@innertia-solutions/nuxt-app 0.1.0

package/composables/useApi.js

@@ -0,0 +1,60 @@
+// useRequestInterceptors auto-imported from nuxt-core
+// useAuthStore auto-imported from this package
+
+export function useApi() {
+  const config = useRuntimeConfig()
+  const baseUrl = config.public.apiBaseUrl || '/api'
+  const loginPath = config.public.loginPath || '/login'
+
+  const { run, add } = useRequestInterceptors()
+
+  async function makeRequest(method, path, body = null, options = {}) {
+    const headers = { 'Content-Type': 'application/json', 'Accept': 'application/json' }
+    run(headers, options)
+
+    const cleanPath = path.startsWith('/') ? path.slice(1) : path
+    const url = `${baseUrl}/${cleanPath}`
+
+    const fetchOptions = { method, headers }
+    if (body !== null) fetchOptions.body = JSON.stringify(body)
+
+    const response = await fetch(url, fetchOptions)
+
+    if (response.status === 401) {
+      const authStore = useAuthStore()
+      authStore.logout()
+      await navigateTo(loginPath)
+      return null
+    }
+
+    const contentType = response.headers.get('content-type') ?? ''
+    const data = contentType.includes('application/json') ? await response.json() : await response.text()
+
+    if (!response.ok) {
+      const err = new Error(`API error ${response.status}`)
+      err.status = response.status
+      err.data = data
+      throw err
+    }
+
+    return data
+  }
+
+  const get    = (path, options = {}) => makeRequest('GET',    path, null, options)
+  const post   = (path, body, options = {}) => makeRequest('POST',   path, body, options)
+  const put    = (path, body, options = {}) => makeRequest('PUT',    path, body, options)
+  const patch  = (path, body, options = {}) => makeRequest('PATCH',  path, body, options)
+  const del    = (path, options = {}) => makeRequest('DELETE', path, null, options)
+
+  // *Sync aliases — same methods, named for clarity in call sites
+  const getSync    = get
+  const postSync   = post
+  const putSync    = put
+  const patchSync  = patch
+  const deleteSync = del
+
+  /** Shortcut to add an interceptor from a composable or plugin */
+  const addInterceptor = (fn) => add(fn)
+
+  return { get, post, put, patch, delete: del, getSync, postSync, putSync, patchSync, deleteSync, addInterceptor }
+}

package/composables/useAuth.js

@@ -0,0 +1,68 @@
+// useAuthStore, useApi auto-imported
+
+export function useAuth() {
+  const authStore = useAuthStore()
+  const api = useApi()
+  const config = useRuntimeConfig()
+  const loginPath = config.public.loginPath || '/login'
+
+  /**
+   * Standard login (email + password).
+   * context: role/area slug used in the API path (e.g. 'admin', 'technician').
+   */
+  async function performLogin(context, email, password, remember = false) {
+    authStore.rememberUser = remember
+    const data = await api.post(`${context}/auth/login`, { email, password })
+    authStore.saveToken(data.access_token)
+    authStore.setCurrentContext(context)
+    await fetchMe()
+    return data
+  }
+
+  /**
+   * Load current user, permissions, and available contexts from the API.
+   * Called after login and after context switch.
+   */
+  async function fetchMe() {
+    const data = await api.get('auth/me')
+    authStore.saveUser(data.user)
+    authStore.savePermissions(data.permissions ?? [])
+    authStore.availableContexts = data.availableContexts ?? []
+    return data
+  }
+
+  /**
+   * Logout: best-effort POST to backend, then clear local state and redirect.
+   */
+  async function logout() {
+    try {
+      await api.post('auth/logout', {})
+    } catch {
+      // best-effort — ignore network failures
+    }
+    authStore.logout()
+    await navigateTo(loginPath)
+  }
+
+  /**
+   * Get the OAuth redirect URL for a provider.
+   * Returns the URL string from the backend.
+   */
+  async function getOauthRedirectUrl(context, provider) {
+    const data = await api.get(`${context}/auth/oauth/${provider}/redirect`)
+    return data.url
+  }
+
+  /**
+   * Handle OAuth callback. Same success path as performLogin.
+   */
+  async function handleOauthCallback(context, provider, code) {
+    const data = await api.post(`${context}/auth/oauth/${provider}/callback`, { code })
+    authStore.saveToken(data.access_token)
+    authStore.setCurrentContext(context)
+    await fetchMe()
+    return data
+  }
+
+  return { performLogin, fetchMe, logout, getOauthRedirectUrl, handleOauthCallback }
+}

package/composables/useContext.js

@@ -0,0 +1,44 @@
+// useAuthStore, useApi, useAuth auto-imported
+import { computed } from 'vue'
+
+export function useContext() {
+  const authStore = useAuthStore()
+  const api = useApi()
+  const { fetchMe } = useAuth()
+
+  const currentContext = computed(() => authStore.currentContext)
+  const availableContexts = computed(() => authStore.availableContexts)
+
+  /**
+   * Check whether user has permission to switch to targetContext.
+   * Returns:
+   *   { success: false, reason: 'no_permission' }  — user cannot switch
+   *   { success: true, requiresConfirmation: true } — show confirmation UI
+   */
+  async function switchContext(targetContext) {
+    const data = await api.get(`auth/context/${targetContext}/check`)
+    if (!data.hasAccess) {
+      return { success: false, reason: 'no_permission' }
+    }
+    return { success: true, requiresConfirmation: true }
+  }
+
+  /**
+   * Execute the context switch after user confirmation.
+   * Updates store and reloads permissions via fetchMe.
+   */
+  async function confirmSwitch(targetContext) {
+    authStore.setCurrentContext(targetContext)
+    await fetchMe()
+    return { success: true }
+  }
+
+  /**
+   * Quick synchronous check — is this context in the available list?
+   */
+  function hasAccessToContext(context) {
+    return authStore.availableContexts.includes(context)
+  }
+
+  return { currentContext, availableContexts, switchContext, confirmSwitch, hasAccessToContext }
+}

package/composables/usePermissions.js

@@ -0,0 +1,19 @@
+// useAuthStore auto-imported
+
+export function usePermissions() {
+  const authStore = useAuthStore()
+
+  /** Check a single permission string */
+  const can = (permission) => authStore.permissions.includes(permission)
+
+  /** Check a single role string */
+  const hasRole = (role) => authStore.user?.roles?.includes(role) ?? false
+
+  /** True if user has at least one of the given permissions */
+  const hasAny = (permissions) => permissions.some(p => authStore.permissions.includes(p))
+
+  /** True if user has all of the given permissions */
+  const hasAll = (permissions) => permissions.every(p => authStore.permissions.includes(p))
+
+  return { can, hasRole, hasAny, hasAll }
+}

package/middleware/auth.ts

@@ -0,0 +1,9 @@
+// Redirect unauthenticated users to login.
+// useAuthStore auto-imported from nuxt-app stores.
+export default defineNuxtRouteMiddleware(() => {
+  const authStore = useAuthStore()
+  const config = useRuntimeConfig()
+  if (!authStore.isAuthenticated()) {
+    return navigateTo(config.public.loginPath || '/login')
+  }
+})

package/middleware/guest.ts

@@ -0,0 +1,9 @@
+// Redirect already-authenticated users away from guest-only pages (login, register).
+// useAuthStore auto-imported from nuxt-app stores.
+export default defineNuxtRouteMiddleware(() => {
+  const authStore = useAuthStore()
+  const config = useRuntimeConfig()
+  if (authStore.isAuthenticated()) {
+    return navigateTo(config.public.homePath || '/')
+  }
+})

package/nuxt.config.ts

@@ -0,0 +1,4 @@
+export default defineNuxtConfig({
+  extends: ['@innertia-solutions/nuxt-core'],
+  imports: { dirs: ['stores', 'composables'] },
+})

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@innertia-solutions/nuxt-app",
+  "version": "0.1.0",
+  "description": "Innertia Solutions — Nuxt app layer: auth, context, permissions, API client",
+  "keywords": ["nuxt", "vue", "pinia", "auth", "permissions", "context"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/innertia-solutions/innertia-nuxt"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "./nuxt.config.ts",
+  "exports": {
+    ".": "./nuxt.config.ts"
+  },
+  "peerDependencies": {
+    "nuxt": ">=4.0.0",
+    "vue": ">=3.5.0"
+  },
+  "dependencies": {
+    "@innertia-solutions/nuxt-core": "^0.1.3"
+  },
+  "devDependencies": {
+    "nuxt": "^4.4.2",
+    "vue": "^3.5.0"
+  }
+}

package/plugins/api-auth.client.ts

@@ -0,0 +1,13 @@
+// Registers the Authorization header interceptor into the shared registry.
+// Runs only on the client (cookie-based token is not available on the server).
+export default defineNuxtPlugin(() => {
+  const { add } = useRequestInterceptors()
+  const authStore = useAuthStore()
+
+  add((headers: Record<string, string>, options: Record<string, unknown>) => {
+    if (options.useToken !== false) {
+      const token = authStore.getToken()
+      if (token) headers['Authorization'] = `Bearer ${token}`
+    }
+  })
+})

package/plugins/auth-init.client.ts

@@ -0,0 +1,8 @@
+// On app boot: if the stored token exists but is expired, clear auth state silently.
+// This prevents stale tokens from reaching the API.
+export default defineNuxtPlugin(() => {
+  const authStore = useAuthStore()
+  if (authStore.token && !authStore.isAuthenticated()) {
+    authStore.logout()
+  }
+})

package/stores/auth.js

@@ -0,0 +1,116 @@
+import { defineStore } from 'pinia'
+
+// ─── cookie helpers ────────────────────────────────────────────────────────
+// Never call useCookie() inside Pinia actions — it throws outside Vue setup.
+// Pattern: try useCookie (works in setup), catch → document.cookie fallback.
+
+function _setCookie(name, value, maxAgeSeconds) {
+  try {
+    const isDev = import.meta.env?.DEV ?? false
+    const cookie = useCookie(name, { maxAge: maxAgeSeconds, sameSite: 'lax', secure: !isDev })
+    cookie.value = typeof value === 'object' ? JSON.stringify(value) : value
+  } catch {
+    if (import.meta.client) {
+      const expires = maxAgeSeconds ? `; Max-Age=${Math.floor(maxAgeSeconds)}` : ''
+      const val = typeof value === 'object' ? JSON.stringify(value) : value
+      document.cookie = `${name}=${encodeURIComponent(val)}${expires}; path=/; SameSite=Lax`
+    }
+  }
+}
+
+function _getCookie(name) {
+  try {
+    const cookie = useCookie(name)
+    return cookie.value ?? null
+  } catch {
+    if (import.meta.client) {
+      const match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'))
+      return match ? decodeURIComponent(match[1]) : null
+    }
+    return null
+  }
+}
+
+function _deleteCookie(name) {
+  try {
+    const cookie = useCookie(name)
+    cookie.value = null
+  } catch {
+    if (import.meta.client) {
+      document.cookie = `${name}=; Max-Age=0; path=/`
+    }
+  }
+}
+
+// ─── JWT decode (no lib) ───────────────────────────────────────────────────
+function _decodeJwtExpiry(token) {
+  try {
+    const payload = JSON.parse(atob(token.split('.')[1]))
+    return payload.exp ?? null
+  } catch {
+    return null
+  }
+}
+
+// ─── store ─────────────────────────────────────────────────────────────────
+export const useAuthStore = defineStore('auth', {
+  state: () => ({
+    token: null,
+    user: null,
+    currentContext: null,
+    availableContexts: [],
+    permissions: [],
+    rememberUser: false,
+  }),
+
+  persist: {
+    pick: ['token', 'user', 'currentContext', 'availableContexts'],
+  },
+
+  actions: {
+    // ── token ──────────────────────────────────────────────────────────────
+    saveToken(token) {
+      this.token = token
+      _setCookie('auth_token', token, 60 * 60 * 24 * 7) // 7 days
+    },
+
+    getToken() {
+      return this.token ?? _getCookie('auth_token')
+    },
+
+    isAuthenticated() {
+      const token = this.getToken()
+      if (!token) return false
+      const exp = _decodeJwtExpiry(token)
+      if (exp === null) return true // non-JWT or no expiry claim → treat as valid
+      return Date.now() / 1000 < exp
+    },
+
+    // ── user ───────────────────────────────────────────────────────────────
+    saveUser(user) {
+      this.user = user
+      _setCookie('auth_user', user, 60 * 60 * 24 * 7)
+    },
+
+    // ── context ────────────────────────────────────────────────────────────
+    setCurrentContext(context) {
+      this.currentContext = context
+    },
+
+    // ── permissions ────────────────────────────────────────────────────────
+    savePermissions(permissions) {
+      this.permissions = permissions ?? []
+    },
+
+    // ── logout ─────────────────────────────────────────────────────────────
+    logout() {
+      this.token = null
+      this.user = null
+      this.currentContext = null
+      this.availableContexts = []
+      this.permissions = []
+      _deleteCookie('auth_token')
+      _deleteCookie('auth_user')
+    },
+  },
+})