Add authentication check and logout functionality in app.vue

server/api/auth/check.get.js

@@ -0,0 +1,21 @@
+export default defineEventHandler(async (event) => {
+  const token = getCookie(event, 'auth-token')
+  
+  if (!token) {
+    return { authenticated: false }
+  }
+  
+  const session = await useStorage('memory').getItem(`session:${token}`)
+  
+  if (!session) {
+    return { authenticated: false }
+  }
+  
+  // Check if session has expired
+  if (session.expiresAt && new Date() > new Date(session.expiresAt)) {
+    await useStorage('memory').removeItem(`session:${token}`)
+    return { authenticated: false }
+  }
+  
+  return { authenticated: true }
+})

server/api/auth/login.post.js

@@ -0,0 +1,38 @@
+import crypto from 'crypto'
+
+export default defineEventHandler(async (event) => {
+  const { password } = await readBody(event)
+  
+  if (!password) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: 'Password is required'
+    })
+  }
+  
+  const correctPassword = process.env.APP_PASSWORD
+  
+  if (password !== correctPassword) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: 'Invalid password'
+    })
+  }
+  
+  const sessionToken = crypto.randomBytes(32).toString('hex')
+  
+  setCookie(event, 'auth-token', sessionToken, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    sameSite: 'lax',
+    maxAge: 60 * 60 * 24 * 7 // 7 days
+  })
+  
+  await useStorage('memory').setItem(`session:${sessionToken}`, {
+    authenticated: true,
+    createdAt: new Date().toISOString(),
+    expiresAt: new Date(Date.now() + (60 * 60 * 24 * 7 * 1000)).toISOString() // 7 days
+  })
+  
+  return { success: true }
+})

server/api/auth/logout.post.js

@@ -0,0 +1,11 @@
+export default defineEventHandler(async (event) => {
+  const token = getCookie(event, 'auth-token')
+  
+  if (token) {
+    await useStorage('memory').removeItem(`session:${token}`)
+  }
+  
+  deleteCookie(event, 'auth-token')
+  
+  return { success: true }
+})

server/middleware/auth.js

@@ -0,0 +1,43 @@
+export default defineEventHandler(async (event) => {
+  // Skip auth check for login page and auth API routes
+  if (event.node.req.url?.startsWith('/api/auth/') || 
+      event.node.req.url === '/login' ||
+      event.node.req.url?.startsWith('/_nuxt/') ||
+      event.node.req.url?.startsWith('/__nuxt_devtools__/')) {
+    return
+  }
+  
+  // Only check auth for API routes and page requests
+  if (event.node.req.url?.startsWith('/api/') || 
+      !event.node.req.url?.includes('.')) {
+    
+    const token = getCookie(event, 'auth-token')
+    
+    if (!token) {
+      if (event.node.req.url?.startsWith('/api/')) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Authentication required'
+        })
+      }
+      // Redirect to login for page requests
+      return sendRedirect(event, '/login')
+    }
+    
+    const session = await useStorage('memory').getItem(`session:${token}`)
+    
+    if (!session || (session.expiresAt && new Date() > new Date(session.expiresAt))) {
+      if (session && session.expiresAt && new Date() > new Date(session.expiresAt)) {
+        await useStorage('memory').removeItem(`session:${token}`)
+      }
+      deleteCookie(event, 'auth-token')
+      if (event.node.req.url?.startsWith('/api/')) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Session expired'
+        })
+      }
+      return sendRedirect(event, '/login')
+    }
+  }
+})