@meistrari/auth-nuxt 3.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/module.json +1 -1
- package/dist/runtime/composables/application-auth.js +5 -0
- package/dist/runtime/plugins/application-token-refresh.js +7 -6
- package/dist/runtime/plugins/auth-guard.js +19 -16
- package/dist/runtime/server/routes/auth/callback.js +7 -0
- package/dist/runtime/server/utils/require-auth.js +0 -4
- package/dist/runtime/types/page-meta.d.ts +1 -4
- package/package.json +1 -1
package/dist/module.json
CHANGED
|
@@ -33,6 +33,11 @@ export function useTelaApplicationAuth() {
|
|
|
33
33
|
throw new AuthorizationFlowError("The login function can only be called on the client side.");
|
|
34
34
|
}
|
|
35
35
|
const { state: stateKey, challenge: codeChallenge } = await $fetch("/auth/login", { method: "POST" });
|
|
36
|
+
const returnTo = new URL(window.location.href).searchParams.get("returnTo");
|
|
37
|
+
if (returnTo && returnTo.startsWith("/") && !returnTo.startsWith("//")) {
|
|
38
|
+
const returnUrlCookie = useCookie("tela-return-url", { sameSite: "lax", path: "/" });
|
|
39
|
+
returnUrlCookie.value = returnTo;
|
|
40
|
+
}
|
|
36
41
|
const url = new URL("/applications/login", appConfig.application?.dashboardUrl);
|
|
37
42
|
url.searchParams.set("application_id", applicationId);
|
|
38
43
|
url.searchParams.set("code_challenge", codeChallenge);
|
|
@@ -43,13 +43,14 @@ export default defineNuxtPlugin({
|
|
|
43
43
|
refreshTokenCookie.value = refreshToken2;
|
|
44
44
|
state.user.value = user2;
|
|
45
45
|
state.activeOrganization.value = organization2;
|
|
46
|
-
return;
|
|
46
|
+
return true;
|
|
47
47
|
}
|
|
48
48
|
const { user, organization } = await $fetch("/auth/refresh", {
|
|
49
49
|
method: "POST"
|
|
50
50
|
});
|
|
51
51
|
state.user.value = user;
|
|
52
52
|
state.activeOrganization.value = organization;
|
|
53
|
+
return true;
|
|
53
54
|
} catch {
|
|
54
55
|
await sdkLogout();
|
|
55
56
|
if (import.meta.client) {
|
|
@@ -69,11 +70,11 @@ export default defineNuxtPlugin({
|
|
|
69
70
|
clearTimeout(tokenRefreshInterval);
|
|
70
71
|
tokenRefreshInterval = null;
|
|
71
72
|
}
|
|
72
|
-
if (!accessTokenCookie.value) {
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
73
|
+
if (!accessTokenCookie.value || isTokenExpired(accessTokenCookie.value, TWO_MINUTES)) {
|
|
74
|
+
const result = await refreshToken();
|
|
75
|
+
if (!result) {
|
|
76
|
+
return;
|
|
77
|
+
}
|
|
77
78
|
}
|
|
78
79
|
const expiry = parseTokenExpiry(accessTokenCookie.value);
|
|
79
80
|
if (!expiry) {
|
|
@@ -5,35 +5,38 @@ export default defineNuxtPlugin(() => {
|
|
|
5
5
|
const authConfig = config.public.telaAuth;
|
|
6
6
|
const loginPath = authConfig.application?.loginPath ?? "/login";
|
|
7
7
|
const unauthorizedPath = authConfig.application?.unauthorizedPath ?? "/unauthorized";
|
|
8
|
+
const exemptPaths = [loginPath, unauthorizedPath];
|
|
8
9
|
addRouteMiddleware("auth-guard", async (to) => {
|
|
9
10
|
const authMeta = to.meta?.auth;
|
|
10
|
-
|
|
11
|
+
const path = decodeURI(to.path);
|
|
12
|
+
if (authMeta === false || exemptPaths.includes(path)) {
|
|
11
13
|
return;
|
|
12
14
|
}
|
|
13
15
|
const token = useCookie("tela-access-token");
|
|
14
16
|
if (!token.value) {
|
|
15
17
|
return await navigateTo({
|
|
16
18
|
path: loginPath,
|
|
17
|
-
query: {
|
|
19
|
+
query: { returnTo: to.fullPath }
|
|
18
20
|
});
|
|
19
21
|
}
|
|
20
|
-
if (authMeta
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
query: { redirect: to.fullPath }
|
|
28
|
-
});
|
|
29
|
-
}
|
|
30
|
-
} catch (error) {
|
|
31
|
-
console.error("Failed to decode token:", error);
|
|
22
|
+
if (!authMeta?.roles?.length) {
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
try {
|
|
26
|
+
const payload = decodeJwt(token.value);
|
|
27
|
+
const userRole = payload.user?.role;
|
|
28
|
+
if (!userRole || !authMeta.roles.includes(userRole)) {
|
|
32
29
|
return await navigateTo({
|
|
33
|
-
path:
|
|
34
|
-
query: {
|
|
30
|
+
path: unauthorizedPath,
|
|
31
|
+
query: { returnTo: to.fullPath }
|
|
35
32
|
});
|
|
36
33
|
}
|
|
34
|
+
} catch (error) {
|
|
35
|
+
console.error("Failed to decode token:", error);
|
|
36
|
+
return await navigateTo({
|
|
37
|
+
path: loginPath,
|
|
38
|
+
query: { returnTo: to.fullPath }
|
|
39
|
+
});
|
|
37
40
|
}
|
|
38
41
|
}, { global: true });
|
|
39
42
|
});
|
|
@@ -40,6 +40,13 @@ export default defineEventHandler(async (event) => {
|
|
|
40
40
|
path: "/"
|
|
41
41
|
});
|
|
42
42
|
deleteCookie(event, `tela-verifier-${state}`, { path: "/" });
|
|
43
|
+
const returnUrlCookie = getCookie(event, "tela-return-url");
|
|
44
|
+
if (returnUrlCookie) {
|
|
45
|
+
deleteCookie(event, "tela-return-url", { path: "/" });
|
|
46
|
+
if (returnUrlCookie.startsWith("/") && !returnUrlCookie.startsWith("//")) {
|
|
47
|
+
return await sendRedirect(event, returnUrlCookie);
|
|
48
|
+
}
|
|
49
|
+
}
|
|
43
50
|
return await sendRedirect(event, "/");
|
|
44
51
|
} catch (error) {
|
|
45
52
|
console.error("[Auth Callback] OAuth flow error:", error);
|
|
@@ -3,10 +3,6 @@ import { createRemoteJWKSet, jwtVerify } from "jose";
|
|
|
3
3
|
import { useRuntimeConfig } from "nitropack/runtime";
|
|
4
4
|
export function requireAuth(handler, options) {
|
|
5
5
|
return defineEventHandler(async (event) => {
|
|
6
|
-
const moduleOptions = useRuntimeConfig(event).public.telaAuth;
|
|
7
|
-
if (!moduleOptions.skipServerMiddleware && !options?.roles && import.meta.dev) {
|
|
8
|
-
console.warn("You have enabled the global server middleware, meaning you only need to use requireAuth() on routes that require specific roles.", `Triggered at ${event.path}`);
|
|
9
|
-
}
|
|
10
6
|
if (event.context.auth?.user && event.context.auth?.token) {
|
|
11
7
|
if (import.meta.dev) {
|
|
12
8
|
console.debug("Using existing auth context from global server middleware");
|