UNPKG

nuxt-users

Version:

A comprehensive user management module for Nuxt 3 and Nuxt 4 applications with authentication, authorization, database support, and CLI tools

nuxt-users.webmania.cc

rrd108/nuxt-users

66 lines (65 loc) 3.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import { defineEventHandler, getCookie, createError } from "h3"; import { useRuntimeConfig } from "#imports"; import { getCurrentUserFromToken } from "../utils/index.js"; import { hasPermission, isWhitelisted } from "../../utils/permissions.js"; import { NO_AUTH_PATHS, NO_AUTH_API_PATHS } from "../../constants.js"; export default defineEventHandler(async (event) => { const { nuxtUsers } = useRuntimeConfig(); const options = nuxtUsers; const base = options.apiBasePath || "/api/nuxt-users"; const isPageOrApiRoute = !event.path.includes(".") && (event.path === "/" || event.path.startsWith("/api/") || !event.path.startsWith("/_")); if (!isPageOrApiRoute) { return; } const noAuthPaths = [...NO_AUTH_PATHS]; if (options.passwordResetUrl && options.passwordResetUrl !== "/reset-password") { noAuthPaths.push(options.passwordResetUrl); } if (noAuthPaths.includes(event.path)) { console.debug(`[Nuxt Users] authorization: NO_AUTH_PATH: ${event.path}`); return; } const openApiPaths = NO_AUTH_API_PATHS.map((path) => `${base}${path}`); if (openApiPaths.includes(event.path)) { return; } if (isWhitelisted(event.path, options.auth.whitelist)) { console.debug(`[Nuxt Users] authorization: whitelisted: ${event.path}`); return; } const token = getCookie(event, "auth_token"); if (!token) { if (event.path.startsWith("/api/")) { console.warn(`[Nuxt Users] authorization: ${event.path} No token found - API request rejected`); throw createError({ statusCode: 401, statusMessage: "Unauthorized" }); } else { console.debug(`[Nuxt Users] authorization: ${event.path} No token found - letting client handle page redirect`); return; } } const user = await getCurrentUserFromToken(token, options); if (!user) { if (event.path.startsWith("/api/")) { console.warn(`[Nuxt Users] authorization: ${event.path} Invalid token - API request rejected`); throw createError({ statusCode: 401, statusMessage: "Unauthorized" }); } else { console.debug(`[Nuxt Users] authorization: ${event.path} Invalid token - letting client handle page redirect`); return; } } if (event.path === `${base}/me`) { console.debug(`[Nuxt Users] authorization: Auto-whitelisted /me endpoint for authenticated user ${user.id}`); return; } if (!hasPermission(user.role, event.path, event.method, options.auth.permissions)) { if (event.path.startsWith("/api/")) { console.warn(`[Nuxt Users] authorization: ${event.path} User ${user.id} with role ${user.role} denied access - API request rejected`); throw createError({ statusCode: 403, statusMessage: "Forbidden" }); } else { console.debug(`[Nuxt Users] authorization: ${event.path} User ${user.id} with role ${user.role} denied access - letting client handle page redirect`); return; } } console.debug(`[Nuxt Users] authorization: Authenticated request to ${event.path} for ${user.id} with role ${user.role}`); return; });