create-nuxt-base 0.3.17 → 1.0.2

package/nuxt-base-template/app/pages/app/settings/security.vue

@@ -0,0 +1,409 @@
+<script setup lang="ts">
+// ============================================================================
+// Imports
+// ============================================================================
+import type { FormSubmitEvent } from '@nuxt/ui';
+import type { InferOutput } from 'valibot';
+
+import * as v from 'valibot';
+
+import ModalBackupCodes from '~/components/Modal/ModalBackupCodes.vue';
+import { authClient } from '~/lib/auth-client';
+
+// ============================================================================
+// Interfaces
+// ============================================================================
+interface Passkey {
+  createdAt: Date;
+  id: string;
+  name?: string;
+}
+
+// ============================================================================
+// Composables
+// ============================================================================
+const toast = useToast();
+const overlay = useOverlay();
+const { is2FAEnabled, user } = useBetterAuth();
+
+// ============================================================================
+// Variables
+// ============================================================================
+const loading = ref<boolean>(false);
+const totpUri = ref<string>('');
+const backupCodes = ref<string[]>([]);
+const showTotpSetup = ref<boolean>(false);
+const show2FADisable = ref<boolean>(false);
+const passkeys = ref<Passkey[]>([]);
+const passkeyLoading = ref<boolean>(false);
+const newPasskeyName = ref<string>('');
+const showAddPasskey = ref<boolean>(false);
+
+const passwordSchema = v.object({
+  password: v.pipe(v.string('Passwort ist erforderlich'), v.minLength(1, 'Passwort ist erforderlich')),
+});
+
+const totpSchema = v.object({
+  code: v.pipe(v.string('Code ist erforderlich'), v.length(6, 'Code muss 6 Ziffern haben')),
+});
+
+type PasswordSchema = InferOutput<typeof passwordSchema>;
+type TotpSchema = InferOutput<typeof totpSchema>;
+
+// ============================================================================
+// Lifecycle Hooks
+// ============================================================================
+onMounted(async () => {
+  await loadPasskeys();
+});
+
+async function addPasskey(): Promise<void> {
+  if (!newPasskeyName.value.trim()) {
+    toast.add({
+      color: 'error',
+      description: 'Bitte gib einen Namen für den Passkey ein',
+      title: 'Fehler',
+    });
+    return;
+  }
+
+  passkeyLoading.value = true;
+
+  try {
+    const { error } = await authClient.passkey.addPasskey({
+      name: newPasskeyName.value,
+    });
+
+    if (error) {
+      toast.add({
+        color: 'error',
+        description: error.message || 'Passkey konnte nicht hinzugefügt werden',
+        title: 'Fehler',
+      });
+      return;
+    }
+
+    toast.add({
+      color: 'success',
+      description: 'Passkey wurde erfolgreich hinzugefügt',
+      title: 'Erfolg',
+    });
+
+    newPasskeyName.value = '';
+    showAddPasskey.value = false;
+    await loadPasskeys();
+  } finally {
+    passkeyLoading.value = false;
+  }
+}
+
+async function deletePasskey(id: string): Promise<void> {
+  passkeyLoading.value = true;
+
+  try {
+    const { error } = await authClient.passkey.deletePasskey({
+      id,
+    });
+
+    if (error) {
+      toast.add({
+        color: 'error',
+        description: error.message || 'Passkey konnte nicht gelöscht werden',
+        title: 'Fehler',
+      });
+      return;
+    }
+
+    toast.add({
+      color: 'success',
+      description: 'Passkey wurde gelöscht',
+      title: 'Erfolg',
+    });
+
+    await loadPasskeys();
+  } finally {
+    passkeyLoading.value = false;
+  }
+}
+
+async function disable2FA(payload: FormSubmitEvent<PasswordSchema>): Promise<void> {
+  loading.value = true;
+
+  try {
+    const { error } = await authClient.twoFactor.disable({
+      password: payload.data.password,
+    });
+
+    if (error) {
+      toast.add({
+        color: 'error',
+        description: error.message || '2FA konnte nicht deaktiviert werden',
+        title: 'Fehler',
+      });
+      return;
+    }
+
+    toast.add({
+      color: 'success',
+      description: '2FA wurde deaktiviert',
+      title: 'Erfolg',
+    });
+
+    show2FADisable.value = false;
+  } finally {
+    loading.value = false;
+  }
+}
+
+async function enable2FA(payload: FormSubmitEvent<PasswordSchema>): Promise<void> {
+  loading.value = true;
+
+  try {
+    const { data, error } = await authClient.twoFactor.enable({
+      password: payload.data.password,
+    });
+
+    if (error) {
+      toast.add({
+        color: 'error',
+        description: error.message || '2FA konnte nicht aktiviert werden',
+        title: 'Fehler',
+      });
+      return;
+    }
+
+    totpUri.value = data?.totpURI ?? '';
+    backupCodes.value = data?.backupCodes ?? [];
+    showTotpSetup.value = true;
+  } finally {
+    loading.value = false;
+  }
+}
+
+// ============================================================================
+// Functions
+// ============================================================================
+async function loadPasskeys(): Promise<void> {
+  try {
+    const { data, error } = await authClient.passkey.listUserPasskeys();
+
+    if (error) {
+      console.error('Failed to load passkeys:', error);
+      return;
+    }
+
+    passkeys.value = (data ?? []) as Passkey[];
+  } catch {
+    console.error('Failed to load passkeys');
+  }
+}
+
+async function openBackupCodesModal(codes: string[] = []): Promise<void> {
+  const modal = overlay.create(ModalBackupCodes, {
+    props: {
+      initialCodes: codes,
+    },
+  });
+  await modal.open();
+}
+
+async function verifyTotp(payload: FormSubmitEvent<TotpSchema>): Promise<void> {
+  loading.value = true;
+
+  try {
+    const { error } = await authClient.twoFactor.verifyTotp({
+      code: payload.data.code,
+    });
+
+    if (error) {
+      toast.add({
+        color: 'error',
+        description: error.message || 'Code ungültig',
+        title: 'Fehler',
+      });
+      return;
+    }
+
+    toast.add({
+      color: 'success',
+      description: '2FA wurde erfolgreich aktiviert',
+      title: 'Erfolg',
+    });
+
+    showTotpSetup.value = false;
+    await openBackupCodesModal(backupCodes.value);
+  } finally {
+    loading.value = false;
+  }
+}
+</script>
+
+<template>
+  <div class="mx-auto max-w-2xl space-y-8">
+    <div>
+      <h1 class="text-2xl font-bold">Sicherheit</h1>
+      <p class="text-muted">Verwalte deine Sicherheitseinstellungen</p>
+    </div>
+
+    <!-- 2FA Section -->
+    <UCard>
+      <template #header>
+        <div class="flex items-center gap-3">
+          <UIcon name="i-lucide-shield-check" class="size-6 text-primary" />
+          <div>
+            <h2 class="font-semibold">Zwei-Faktor-Authentifizierung</h2>
+            <p class="text-sm text-muted">Zusätzliche Sicherheit für dein Konto</p>
+          </div>
+        </div>
+      </template>
+
+      <div class="space-y-4">
+        <div class="flex items-center justify-between">
+          <div>
+            <p class="font-medium">Status</p>
+            <p class="text-sm text-muted">
+              {{ is2FAEnabled ? '2FA ist aktiviert' : '2FA ist deaktiviert' }}
+            </p>
+          </div>
+          <UBadge :color="is2FAEnabled ? 'success' : 'neutral'">
+            {{ is2FAEnabled ? 'Aktiv' : 'Inaktiv' }}
+          </UBadge>
+        </div>
+
+        <template v-if="!is2FAEnabled && !showTotpSetup">
+          <UForm :schema="passwordSchema" class="space-y-4" @submit="enable2FA">
+            <UFormField label="Passwort bestätigen" name="password">
+              <UInput name="password" type="password" placeholder="Dein Passwort" />
+            </UFormField>
+            <UButton type="submit" :loading="loading"> 2FA aktivieren </UButton>
+          </UForm>
+        </template>
+
+        <template v-if="showTotpSetup">
+          <div class="space-y-4">
+            <UAlert color="info" icon="i-lucide-info"> Scanne den QR-Code mit deiner Authenticator-App (z.B. Google Authenticator, Authy) und gib den Code ein. </UAlert>
+
+            <div class="flex justify-center">
+              <img v-if="totpUri" :src="`https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=${encodeURIComponent(totpUri)}`" alt="TOTP QR Code" class="rounded-lg" />
+            </div>
+
+            <UForm :schema="totpSchema" class="space-y-4" @submit="verifyTotp">
+              <UFormField label="Verifizierungscode" name="code">
+                <UInput name="code" placeholder="000000" class="text-center font-mono" />
+              </UFormField>
+              <div class="flex gap-2">
+                <UButton type="submit" :loading="loading"> Verifizieren </UButton>
+                <UButton variant="outline" color="neutral" @click="showTotpSetup = false"> Abbrechen </UButton>
+              </div>
+            </UForm>
+          </div>
+        </template>
+
+        <template v-if="is2FAEnabled && !show2FADisable">
+          <div class="flex gap-2">
+            <UButton variant="outline" @click="show2FADisable = true"> 2FA deaktivieren </UButton>
+            <UButton variant="outline" color="neutral" @click="openBackupCodesModal()"> Backup-Codes anzeigen </UButton>
+          </div>
+        </template>
+
+        <template v-if="show2FADisable">
+          <UForm :schema="passwordSchema" class="space-y-4" @submit="disable2FA">
+            <UAlert color="warning" icon="i-lucide-alert-triangle"> 2FA zu deaktivieren verringert die Sicherheit deines Kontos. </UAlert>
+            <UFormField label="Passwort bestätigen" name="password">
+              <UInput name="password" type="password" placeholder="Dein Passwort" />
+            </UFormField>
+            <div class="flex gap-2">
+              <UButton type="submit" color="error" :loading="loading"> 2FA deaktivieren </UButton>
+              <UButton variant="outline" color="neutral" @click="show2FADisable = false"> Abbrechen </UButton>
+            </div>
+          </UForm>
+        </template>
+      </div>
+    </UCard>
+
+    <!-- Passkeys Section -->
+    <UCard>
+      <template #header>
+        <div class="flex items-center gap-3">
+          <UIcon name="i-lucide-fingerprint" class="size-6 text-primary" />
+          <div>
+            <h2 class="font-semibold">Passkeys</h2>
+            <p class="text-sm text-muted">Passwordlose Anmeldung mit biometrischen Daten</p>
+          </div>
+        </div>
+      </template>
+
+      <div class="space-y-4">
+        <template v-if="passkeys.length > 0">
+          <div class="divide-y">
+            <div v-for="passkey in passkeys" :key="passkey.id" class="flex items-center justify-between py-3">
+              <div class="flex items-center gap-3">
+                <UIcon name="i-lucide-key" class="size-5 text-muted" />
+                <div>
+                  <p class="font-medium">{{ passkey.name || 'Unbenannter Passkey' }}</p>
+                  <p class="text-xs text-muted">Erstellt am {{ new Date(passkey.createdAt).toLocaleDateString('de-DE') }}</p>
+                </div>
+              </div>
+              <UButton variant="ghost" color="error" icon="i-lucide-trash-2" size="sm" :loading="passkeyLoading" @click="deletePasskey(passkey.id)" />
+            </div>
+          </div>
+        </template>
+
+        <template v-else>
+          <p class="text-center text-muted py-4">Du hast noch keine Passkeys eingerichtet.</p>
+        </template>
+
+        <template v-if="!showAddPasskey">
+          <UButton variant="outline" icon="i-lucide-plus" @click="showAddPasskey = true"> Passkey hinzufügen </UButton>
+        </template>
+
+        <template v-else>
+          <div class="flex gap-2">
+            <UInput v-model="newPasskeyName" placeholder="Name für den Passkey" class="flex-1" />
+            <UButton :loading="passkeyLoading" @click="addPasskey"> Hinzufügen </UButton>
+            <UButton
+              variant="outline"
+              color="neutral"
+              @click="
+                showAddPasskey = false;
+                newPasskeyName = '';
+              "
+            >
+              Abbrechen
+            </UButton>
+          </div>
+        </template>
+      </div>
+    </UCard>
+
+    <!-- Account Info -->
+    <UCard>
+      <template #header>
+        <div class="flex items-center gap-3">
+          <UIcon name="i-lucide-user" class="size-6 text-primary" />
+          <div>
+            <h2 class="font-semibold">Kontoinformationen</h2>
+            <p class="text-sm text-muted">Deine Kontodaten</p>
+          </div>
+        </div>
+      </template>
+
+      <div class="space-y-3">
+        <div class="flex justify-between">
+          <span class="text-muted">E-Mail</span>
+          <span class="font-medium">{{ user?.email }}</span>
+        </div>
+        <div class="flex justify-between">
+          <span class="text-muted">Name</span>
+          <span class="font-medium">{{ user?.name || '-' }}</span>
+        </div>
+        <div class="flex justify-between">
+          <span class="text-muted">E-Mail verifiziert</span>
+          <UBadge :color="user?.emailVerified ? 'success' : 'warning'">
+            {{ user?.emailVerified ? 'Ja' : 'Nein' }}
+          </UBadge>
+        </div>
+      </div>
+    </UCard>
+  </div>
+</template>

package/nuxt-base-template/app/pages/auth/2fa.vue

@@ -0,0 +1,120 @@
+<script setup lang="ts">
+// ============================================================================
+// Imports
+// ============================================================================
+import type { FormSubmitEvent } from '@nuxt/ui';
+import type { InferOutput } from 'valibot';
+
+import * as v from 'valibot';
+
+import { authClient } from '~/lib/auth-client';
+
+// ============================================================================
+// Composables
+// ============================================================================
+const toast = useToast();
+
+// ============================================================================
+// Page Meta
+// ============================================================================
+definePageMeta({
+  layout: 'slim',
+});
+
+// ============================================================================
+// Variables
+// ============================================================================
+const loading = ref<boolean>(false);
+const useBackupCode = ref<boolean>(false);
+const trustDevice = ref<boolean>(false);
+
+const schema = v.object({
+  code: v.pipe(v.string('Code ist erforderlich'), v.minLength(6, 'Code muss mindestens 6 Zeichen haben')),
+});
+
+type Schema = InferOutput<typeof schema>;
+
+// ============================================================================
+// Functions
+// ============================================================================
+async function onSubmit(payload: FormSubmitEvent<Schema>): Promise<void> {
+  loading.value = true;
+
+  try {
+    if (useBackupCode.value) {
+      const { error } = await authClient.twoFactor.verifyBackupCode({
+        code: payload.data.code,
+      });
+
+      if (error) {
+        toast.add({
+          color: 'error',
+          description: error.message || 'Backup-Code ungültig',
+          title: 'Fehler',
+        });
+        return;
+      }
+    } else {
+      const { error } = await authClient.twoFactor.verifyTotp({
+        code: payload.data.code,
+        trustDevice: trustDevice.value,
+      });
+
+      if (error) {
+        toast.add({
+          color: 'error',
+          description: error.message || 'Code ungültig',
+          title: 'Fehler',
+        });
+        return;
+      }
+    }
+
+    await navigateTo('/app');
+  } finally {
+    loading.value = false;
+  }
+}
+
+function toggleBackupCode(): void {
+  useBackupCode.value = !useBackupCode.value;
+}
+</script>
+
+<template>
+  <UPageCard class="w-md" variant="naked">
+    <div class="flex flex-col gap-6">
+      <div class="flex flex-col items-center gap-2">
+        <UIcon name="i-lucide-shield-check" class="size-12 text-primary" />
+        <h1 class="text-xl font-semibold">Zwei-Faktor-Authentifizierung</h1>
+        <p class="text-center text-sm text-muted">
+          {{ useBackupCode ? 'Gib einen deiner Backup-Codes ein' : 'Gib den 6-stelligen Code aus deiner Authenticator-App ein' }}
+        </p>
+      </div>
+
+      <UForm :schema="schema" class="flex flex-col gap-4" @submit="onSubmit">
+        <UFormField :label="useBackupCode ? 'Backup-Code' : 'Authentifizierungscode'" name="code">
+          <UInput
+            name="code"
+            :placeholder="useBackupCode ? 'Backup-Code eingeben' : '000000'"
+            size="lg"
+            class="text-center font-mono text-lg tracking-widest"
+            autocomplete="one-time-code"
+          />
+        </UFormField>
+
+        <UCheckbox v-if="!useBackupCode" v-model="trustDevice" label="Diesem Gerät vertrauen" />
+
+        <UButton type="submit" block :loading="loading"> Verifizieren </UButton>
+      </UForm>
+
+      <div class="flex flex-col items-center gap-2">
+        <UButton variant="link" color="neutral" @click="toggleBackupCode">
+          {{ useBackupCode ? 'Authenticator-Code verwenden' : 'Backup-Code verwenden' }}
+        </UButton>
+
+        <ULink to="/auth/login" class="text-sm text-muted hover:text-primary"> Zurück zur Anmeldung </ULink>
+      </div>
+    </div>
+  </UPageCard>
+</template>

package/nuxt-base-template/app/pages/auth/forgot-password.vue

@@ -7,6 +7,14 @@ import type { InferOutput } from 'valibot';
 
 import * as v from 'valibot';
 
+import { authClient } from '~/lib/auth-client';
+
+// ============================================================================
+// Composables
+// ============================================================================
+const toast = useToast();
+const config = useRuntimeConfig();
+
 // ============================================================================
 // Page Meta
 // ============================================================================
@@ -17,18 +25,21 @@ definePageMeta({
 // ============================================================================
 // Variables
 // ============================================================================
+const loading = ref<boolean>(false);
+const emailSent = ref<boolean>(false);
+
 const fields: AuthFormField[] = [
   {
-    label: 'Email',
+    label: 'E-Mail',
     name: 'email',
-    placeholder: 'Enter your email',
+    placeholder: 'E-Mail eingeben',
     required: true,
     type: 'email',
   },
 ];
 
 const schema = v.object({
-  email: v.pipe(v.string('Email is required'), v.email('Has to be a valid email address')),
+  email: v.pipe(v.string('E-Mail ist erforderlich'), v.email('Bitte eine gültige E-Mail eingeben')),
 });
 
 type Schema = InferOutput<typeof schema>;
@@ -37,28 +48,68 @@ type Schema = InferOutput<typeof schema>;
 // Functions
 // ============================================================================
 async function onSubmit(payload: FormSubmitEvent<Schema>): Promise<void> {
-  console.debug('Forgot password request for:', payload.data.email);
+  loading.value = true;
+
+  try {
+    const { error } = await authClient.requestPasswordReset({
+      email: payload.data.email,
+      redirectTo: `${config.public.siteUrl}/auth/reset-password`,
+    });
+
+    if (error) {
+      toast.add({
+        color: 'error',
+        description: error.message || 'Anfrage fehlgeschlagen',
+        title: 'Fehler',
+      });
+      return;
+    }
+
+    emailSent.value = true;
+  } finally {
+    loading.value = false;
+  }
 }
 </script>
 
 <template>
   <UPageCard class="w-md" variant="naked">
-    <UAuthForm
-      :schema="schema"
-      title="Forgot password"
-      icon="i-heroicons-lock-closed"
-      :fields="fields"
-      loadingAuto
-      :submit="{
-        label: 'Continue',
-        block: true,
-      }"
-      @submit="onSubmit"
-    >
-      <template #footer>
-        Back to
-        <ULink to="/auth/login" class="text-primary font-medium" tabindex="-1">Sign In</ULink>
-      </template>
-    </UAuthForm>
+    <template v-if="!emailSent">
+      <UAuthForm
+        :schema="schema"
+        title="Passwort vergessen"
+        icon="i-lucide-lock"
+        :fields="fields"
+        :loading="loading"
+        :submit="{
+          label: 'Link anfordern',
+          block: true,
+        }"
+        @submit="onSubmit"
+      >
+        <template #description>
+          <p class="text-sm text-muted">Gib deine E-Mail-Adresse ein und wir senden dir einen Link zum Zurücksetzen deines Passworts.</p>
+        </template>
+
+        <template #footer>
+          <p class="text-center text-sm text-muted">
+            Zurück zur
+            <ULink to="/auth/login" class="text-primary font-medium">Anmeldung</ULink>
+          </p>
+        </template>
+      </UAuthForm>
+    </template>
+
+    <template v-else>
+      <div class="flex flex-col items-center gap-6">
+        <UIcon name="i-lucide-mail-check" class="size-16 text-success" />
+        <div class="text-center">
+          <h2 class="text-xl font-semibold">E-Mail gesendet</h2>
+          <p class="mt-2 text-sm text-muted">Wir haben dir eine E-Mail mit einem Link zum Zurücksetzen deines Passworts gesendet. Bitte überprüfe auch deinen Spam-Ordner.</p>
+        </div>
+
+        <UButton to="/auth/login" variant="outline" color="neutral"> Zurück zur Anmeldung </UButton>
+      </div>
+    </template>
   </UPageCard>
 </template>