 +1,21 @@
 import { defineNitroPlugin, getCookie, setCookie, useRuntimeConfig } from "#devcoffee-core/server/adapters/http";
 import { signSessionId } from "#devcoffee-core/server/core/crypto";
-import { getSession, refreshTokenIfNeeded, updateSession, validateSession } from "#devcoffee-core/server/core/helpers";
+import { refreshTokenIfNeeded, updateSession, validateSession } from "#devcoffee-core/server/core/helpers";
+import { useNitroApp, useStorage } from "nitropack/runtime";
 export default defineNitroPlugin((nitroApp) => {
   nitroApp.hooks.hook("request", async (event) => {
     const {
       enabled: authtsEnabled,
-      openid: { wellKnownUrl, cache, clientId, clientSecret, tokenRefreshBufferMs, distributedLock },
+      openid: {
+        wellKnownUrl,
+        cache,
+        clientId,
+        clientSecret,
+        tokenRefreshBufferMs,
+        distributedLock,
+        autoFetchUser,
+        autoFetchUserTtl
+      },
       sessions: {
         expiresIn,
         secret = "",
@@ -13,7 +23,7 @@ export default defineNitroPlugin((nitroApp) => {
         names: { sessionId: cookieName }
       }
     } = useRuntimeConfig(event).nuxtCore.authts;
-    const session = await validateSession(getCookie(event, cookieName), {
+    let session = await validateSession(getCookie(event, cookieName), {
       storageName,
       storagePrefix,
       expiresIn,
@@ -30,22 +40,35 @@ export default defineNitroPlugin((nitroApp) => {
         distributedLock
       });
       if (Object.keys(sessionUpdate).length > 0) {
-        await updateSession(session.id, sessionUpdate, { storageName, storagePrefix, expiresIn, secret });
+        session = await updateSession(session.id, sessionUpdate, { storageName, storagePrefix, expiresIn, secret });
+      }
+      if (autoFetchUser) {
+        const cacheStorage = useStorage("cache");
+        const userInfoCacheKey = `${cache.prefix}:userinfo:${session.id}`;
+        let cachedUser = await cacheStorage.getItem(userInfoCacheKey);
+        if (!cachedUser) {
+          const userInfoFn = useNitroApp()._sessionUserInfo;
+          if (userInfoFn && session.auth.tokenSet) {
+            cachedUser = await userInfoFn(session.user, { tokenSet: session.auth.tokenSet });
+            await cacheStorage.setItem(userInfoCacheKey, cachedUser, { ttl: autoFetchUserTtl });
+          }
+        }
+        if (cachedUser) {
+          session = { ...session, user: cachedUser };
+        }
       }
     }
-    event.context.sessionId = session.id;
+    event.context.session = session;
   });
   nitroApp.hooks.hook("beforeResponse", async (event) => {
     const {
       cookieOpts,
       secret = "",
-      storage: { name: storageName, prefix: storagePrefix },
       names: { sessionId: cookieName }
     } = useRuntimeConfig(event).nuxtCore.authts.sessions;
-    const session = await getSession(event.context.sessionId, { storageName, storagePrefix, secret });
+    const session = event.context.session;
     if (session) {
       const cookieValue = secret ? signSessionId(session.id, secret) : session.id;
-      event.context.sessionId = session.id;
       setCookie(event, cookieName, cookieValue, {
         ...cookieOpts,
         expires: new Date(session.expiresAt)

package/dist/runtime/types/nitro.d.ts

@@ -1,9 +1,9 @@
-import type { CoreLogInstance, CoreLogLevel, NuxtAuthOptions } from '@devcoffee/nuxt-core'
+import type { CoreLogInstance, CoreLogLevel, NuxtAuthOptions, SessionContext } from '@devcoffee/nuxt-core'
 
 declare module 'h3' {
   interface H3EventContext {
     logger: CoreLogInstance
-    sessionId: string
+    session: SessionContext | null
   }
 }
 

package/package.json

@@ -1,6 +1,9 @@
 {
   "name": "@devcoffee/nuxt-core",
-  "version": "1.1.1",
+  "version": "1.2.3",
+  "publishConfig": {
+    "access": "public"
+  },
   "author": "Hieu Nguyen <hieunguyen@devcoffee.tech>",
   "description": "Nuxt 4 module providing OpenID Connect / OAuth 2.0 authorization code grant with PKCE, server-side session management via Nitro, client-side auth state composables, and universal route protection middleware.",
   "keywords": [
@@ -51,13 +54,15 @@
     "dev:build": "nuxi build playground",
     "prepack": "nuxt-module-build build",
     "release": "npm run lint && npm run test:all && npm run prepack && changelogen --release && npm publish && git push --follow-tags",
-    "lint": "eslint --fix src test",
+    "lint": "eslint",
+    "lint:fix": "eslint --fix",
     "test": "cross-env NODE_OPTIONS=--no-deprecation vitest run test/unit",
     "test:e2e": "cross-env NODE_OPTIONS=--no-deprecation vitest run test/e2e",
     "test:e2e:ui": "cross-env NODE_OPTIONS=--no-deprecation PLAYWRIGHT_HEADLESS=false vitest run test/e2e",
     "test:all": "cross-env NODE_OPTIONS=--no-deprecation vitest run",
     "test:watch": "cross-env NODE_OPTIONS=--no-deprecation vitest watch test/unit",
-    "test:types": "vue-tsc --noEmit src --skipLibCheck --strict"
+    "test:types": "vue-tsc --noEmit",
+    "typecheck": "vue-tsc --noEmit -p .nuxt/tsconfig.app.json"
   },
   "dependencies": {
     "@nuxt/kit": "^4.1.3",

package/dist/runtime/app/pages/authorize.d.vue.ts

@@ -1,3 +0,0 @@
-declare const __VLS_export: import("vue").DefineComponent<{}, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {}, string, import("vue").PublicProps, Readonly<{}> & Readonly<{}>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, true, {}, any>;
-declare const _default: typeof __VLS_export;
-export default _default;

package/dist/runtime/app/pages/authorize.vue

@@ -1,32 +0,0 @@
-<script setup>
-import { computed, onMounted } from "vue";
-import { createError, useRoute } from "#app";
-import { useAuthContext } from "#imports";
-const { query } = useRoute();
-const { authorize } = useAuthContext("core.app.pages.authorize");
-const searchParms = computed(() => {
-  const params = new URLSearchParams();
-  if (query.code) {
-    params.set("code", query.code);
-  }
-  if (query.state) {
-    params.set("state", query.state);
-  }
-  return params;
-});
-if (!searchParms.value.has("code")) {
-  throw createError({
-    status: 400,
-    message: "Invalid code params"
-  });
-}
-onMounted(async () => {
-  if (searchParms.value.has("code")) {
-    await authorize(searchParms.value);
-  }
-});
-</script>
-
-<template>
-  <div>Nuxt module auth callback!</div>
-</template>

package/dist/runtime/app/pages/authorize.vue.d.ts

@@ -1,3 +0,0 @@
-declare const __VLS_export: import("vue").DefineComponent<{}, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {}, string, import("vue").PublicProps, Readonly<{}> & Readonly<{}>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, true, {}, any>;
-declare const _default: typeof __VLS_export;
-export default _default;