@habityzer/nuxt-symfony-kinde-layer 2.2.2 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/app/plugins/auth-guard.client.ts +7 -3
  3. package/nuxt.config.ts +13 -3
  4. package/package.json +1 -1
  5. package/server/middleware/auth-guard.ts +7 -3
  6. package/types/kinde-auth.d.ts +5 -0
package/CHANGELOG.md CHANGED
@@ -1,3 +1,17 @@
1
+ # [2.4.0](https://github.com/Habityzer/nuxt-symfony-kinde-layer/compare/v2.3.0...v2.4.0) (2026-03-16)
2
+
3
+
4
+ ### Features
5
+
6
+ * Add support from native login ([5c40492](https://github.com/Habityzer/nuxt-symfony-kinde-layer/commit/5c4049205c7376c41d76ba14aeaf0d0362c5937e))
7
+
8
+ # [2.3.0](https://github.com/Habityzer/nuxt-symfony-kinde-layer/compare/v2.2.2...v2.3.0) (2026-02-21)
9
+
10
+
11
+ ### Features
12
+
13
+ * Enhance Kinde authentication middleware configuration ([f04dc26](https://github.com/Habityzer/nuxt-symfony-kinde-layer/commit/f04dc268b1ae0b4bfb096839bbc3673403fc7199))
14
+
1
15
  ## [2.2.2](https://github.com/Habityzer/nuxt-symfony-kinde-layer/compare/v2.2.1...v2.2.2) (2026-02-18)
2
16
 
3
17
 
package/app/plugins/auth-guard.client.ts CHANGED
@@ -15,7 +15,9 @@ export default defineNuxtPlugin(() => {
15
15
  const idToken = useCookie<string | null>(`${cookiePrefix}${idTokenBaseName}`)
16
16
  const accessToken = useCookie<string | null>(`${cookiePrefix}${accessTokenBaseName}`)
17
17
  const e2eToken = useCookie<string | null>(`${cookiePrefix}${e2eTokenCookieName}`)
18
+ const mode = middlewareConfig.mode || 'privateByDefault'
18
19
  const publicRoutes: string[] = middlewareConfig.publicRoutes || ['/']
20
+ const protectedRoutes: string[] = middlewareConfig.protectedRoutes || []
19
21
  const loginPath = requireString(middlewareConfig.loginPath, 'kindeAuth.middleware.loginPath')
20
22
 
21
23
  router.beforeEach((to) => {
@@ -23,9 +25,11 @@ export default defineNuxtPlugin(() => {
23
25
  return true
24
26
  }
25
27
 
26
- const isPublicRoute = publicRoutes.some(route => to.path === route || to.path.startsWith(`${route}/`))
27
- logClient('route-check', { path: to.path, isPublicRoute })
28
- if (isPublicRoute) {
28
+ const requiresAuth = mode === 'publicByDefault'
29
+ ? protectedRoutes.some(route => to.path === route || to.path.startsWith(`${route}/`))
30
+ : !publicRoutes.some(route => to.path === route || to.path.startsWith(`${route}/`))
31
+ logClient('route-check', { path: to.path, mode, requiresAuth })
32
+ if (!requiresAuth) {
29
33
  return true
30
34
  }
31
35
 
package/nuxt.config.ts CHANGED
@@ -50,7 +50,9 @@ export default defineNuxtConfig({
50
50
  refreshTokenName: AUTH_REFRESH_TOKEN_NAME
51
51
  },
52
52
  middleware: {
53
- publicRoutes: [], // Default, projects override this
53
+ mode: 'privateByDefault' as const,
54
+ publicRoutes: [],
55
+ protectedRoutes: [],
54
56
  loginPath: AUTH_LOGIN_PATH,
55
57
  clockSkewSeconds: AUTH_CLOCK_SKEW_SECONDS,
56
58
  appTokenPrefix: AUTH_APP_TOKEN_PREFIX,
@@ -78,6 +80,12 @@ export default defineNuxtConfig({
78
80
  if (!Array.isArray(runtimeMiddleware.publicRoutes) && Array.isArray(kindeModuleMiddleware.publicRoutes)) {
79
81
  runtimeMiddleware.publicRoutes = kindeModuleMiddleware.publicRoutes
80
82
  }
83
+ if (Array.isArray(kindeModuleMiddleware.protectedRoutes)) {
84
+ runtimeMiddleware.protectedRoutes = kindeModuleMiddleware.protectedRoutes
85
+ }
86
+ if (kindeModuleMiddleware.mode === 'publicByDefault' || kindeModuleMiddleware.mode === 'privateByDefault') {
87
+ runtimeMiddleware.mode = kindeModuleMiddleware.mode
88
+ }
81
89
 
82
90
  runtimeKindeAuth.cookie = runtimeCookie
83
91
  runtimeKindeAuth.middleware = runtimeMiddleware
@@ -89,7 +97,7 @@ export default defineNuxtConfig({
89
97
  assertRequiredString(kindeModuleCookie.prefix, 'kindeAuth.cookie.prefix')
90
98
  assertRequiredString(kindeModuleConfig.authDomain, 'kindeAuth.authDomain')
91
99
  assertRequiredString(kindeModuleConfig.clientId, 'kindeAuth.clientId')
92
- assertRequiredString(kindeModuleConfig.clientSecret, 'kindeAuth.clientSecret')
100
+ // clientSecret is optional for Frontend/PKCE apps
93
101
  assertRequiredString(kindeModuleConfig.redirectURL, 'kindeAuth.redirectURL')
94
102
  assertRequiredString(kindeModuleConfig.logoutRedirectURL, 'kindeAuth.logoutRedirectURL')
95
103
  }
@@ -124,7 +132,9 @@ export default defineNuxtConfig({
124
132
  middleware: {
125
133
  enabled: false, // Disabled - using custom middleware from layer
126
134
  global: false,
127
- publicRoutes: [] // Projects can override
135
+ mode: 'privateByDefault',
136
+ publicRoutes: [],
137
+ protectedRoutes: [] // Projects can override
128
138
  },
129
139
  debug: {
130
140
  enabled: process.env.NODE_ENV !== 'production'
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@habityzer/nuxt-symfony-kinde-layer",
3
- "version": "2.2.2",
3
+ "version": "2.4.0",
4
4
  "description": "Shared Nuxt layer for Symfony + Kinde authentication integration",
5
5
  "type": "module",
6
6
  "main": "./nuxt.config.ts",
package/server/middleware/auth-guard.ts CHANGED
@@ -12,17 +12,21 @@ export default defineEventHandler((event) => {
12
12
  const kindeConfig = config.public.kindeAuth || {}
13
13
  const middlewareConfig = kindeConfig.middleware || {}
14
14
  const cookieConfig = kindeConfig.cookie || {}
15
+ const mode = middlewareConfig.mode || 'privateByDefault'
15
16
  const publicRoutes: string[] = middlewareConfig.publicRoutes || ['/']
17
+ const protectedRoutes: string[] = middlewareConfig.protectedRoutes || []
16
18
  const loginPath = requireString(middlewareConfig.loginPath, 'kindeAuth.middleware.loginPath')
17
19
  const appTokenPrefix = requireString(middlewareConfig.appTokenPrefix, 'kindeAuth.middleware.appTokenPrefix')
18
20
  const e2eTokenCookieName = requireString(middlewareConfig.e2eTokenCookieName, 'kindeAuth.middleware.e2eTokenCookieName')
19
21
  const clockSkewSeconds = requireNonNegativeNumber(middlewareConfig.clockSkewSeconds, 'kindeAuth.middleware.clockSkewSeconds')
20
22
  const idTokenBaseName = requireString(cookieConfig.idTokenName, 'kindeAuth.cookie.idTokenName')
21
23
  const accessTokenBaseName = requireString(cookieConfig.accessTokenName, 'kindeAuth.cookie.accessTokenName')
22
- const isPublicRoute = publicRoutes.some(route => path === route || path.startsWith(`${route}/`))
24
+ const requiresAuth = mode === 'publicByDefault'
25
+ ? protectedRoutes.some(route => path === route || path.startsWith(`${route}/`))
26
+ : !publicRoutes.some(route => path === route || path.startsWith(`${route}/`))
23
27
 
24
- logServer('route-check', { path, isPublicRoute })
25
- if (isPublicRoute) {
28
+ logServer('route-check', { path, mode, requiresAuth })
29
+ if (!requiresAuth) {
26
30
  return
27
31
  }
28
32
 
package/types/kinde-auth.d.ts CHANGED
@@ -13,7 +13,10 @@ declare module '@habityzer/nuxt-kinde-auth' {
13
13
  middleware?: {
14
14
  enabled?: boolean
15
15
  global?: boolean
16
+ /** 'privateByDefault' = protect all except publicRoutes; 'publicByDefault' = protect only protectedRoutes */
17
+ mode?: 'privateByDefault' | 'publicByDefault'
16
18
  publicRoutes?: string[]
19
+ protectedRoutes?: string[]
17
20
  publicApiRoutes?: string[]
18
21
  e2eTokenCookieName?: string
19
22
  appTokenPrefix?: string
@@ -37,7 +40,9 @@ export interface KindeAuthRuntimeConfig {
37
40
  middleware?: {
38
41
  enabled?: boolean
39
42
  global?: boolean
43
+ mode?: 'privateByDefault' | 'publicByDefault'
40
44
  publicRoutes?: string[]
45
+ protectedRoutes?: string[]
41
46
  publicApiRoutes?: string[]
42
47
  e2eTokenCookieName?: string
43
48
  appTokenPrefix?: string