create-nuxt-base 1.1.2 → 2.0.0

package/nuxt-base-template/app/plugins/auth-interceptor.client.ts

@@ -1,143 +0,0 @@
-/**
- * Auth Interceptor Plugin
- *
- * This plugin intercepts all API responses and handles session expiration.
- * When a 401 (Unauthorized) response is received, it automatically:
- * 1. Clears the user session state
- * 2. Redirects to the login page
- *
- * Note: This is a client-only plugin (.client.ts) since auth state
- * management only makes sense in the browser context.
- */
-export default defineNuxtPlugin(() => {
-  const { clearUser, isAuthenticated } = useBetterAuth();
-  const route = useRoute();
-
-  // Track if we're already handling a 401 to prevent multiple redirects
-  let isHandling401 = false;
-
-  // Paths that should not trigger auto-logout on 401
-  // (public auth endpoints where 401 is expected)
-  const publicAuthPaths = [
-    '/auth/login',
-    '/auth/register',
-    '/auth/forgot-password',
-    '/auth/reset-password',
-    '/auth/2fa',
-  ];
-
-  /**
-   * Check if current route is a public auth route
-   */
-  function isPublicAuthRoute(): boolean {
-    return publicAuthPaths.some((path) => route.path.startsWith(path));
-  }
-
-  /**
-   * Check if URL is an auth-related endpoint that shouldn't trigger logout
-   * (e.g., login, register, password reset endpoints)
-   */
-  function isAuthEndpoint(url: string): boolean {
-    const authEndpoints = [
-      '/sign-in',
-      '/sign-up',
-      '/sign-out',
-      '/forgot-password',
-      '/reset-password',
-      '/verify-email',
-      '/session',
-    ];
-    return authEndpoints.some((endpoint) => url.includes(endpoint));
-  }
-
-  /**
-   * Handle 401 Unauthorized responses
-   * Clears user state and redirects to login page
-   */
-  async function handleUnauthorized(requestUrl?: string): Promise<void> {
-    // Prevent multiple simultaneous 401 handling
-    if (isHandling401) {
-      return;
-    }
-
-    // Don't handle 401 for auth endpoints (expected behavior)
-    if (requestUrl && isAuthEndpoint(requestUrl)) {
-      return;
-    }
-
-    // Don't handle 401 on public auth pages
-    if (isPublicAuthRoute()) {
-      return;
-    }
-
-    isHandling401 = true;
-
-    try {
-      // Only handle if user was authenticated (prevents redirect loops)
-      if (isAuthenticated.value) {
-        console.debug('[Auth Interceptor] Session expired, logging out...');
-
-        // Clear user state
-        clearUser();
-
-        // Redirect to login page with return URL
-        await navigateTo({
-          path: '/auth/login',
-          query: {
-            redirect: route.fullPath !== '/auth/login' ? route.fullPath : undefined,
-          },
-        }, {
-          replace: true,
-        });
-      }
-    } finally {
-      // Reset flag after a short delay to allow navigation to complete
-      setTimeout(() => {
-        isHandling401 = false;
-      }, 1000);
-    }
-  }
-
-  // Override the default $fetch to add response error handling
-  const originalFetch = globalThis.$fetch;
-
-  // Use a wrapper to intercept responses
-  globalThis.$fetch = ((url: string, options?: any) => {
-    return originalFetch(url, {
-      ...options,
-      onResponseError: (context: any) => {
-        // Call original onResponseError if provided
-        if (options?.onResponseError) {
-          options.onResponseError(context);
-        }
-
-        // Handle 401 errors
-        if (context.response?.status === 401) {
-          handleUnauthorized(url);
-        }
-      },
-    });
-  }) as typeof globalThis.$fetch;
-
-  // Also intercept native fetch for manual API calls
-  const originalNativeFetch = globalThis.fetch;
-
-  globalThis.fetch = async (input: RequestInfo | URL, init?: RequestInit) => {
-    const response = await originalNativeFetch(input, init);
-
-    // Handle 401 errors from native fetch
-    if (response.status === 401) {
-      const url = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
-      handleUnauthorized(url);
-    }
-
-    return response;
-  };
-
-  // Provide a manual method to trigger logout on 401
-  return {
-    provide: {
-      handleUnauthorized,
-    },
-  };
-});

package/nuxt-base-template/app/utils/crypto.ts

@@ -1,44 +0,0 @@
-/**
- * Hashes a string using SHA256
- * Uses the Web Crypto API which is available in all modern browsers
- *
- * @param message - The string to hash
- * @returns The SHA256 hash as a lowercase hex string (64 characters)
- */
-export async function sha256(message: string): Promise<string> {
-  const msgBuffer = new TextEncoder().encode(message);
-  const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
-}
-
-// ============================================================================
-// WebAuthn/Passkey Utilities
-// ============================================================================
-
-/**
- * Converts an ArrayBuffer to a base64url-encoded string
- * Used for WebAuthn credential responses
- *
- * @param buffer - The ArrayBuffer to convert
- * @returns The base64url-encoded string (no padding)
- */
-export function arrayBufferToBase64Url(buffer: ArrayBuffer): string {
-  const bytes = new Uint8Array(buffer);
-  let binary = '';
-  bytes.forEach((b) => (binary += String.fromCharCode(b)));
-  return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-
-/**
- * Converts a base64url-encoded string to a Uint8Array
- * Used for WebAuthn challenge decoding
- *
- * @param base64url - The base64url-encoded string
- * @returns The decoded Uint8Array
- */
-export function base64UrlToUint8Array(base64url: string): Uint8Array {
-  const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
-  const paddedBase64 = base64 + '='.repeat((4 - (base64.length % 4)) % 4);
-  return Uint8Array.from(atob(paddedBase64), (c) => c.charCodeAt(0));
-}