@meistrari/auth-nuxt 3.0.0 → 4.0.0

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "@meistrari/auth-nuxt",
   "configKey": "telaAuth",
-  "version": "2.1.3",
+  "version": "4.0.0",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/runtime/composables/application-auth.d.ts

@@ -1,4 +1,3 @@
-import type { FullOrganization } from '@meistrari/auth-core';
 /**
  * Composable for managing Tela application authentication with OAuth 2.0 PKCE flow
  *
@@ -41,34 +40,6 @@ export declare function useTelaApplicationAuth(): {
     switchOrganization: (organizationId: string) => Promise<void>;
     refreshToken: () => Promise<void>;
     getToken: () => Promise<string | null | undefined>;
-    user: import("vue").Ref<{
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null, {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null>;
-    activeOrganization: import("vue").Ref<FullOrganization | null, FullOrganization | null>;
+    user: import("vue").Ref<any, any>;
+    activeOrganization: import("vue").Ref<any, any>;
 };

package/dist/runtime/composables/application-auth.js

@@ -33,6 +33,11 @@ export function useTelaApplicationAuth() {
       throw new AuthorizationFlowError("The login function can only be called on the client side.");
     }
     const { state: stateKey, challenge: codeChallenge } = await $fetch("/auth/login", { method: "POST" });
+    const returnTo = new URL(window.location.href).searchParams.get("returnTo");
+    if (returnTo && returnTo.startsWith("/") && !returnTo.startsWith("//")) {
+      const returnUrlCookie = useCookie("tela-return-url", { sameSite: "lax", path: "/" });
+      returnUrlCookie.value = returnTo;
+    }
     const url = new URL("/applications/login", appConfig.application?.dashboardUrl);
     url.searchParams.set("application_id", applicationId);
     url.searchParams.set("code_challenge", codeChallenge);

package/dist/runtime/composables/state.d.ts

@@ -1,161 +1,20 @@
-import type { FullOrganization } from '@meistrari/auth-core';
 /**
  * Shared state for session management.
  * This module provides access to session-related state without creating circular dependencies.
  */
 export declare function useSessionState(): {
-    user: import("vue").Ref<{
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null, {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null>;
-    session: import("vue").Ref<{
-        user: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            email: string;
-            emailVerified: boolean;
-            name: string;
-            image?: string | null | undefined;
-            twoFactorEnabled: boolean | null | undefined;
-            banned: boolean | null | undefined;
-            role?: string | null | undefined;
-            banReason?: string | null | undefined;
-            banExpires?: Date | null | undefined;
-            lastActiveAt?: Date | null | undefined;
-        };
-        session: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            userId: string;
-            expiresAt: Date;
-            token: string;
-            ipAddress?: string | null | undefined;
-            userAgent?: string | null | undefined;
-            activeOrganizationId?: string | null | undefined;
-            activeTeamId?: string | null | undefined;
-            impersonatedBy?: string | null | undefined;
-        };
-    } | null, {
-        user: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            email: string;
-            emailVerified: boolean;
-            name: string;
-            image?: string | null | undefined;
-            twoFactorEnabled: boolean | null | undefined;
-            banned: boolean | null | undefined;
-            role?: string | null | undefined;
-            banReason?: string | null | undefined;
-            banExpires?: Date | null | undefined;
-            lastActiveAt?: Date | null | undefined;
-        };
-        session: {
-            id: string;
-            createdAt: Date;
-            updatedAt: Date;
-            userId: string;
-            expiresAt: Date;
-            token: string;
-            ipAddress?: string | null | undefined;
-            userAgent?: string | null | undefined;
-            activeOrganizationId?: string | null | undefined;
-            activeTeamId?: string | null | undefined;
-            impersonatedBy?: string | null | undefined;
-        };
-    } | null>;
+    user: import("vue").Ref<any, any>;
+    session: import("vue").Ref<any, any>;
 };
 /**
  * Shared state for organization management.
  * This module provides access to organization-related state without creating circular dependencies.
  */
 export declare function useOrganizationState(): {
-    activeOrganization: import("vue").Ref<FullOrganization | null, FullOrganization | null>;
-    activeMember: import("vue").Ref<{
-        id: string;
-        organizationId: string;
-        role: "org:admin" | "org:member" | "org:reviewer";
-        createdAt: Date;
-        userId: string;
-        teamId?: string | undefined | undefined | undefined;
-        user: {
-            id: string;
-            email: string;
-            name: string;
-            image?: string | undefined;
-        };
-    } | null, {
-        id: string;
-        organizationId: string;
-        role: "org:admin" | "org:member" | "org:reviewer";
-        createdAt: Date;
-        userId: string;
-        teamId?: string | undefined | undefined | undefined;
-        user: {
-            id: string;
-            email: string;
-            name: string;
-            image?: string | undefined;
-        };
-    } | null>;
+    activeOrganization: import("vue").Ref<any, any>;
+    activeMember: import("vue").Ref<any, any>;
 };
 export declare function useApplicationSessionState(): {
-    user: import("vue").Ref<{
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null, {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    } | null>;
-    activeOrganization: import("vue").Ref<FullOrganization | null, FullOrganization | null>;
+    user: import("vue").Ref<any, any>;
+    activeOrganization: import("vue").Ref<any, any>;
 };

package/dist/runtime/plugins/application-token-refresh.js

@@ -43,13 +43,14 @@ export default defineNuxtPlugin({
           refreshTokenCookie.value = refreshToken2;
           state.user.value = user2;
           state.activeOrganization.value = organization2;
-          return;
+          return true;
         }
         const { user, organization } = await $fetch("/auth/refresh", {
           method: "POST"
         });
         state.user.value = user;
         state.activeOrganization.value = organization;
+        return true;
       } catch {
         await sdkLogout();
         if (import.meta.client) {
@@ -69,11 +70,11 @@ export default defineNuxtPlugin({
         clearTimeout(tokenRefreshInterval);
         tokenRefreshInterval = null;
       }
-      if (!accessTokenCookie.value) {
-        return;
-      }
-      if (isTokenExpired(accessTokenCookie.value, TWO_MINUTES)) {
-        await refreshToken();
+      if (!accessTokenCookie.value || isTokenExpired(accessTokenCookie.value, TWO_MINUTES)) {
+        const result = await refreshToken();
+        if (!result) {
+          return;
+        }
       }
       const expiry = parseTokenExpiry(accessTokenCookie.value);
       if (!expiry) {

package/dist/runtime/plugins/auth-guard.js

@@ -5,35 +5,38 @@ export default defineNuxtPlugin(() => {
   const authConfig = config.public.telaAuth;
   const loginPath = authConfig.application?.loginPath ?? "/login";
   const unauthorizedPath = authConfig.application?.unauthorizedPath ?? "/unauthorized";
+  const exemptPaths = [loginPath, unauthorizedPath];
   addRouteMiddleware("auth-guard", async (to) => {
     const authMeta = to.meta?.auth;
-    if (!authMeta || authMeta.required !== true) {
+    const path = decodeURI(to.path);
+    if (authMeta === false || exemptPaths.includes(path)) {
       return;
     }
     const token = useCookie("tela-access-token");
     if (!token.value) {
       return await navigateTo({
         path: loginPath,
-        query: { redirect: to.fullPath }
+        query: { returnTo: to.fullPath }
       });
     }
-    if (authMeta.roles && authMeta.roles.length > 0) {
-      try {
-        const payload = decodeJwt(token.value);
-        const userRole = payload.user?.role;
-        if (!userRole || !authMeta.roles.includes(userRole)) {
-          return await navigateTo({
-            path: unauthorizedPath,
-            query: { redirect: to.fullPath }
-          });
-        }
-      } catch (error) {
-        console.error("Failed to decode token:", error);
+    if (!authMeta?.roles?.length) {
+      return;
+    }
+    try {
+      const payload = decodeJwt(token.value);
+      const userRole = payload.user?.role;
+      if (!userRole || !authMeta.roles.includes(userRole)) {
         return await navigateTo({
-          path: loginPath,
-          query: { redirect: to.fullPath }
+          path: unauthorizedPath,
+          query: { returnTo: to.fullPath }
         });
       }
+    } catch (error) {
+      console.error("Failed to decode token:", error);
+      return await navigateTo({
+        path: loginPath,
+        query: { returnTo: to.fullPath }
+      });
     }
   }, { global: true });
 });

package/dist/runtime/server/routes/auth/callback.js

@@ -40,6 +40,13 @@ export default defineEventHandler(async (event) => {
       path: "/"
     });
     deleteCookie(event, `tela-verifier-${state}`, { path: "/" });
+    const returnUrlCookie = getCookie(event, "tela-return-url");
+    if (returnUrlCookie) {
+      deleteCookie(event, "tela-return-url", { path: "/" });
+      if (returnUrlCookie.startsWith("/") && !returnUrlCookie.startsWith("//")) {
+        return await sendRedirect(event, returnUrlCookie);
+      }
+    }
     return await sendRedirect(event, "/");
   } catch (error) {
     console.error("[Auth Callback] OAuth flow error:", error);

package/dist/runtime/server/routes/auth/organizations.d.ts

@@ -11,6 +11,6 @@
  */
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    organizations: import("@meistrari/auth-core").FullOrganization[];
+    organizations: any;
 }>>;
 export default _default;

package/dist/runtime/server/routes/auth/refresh.d.ts

@@ -11,21 +11,7 @@
  */
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    user: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    };
-    organization: import("@meistrari/auth-core").FullOrganization;
+    user: any;
+    organization: any;
 }>>;
 export default _default;

package/dist/runtime/server/routes/auth/switch-organization.d.ts

@@ -12,21 +12,7 @@
  */
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    user: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    };
-    organization: import("@meistrari/auth-core").FullOrganization;
+    user: any;
+    organization: any;
 }>>;
 export default _default;

package/dist/runtime/server/routes/auth/whoami.d.ts

@@ -1,20 +1,6 @@
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     success: boolean;
-    user: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        email: string;
-        emailVerified: boolean;
-        name: string;
-        image?: string | null | undefined;
-        twoFactorEnabled: boolean | null | undefined;
-        banned: boolean | null | undefined;
-        role?: string | null | undefined;
-        banReason?: string | null | undefined;
-        banExpires?: Date | null | undefined;
-        lastActiveAt?: Date | null | undefined;
-    };
-    organization: import("@meistrari/auth-core").FullOrganization;
+    user: any;
+    organization: any;
 }>>;
 export default _default;

package/dist/runtime/server/utils/require-auth.js

@@ -3,10 +3,6 @@ import { createRemoteJWKSet, jwtVerify } from "jose";
 import { useRuntimeConfig } from "nitropack/runtime";
 export function requireAuth(handler, options) {
   return defineEventHandler(async (event) => {
-    const moduleOptions = useRuntimeConfig(event).public.telaAuth;
-    if (!moduleOptions.skipServerMiddleware && !options?.roles && import.meta.dev) {
-      console.warn("You have enabled the global server middleware, meaning you only need to use requireAuth() on routes that require specific roles.", `Triggered at ${event.path}`);
-    }
     if (event.context.auth?.user && event.context.auth?.token) {
       if (import.meta.dev) {
         console.debug("Using existing auth context from global server middleware");

package/dist/runtime/shared.d.ts

@@ -1,2 +1 @@
-import { AuthClient } from '@meistrari/auth-core';
-export declare function createNuxtAuthClient(apiUrl: string, getAuthToken: () => string | null, getRefreshToken?: () => string | null): AuthClient;
+export declare function createNuxtAuthClient(apiUrl: string, getAuthToken: () => string | null, getRefreshToken?: () => string | null): any;

package/dist/runtime/types/page-meta.d.ts

@@ -1,10 +1,7 @@
 declare type Roles = 'meistrari:admin' | (string & {})
 declare module '#app' {
     interface PageMeta {
-        auth?: {
-            required: false
-        } | {
-            required: true
+        auth?: false | {
             roles?: Roles[]
         }
     }

package/package.json

@@ -1,56 +1,56 @@
 {
-  "name": "@meistrari/auth-nuxt",
-  "version": "3.0.0",
-  "type": "module",
-  "exports": {
-    ".": {
-      "types": "./dist/types.d.mts",
-      "import": "./dist/module.mjs"
+    "name": "@meistrari/auth-nuxt",
+    "version": "4.0.0",
+    "type": "module",
+    "exports": {
+        ".": {
+            "types": "./dist/types.d.mts",
+            "import": "./dist/module.mjs"
+        },
+        "./server/middleware/auth": {
+            "types": "./dist/runtime/server/middleware/auth.d.ts",
+            "import": "./dist/runtime/server/middleware/auth.js"
+        },
+        "./core": {
+            "types": "./dist/core.d.mts",
+            "import": "./dist/core.mjs"
+        }
     },
-    "./server/middleware/auth": {
-      "types": "./dist/runtime/server/middleware/auth.d.ts",
-      "import": "./dist/runtime/server/middleware/auth.js"
+    "main": "./dist/module.mjs",
+    "typesVersions": {
+        "*": {
+            ".": [
+                "./dist/types.d.mts"
+            ]
+        }
     },
-    "./core": {
-      "types": "./dist/core.d.mts",
-      "import": "./dist/core.mjs"
-    }
-  },
-  "main": "./dist/module.mjs",
-  "typesVersions": {
-    "*": {
-      ".": [
-        "./dist/types.d.mts"
-      ]
+    "files": [
+        "dist"
+    ],
+    "scripts": {
+        "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build"
+    },
+    "dependencies": {
+        "@meistrari/auth-core": "1.11.3",
+        "jose": "6.1.3"
+    },
+    "peerDependencies": {
+        "nuxt": "^3.0.0 || ^4.0.0",
+        "vue": "^3.0.0"
+    },
+    "devDependencies": {
+        "@nuxt/devtools": "2.6.3",
+        "@nuxt/eslint-config": "1.9.0",
+        "@nuxt/kit": "4.0.3",
+        "@nuxt/module-builder": "1.0.2",
+        "@nuxt/schema": "4.0.3",
+        "@nuxt/test-utils": "3.19.2",
+        "@types/node": "latest",
+        "changelogen": "0.6.2",
+        "nuxt": "4.0.3",
+        "typescript": "5.9.2",
+        "unbuild": "3.6.1",
+        "vitest": "3.2.4",
+        "vue-tsc": "3.0.6"
     }
-  },
-  "files": [
-    "dist"
-  ],
-  "dependencies": {
-    "jose": "6.1.3",
-    "@meistrari/auth-core": "1.11.3"
-  },
-  "peerDependencies": {
-    "nuxt": "^3.0.0 || ^4.0.0",
-    "vue": "^3.0.0"
-  },
-  "devDependencies": {
-    "@nuxt/devtools": "2.6.3",
-    "@nuxt/eslint-config": "1.9.0",
-    "@nuxt/kit": "4.0.3",
-    "@nuxt/module-builder": "1.0.2",
-    "@nuxt/schema": "4.0.3",
-    "@nuxt/test-utils": "3.19.2",
-    "@types/node": "latest",
-    "changelogen": "0.6.2",
-    "nuxt": "4.0.3",
-    "typescript": "5.9.2",
-    "unbuild": "3.6.1",
-    "vitest": "3.2.4",
-    "vue-tsc": "3.0.6"
-  },
-  "scripts": {
-    "build": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxt-module-build build"
-  }
-}
+}