@meistrari/auth-nuxt 2.3.0 → 2.4.0

package/README.md

@@ -8,6 +8,13 @@ A Nuxt module that provides comprehensive authentication, organization managemen
 npm install @meistrari/auth-nuxt
 ```
 
+## Prerequisites
+
+Before setting up the SDK, make sure the following are configured in the Auth API:
+
+1. **Allowed Origins**: Your application URL (e.g., `https://your-app.com`) must be added to the allowed origins list in the Auth API. This ensures the Auth API accepts requests from your application.
+2. **Allowed Email Domains**: The email domains of users who will access the application must be added to the allowed email domains list in the Auth API. For example, if your users sign in with `@company.com` emails, that domain must be whitelisted.
+
 ## Setup
 
 Add the module to your `nuxt.config.ts`:

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "@meistrari/auth-nuxt",
   "configKey": "telaAuth",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -66,6 +66,11 @@ const module$1 = defineNuxtModule({
         handler: resolver.resolve("./runtime/server/routes/auth/switch-organization"),
         method: "post"
       });
+      addServerHandler({
+        route: "/auth/whoami",
+        handler: resolver.resolve("./runtime/server/routes/auth/whoami"),
+        method: "get"
+      });
       addPlugin(resolver.resolve("./runtime/plugins/application-token-refresh"));
       addPlugin(resolver.resolve("./runtime/plugins/auth-guard"));
       addPlugin(resolver.resolve("./runtime/plugins/directives"));

package/dist/runtime/composables/application-auth.d.ts

@@ -40,6 +40,7 @@ export declare function useTelaApplicationAuth(): {
     getAvailableOrganizations: () => Promise<FullOrganization[]>;
     switchOrganization: (organizationId: string) => Promise<void>;
     refreshToken: () => Promise<void>;
+    getToken: () => Promise<string | null | undefined>;
     user: import("vue").Ref<{
         id: string;
         createdAt: Date;

package/dist/runtime/composables/application-auth.js

@@ -1,6 +1,7 @@
 import { navigateTo, useCookie, useRuntimeConfig } from "#app";
 import { AuthorizationFlowError, isTokenExpired, RefreshTokenExpiredError, UserNotLoggedInError } from "@meistrari/auth-core";
 import { useApplicationSessionState } from "./state.js";
+import { willTokenExpireIn } from "../helpers/token.js";
 const FIFTEEN_MINUTES = 60 * 15;
 const ONE_MINUTE = 60 * 1e3;
 export function useTelaApplicationAuth() {
@@ -87,6 +88,13 @@ export function useTelaApplicationAuth() {
       throw error;
     }
   }
+  async function getToken() {
+    const shouldRefresh = accessTokenCookie.value ? willTokenExpireIn(accessTokenCookie.value, ONE_MINUTE * 2) : true;
+    if (shouldRefresh) {
+      await refreshToken();
+    }
+    return accessTokenCookie.value;
+  }
   return {
     ...state,
     login,
@@ -94,6 +102,7 @@ export function useTelaApplicationAuth() {
     initSession,
     getAvailableOrganizations,
     switchOrganization,
-    refreshToken
+    refreshToken,
+    getToken
   };
 }

package/dist/runtime/composables/state.d.ts

@@ -105,30 +105,26 @@ export declare function useOrganizationState(): {
         role: "org:admin" | "org:member" | "org:reviewer";
         createdAt: Date;
         userId: string;
-        teamId?: string | undefined | undefined;
+        teamId?: string | undefined | undefined | undefined;
         user: {
             id: string;
             email: string;
             name: string;
             image?: string | undefined;
         };
-        deletedAt?: Date | undefined;
-        lastActiveAt?: Date | undefined;
     } | null, {
         id: string;
         organizationId: string;
         role: "org:admin" | "org:member" | "org:reviewer";
         createdAt: Date;
         userId: string;
-        teamId?: string | undefined | undefined;
+        teamId?: string | undefined | undefined | undefined;
         user: {
             id: string;
             email: string;
             name: string;
             image?: string | undefined;
         };
-        deletedAt?: Date | undefined;
-        lastActiveAt?: Date | undefined;
     } | null>;
 };
 export declare function useApplicationSessionState(): {

package/dist/runtime/helpers/token.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Parses a JWT token to extract its expiration time
+ *
+ * @param token - The JWT token string
+ * @returns The expiration timestamp in milliseconds, or null if parsing fails
+ */
+export declare function parseTokenExpiry(token: string): number | null;
+/**
+ * Checks if a JWT token will expire within a certain time window, or if it is already expired
+ *
+ * @param token - The JWT token string
+ * @param timeWindow - The time window in milliseconds
+ * @returns True if the token will expire within the time window, false otherwise
+ */
+export declare function willTokenExpireIn(token: string, timeWindow: number): boolean | 0;

package/dist/runtime/helpers/token.js

@@ -0,0 +1,19 @@
+import { decodeJwt } from "jose";
+export function parseTokenExpiry(token) {
+  try {
+    const payload = decodeJwt(token);
+    if (!payload.exp)
+      return null;
+    return payload.exp * 1e3;
+  } catch {
+    return null;
+  }
+}
+export function willTokenExpireIn(token, timeWindow) {
+  const now = Date.now();
+  const expiry = parseTokenExpiry(token);
+  if (expiry === null) {
+    return true;
+  }
+  return expiry && expiry - timeWindow <= now;
+}

package/dist/runtime/plugins/application-token-refresh.js

@@ -1,32 +1,12 @@
 import { defineNuxtPlugin, useCookie, useRuntimeConfig } from "#app";
 import { isTokenExpired } from "@meistrari/auth-core";
-import { decodeJwt } from "jose";
 import { useTelaApplicationAuth } from "../composables/application-auth.js";
 import { useApplicationSessionState } from "../composables/state.js";
 import { createNuxtAuthClient } from "../shared.js";
+import { parseTokenExpiry } from "../helpers/token.js";
 const SEVEN_DAYS = 60 * 60 * 24 * 7;
 const FIFTEEN_MINUTES = 60 * 15;
 const TWO_MINUTES = 2 * 60 * 1e3;
-function parseTokenExpiry(token) {
-  try {
-    const payload = decodeJwt(token);
-    if (!payload.exp)
-      return null;
-    return payload.exp * 1e3;
-  } catch {
-    return null;
-  }
-}
-function mapOrganization(organization) {
-  return {
-    name: organization.title,
-    id: organization.id,
-    createdAt: organization.createdAt,
-    logo: organization.avatarUrl,
-    metadata: organization.metadata,
-    slug: organization.slug ?? ""
-  };
-}
 export default defineNuxtPlugin({
   name: "tela-application-token-refresh",
   enforce: "post",
@@ -62,14 +42,14 @@ export default defineNuxtPlugin({
           accessTokenCookie.value = accessToken;
           refreshTokenCookie.value = refreshToken2;
           state.user.value = user2;
-          state.activeOrganization.value = mapOrganization(organization2);
+          state.activeOrganization.value = organization2;
           return;
         }
         const { user, organization } = await $fetch("/auth/refresh", {
           method: "POST"
         });
         state.user.value = user;
-        state.activeOrganization.value = mapOrganization(organization);
+        state.activeOrganization.value = organization;
       } catch {
         await sdkLogout();
         if (import.meta.client) {
@@ -107,7 +87,7 @@ export default defineNuxtPlugin({
         try {
           const data = await authClient.application.whoAmI(accessTokenCookie.value);
           state.user.value = data.user;
-          state.activeOrganization.value = mapOrganization(data.organization);
+          state.activeOrganization.value = data.organization;
         } catch (error) {
           console.error("[Tela Auth SDK] Failed to get user and organization:", error.message);
           if (!refreshTokenCookie.value) {
@@ -135,6 +115,17 @@ export default defineNuxtPlugin({
       return;
     }
     if (import.meta.client) {
+      if (!state.user.value && accessTokenCookie.value) {
+        try {
+          const { user, organization } = await $fetch("/auth/whoami", {
+            method: "GET"
+          });
+          state.user.value = user;
+          state.activeOrganization.value = organization;
+        } catch (error) {
+          console.error("[Tela Auth SDK] Failed to load user info on client startup:", error);
+        }
+      }
       void scheduleTokenRefresh();
     }
   }

package/dist/runtime/server/routes/auth/whoami.d.ts

@@ -0,0 +1,20 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+    success: boolean;
+    user: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+        twoFactorEnabled: boolean | null | undefined;
+        banned: boolean | null | undefined;
+        role?: string | null | undefined;
+        banReason?: string | null | undefined;
+        banExpires?: Date | null | undefined;
+        lastActiveAt?: Date | null | undefined;
+    };
+    organization: import("@meistrari/auth-core").FullOrganization;
+}>>;
+export default _default;

package/dist/runtime/server/routes/auth/whoami.js

@@ -0,0 +1,31 @@
+import { createError, useRuntimeConfig } from "#imports";
+import { defineEventHandler, getCookie } from "h3";
+import { createNuxtAuthClient } from "../../../shared.js";
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const authConfig = config.public.telaAuth;
+  const authClient = createNuxtAuthClient(authConfig.apiUrl, () => null, () => null);
+  const accessToken = getCookie(event, "tela-access-token");
+  if (!accessToken) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "No access token found"
+    });
+  }
+  try {
+    const { user, organization } = await authClient.application.whoAmI(accessToken);
+    return {
+      success: true,
+      user,
+      organization
+    };
+  } catch (error) {
+    console.error("[Auth WhoAmI] Failed to get user and organization:", error);
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Unauthorized",
+      message: "Failed to get user and organization"
+    });
+  }
+});

package/dist/runtime/server/utils/require-auth.js

@@ -3,7 +3,14 @@ import { createRemoteJWKSet, jwtVerify } from "jose";
 import { useRuntimeConfig } from "nitropack/runtime";
 export function requireAuth(handler, options) {
   return defineEventHandler(async (event) => {
+    const moduleOptions = useRuntimeConfig(event).public.telaAuth;
+    if (!moduleOptions.skipServerMiddleware && !options?.roles && import.meta.dev) {
+      console.warn("You have enabled the global server middleware, meaning you only need to use requireAuth() on routes that require specific roles.", `Triggered at ${event.path}`);
+    }
     if (event.context.auth?.user && event.context.auth?.token) {
+      if (import.meta.dev) {
+        console.debug("Using existing auth context from global server middleware");
+      }
       const user = event.context.auth.user;
       if (options?.roles && !options.roles.includes(user.role ?? "")) {
         throw createError({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meistrari/auth-nuxt",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "type": "module",
   "exports": {
     ".": {
@@ -31,7 +31,7 @@
     "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build"
   },
   "dependencies": {
-    "@meistrari/auth-core": "1.11.0",
+    "@meistrari/auth-core": "1.11.2",
     "jose": "6.1.3"
   },
   "peerDependencies": {