npm - create-nuxt-base - Versions diffs - 1.2.0 → 2.0.0 - Mend

create-nuxt-base 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/nuxt-base-template/app/lib/auth-state.ts DELETED Viewed

@@ -1,206 +0,0 @@
-/**
- * Shared authentication state for Cookie/JWT dual-mode authentication
- *
- * This module provides a reactive state that is shared between:
- * - auth-client.ts (uses it for customFetch)
- * - use-better-auth.ts (manages the state)
- *
- * Auth Mode Strategy:
- * 1. Primary: Session cookies (more secure, HttpOnly)
- * 2. Fallback: JWT tokens (when cookies are not available/working)
- *
- * The state is persisted in cookies for SSR compatibility.
- */
-export type AuthMode = 'cookie' | 'jwt';
-/**
- * Get the current auth mode from cookie
- */
-export function getAuthMode(): AuthMode {
-  if (import.meta.server) return 'cookie';
-  try {
-    const cookie = document.cookie.split('; ').find((row) => row.startsWith('auth-state='));
-    if (cookie) {
-      const parts = cookie.split('=');
-      const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
-      const state = JSON.parse(value);
-      return state?.authMode || 'cookie';
-    }
-  } catch {
-    // Ignore parse errors
-  }
-  return 'cookie';
-}
-/**
- * Get the JWT token from cookie
- */
-export function getJwtToken(): string | null {
-  if (import.meta.server) return null;
-  try {
-    const cookie = document.cookie.split('; ').find((row) => row.startsWith('jwt-token='));
-    if (cookie) {
-      const parts = cookie.split('=');
-      const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
-      // Handle JSON-encoded string (useCookie stores as JSON)
-      if (value.startsWith('"') && value.endsWith('"')) {
-        return JSON.parse(value);
-      }
-      return value || null;
-    }
-  } catch {
-    // Ignore parse errors
-  }
-  return null;
-}
-/**
- * Set JWT token in cookie
- */
-export function setJwtToken(token: string | null): void {
-  if (import.meta.server) return;
-  const maxAge = 60 * 60 * 24 * 7; // 7 days
-  if (token) {
-    document.cookie = `jwt-token=${encodeURIComponent(JSON.stringify(token))}; path=/; max-age=${maxAge}; samesite=lax`;
-  } else {
-    document.cookie = `jwt-token=; path=/; max-age=0`;
-  }
-}
-/**
- * Update auth mode in the auth-state cookie
- */
-export function setAuthMode(mode: AuthMode): void {
-  if (import.meta.server) return;
-  try {
-    const cookie = document.cookie.split('; ').find((row) => row.startsWith('auth-state='));
-    let state = { user: null, authMode: mode };
-    if (cookie) {
-      const parts = cookie.split('=');
-      const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
-      state = { ...JSON.parse(value), authMode: mode };
-    }
-    const maxAge = 60 * 60 * 24 * 7; // 7 days
-    document.cookie = `auth-state=${encodeURIComponent(JSON.stringify(state))}; path=/; max-age=${maxAge}; samesite=lax`;
-  } catch {
-    // Ignore errors
-  }
-}
-/**
- * Get the API base URL
- */
-export function getApiBase(): string {
-  const isDev = import.meta.dev;
-  if (isDev) {
-    return '/api/iam';
-  }
-  // In production, try to get from runtime config or fall back to default
-  if (typeof window !== 'undefined' && (window as any).__NUXT__?.config?.public?.apiUrl) {
-    return `${(window as any).__NUXT__.config.public.apiUrl}/iam`;
-  }
-  return 'http://localhost:3000/iam';
-}
-/**
- * Attempt to switch to JWT mode by fetching a token
- */
-export async function attemptJwtSwitch(): Promise<boolean> {
-  try {
-    const apiBase = getApiBase();
-    const response = await fetch(`${apiBase}/token`, {
-      method: 'GET',
-      credentials: 'include',
-    });
-    if (response.ok) {
-      const data = await response.json();
-      if (data.token) {
-        setJwtToken(data.token);
-        setAuthMode('jwt');
-        console.debug('[Auth] Switched to JWT mode');
-        return true;
-      }
-    }
-    return false;
-  } catch {
-    return false;
-  }
-}
-/**
- * Check if user is authenticated (has auth-state with user)
- */
-export function isAuthenticated(): boolean {
-  if (import.meta.server) return false;
-  try {
-    const cookie = document.cookie.split('; ').find((row) => row.startsWith('auth-state='));
-    if (cookie) {
-      const parts = cookie.split('=');
-      const value = parts.length > 1 ? decodeURIComponent(parts.slice(1).join('=')) : '';
-      const state = JSON.parse(value);
-      return !!state?.user;
-    }
-  } catch {
-    // Ignore parse errors
-  }
-  return false;
-}
-/**
- * Custom fetch function that handles Cookie/JWT dual-mode authentication
- *
- * This function:
- * 1. In cookie mode: Uses credentials: 'include'
- * 2. In JWT mode: Adds Authorization header
- * 3. On 401 in cookie mode: Attempts to switch to JWT and retries
- */
-export async function authFetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response> {
-  const authMode = getAuthMode();
-  const jwtToken = getJwtToken();
-  const headers = new Headers(init?.headers);
-  // In JWT mode, add Authorization header
-  if (authMode === 'jwt' && jwtToken) {
-    headers.set('Authorization', `Bearer ${jwtToken}`);
-  }
-  // Always include credentials for cookie-based session auth
-  // In JWT mode, cookies are sent but ignored by the server (Authorization header is used instead)
-  // This is more robust than conditionally omitting cookies
-  const response = await fetch(input, {
-    ...init,
-    headers,
-    credentials: 'include',
-  });
-  // If we get 401 in cookie mode and user is authenticated, try JWT fallback
-  if (response.status === 401 && authMode === 'cookie' && isAuthenticated()) {
-    console.debug('[Auth] Cookie auth failed, attempting JWT fallback...');
-    const switched = await attemptJwtSwitch();
-    if (switched) {
-      // Retry the request with JWT
-      const newToken = getJwtToken();
-      if (newToken) {
-        headers.set('Authorization', `Bearer ${newToken}`);
-        return fetch(input, {
-          ...init,
-          headers,
-          credentials: 'include',
-        });
-      }
-    }
-  }
-  return response;
-}

package/nuxt-base-template/app/plugins/auth-interceptor.client.ts DELETED Viewed

@@ -1,151 +0,0 @@
-/**
- * Auth Interceptor Plugin
- *
- * This plugin intercepts all API responses and handles session expiration.
- * When a 401 (Unauthorized) response is received, it automatically:
- * 1. Clears the user session state
- * 2. Redirects to the login page
- *
- * Note: This is a client-only plugin (.client.ts) since auth state
- * management only makes sense in the browser context.
- */
-export default defineNuxtPlugin(() => {
-  const { clearUser, isAuthenticated } = useBetterAuth();
-  const route = useRoute();
-  // Track if we're already handling a 401 to prevent multiple redirects
-  let isHandling401 = false;
-  // Paths that should not trigger auto-logout on 401
-  // (public auth endpoints where 401 is expected)
-  const publicAuthPaths = ['/auth/login', '/auth/register', '/auth/forgot-password', '/auth/reset-password', '/auth/2fa'];
-  /**
-   * Check if current route is a public auth route
-   */
-  function isPublicAuthRoute(): boolean {
-    return publicAuthPaths.some((path) => route.path.startsWith(path));
-  }
-  /**
-   * Check if URL is an auth-related endpoint that shouldn't trigger logout
-   * (e.g., login, register, password reset, passkey endpoints)
-   * These endpoints use the authFetch wrapper which handles JWT fallback
-   */
-  function isAuthEndpoint(url: string): boolean {
-    const authEndpoints = [
-      '/sign-in',
-      '/sign-up',
-      '/sign-out',
-      '/forgot-password',
-      '/reset-password',
-      '/verify-email',
-      '/session',
-      '/token',
-      // Passkey endpoints - handled by authFetch with JWT fallback
-      '/passkey/',
-      '/list-user-passkeys',
-      '/generate-register-options',
-      '/verify-registration',
-      '/generate-authenticate-options',
-      '/verify-authentication',
-      // Two-factor endpoints
-      '/two-factor/',
-    ];
-    return authEndpoints.some((endpoint) => url.includes(endpoint));
-  }
-  /**
-   * Handle 401 Unauthorized responses
-   * Clears user state and redirects to login page
-   */
-  async function handleUnauthorized(requestUrl?: string): Promise<void> {
-    // Prevent multiple simultaneous 401 handling
-    if (isHandling401) {
-      return;
-    }
-    // Don't handle 401 for auth endpoints (expected behavior)
-    if (requestUrl && isAuthEndpoint(requestUrl)) {
-      return;
-    }
-    // Don't handle 401 on public auth pages
-    if (isPublicAuthRoute()) {
-      return;
-    }
-    isHandling401 = true;
-    try {
-      // Only handle if user was authenticated (prevents redirect loops)
-      if (isAuthenticated.value) {
-        console.debug('[Auth Interceptor] Session expired, logging out...');
-        // Clear user state
-        clearUser();
-        // Redirect to login page with return URL
-        await navigateTo(
-          {
-            path: '/auth/login',
-            query: {
-              redirect: route.fullPath !== '/auth/login' ? route.fullPath : undefined,
-            },
-          },
-          {
-            replace: true,
-          },
-        );
-      }
-    } finally {
-      // Reset flag after a short delay to allow navigation to complete
-      setTimeout(() => {
-        isHandling401 = false;
-      }, 1000);
-    }
-  }
-  // Override the default $fetch to add response error handling
-  const originalFetch = globalThis.$fetch;
-  // Use a wrapper to intercept responses
-  globalThis.$fetch = ((url: string, options?: any) => {
-    return originalFetch(url, {
-      ...options,
-      onResponseError: (context: any) => {
-        // Call original onResponseError if provided
-        if (options?.onResponseError) {
-          options.onResponseError(context);
-        }
-        // Handle 401 errors
-        if (context.response?.status === 401) {
-          handleUnauthorized(url);
-        }
-      },
-    });
-  }) as typeof globalThis.$fetch;
-  // Also intercept native fetch for manual API calls
-  const originalNativeFetch = globalThis.fetch;
-  globalThis.fetch = async (input: RequestInfo | URL, init?: RequestInit) => {
-    const response = await originalNativeFetch(input, init);
-    // Handle 401 errors from native fetch
-    if (response.status === 401) {
-      const url = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
-      handleUnauthorized(url);
-    }
-    return response;
-  };
-  // Provide a manual method to trigger logout on 401
-  return {
-    provide: {
-      handleUnauthorized,
-    },
-  };
-});

package/nuxt-base-template/app/utils/crypto.ts DELETED Viewed

@@ -1,44 +0,0 @@
-/**
- * Hashes a string using SHA256
- * Uses the Web Crypto API which is available in all modern browsers
- *
- * @param message - The string to hash
- * @returns The SHA256 hash as a lowercase hex string (64 characters)
- */
-export async function sha256(message: string): Promise<string> {
-  const msgBuffer = new TextEncoder().encode(message);
-  const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
-}
-// ============================================================================
-// WebAuthn/Passkey Utilities
-// ============================================================================
-/**
- * Converts an ArrayBuffer to a base64url-encoded string
- * Used for WebAuthn credential responses
- *
- * @param buffer - The ArrayBuffer to convert
- * @returns The base64url-encoded string (no padding)
- */
-export function arrayBufferToBase64Url(buffer: ArrayBuffer): string {
-  const bytes = new Uint8Array(buffer);
-  let binary = '';
-  bytes.forEach((b) => (binary += String.fromCharCode(b)));
-  return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-/**
- * Converts a base64url-encoded string to a Uint8Array
- * Used for WebAuthn challenge decoding
- *
- * @param base64url - The base64url-encoded string
- * @returns The decoded Uint8Array
- */
-export function base64UrlToUint8Array(base64url: string): Uint8Array {
-  const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
-  const paddedBase64 = base64 + '='.repeat((4 - (base64.length % 4)) % 4);
-  return Uint8Array.from(atob(paddedBase64), (c) => c.charCodeAt(0));
-}