Add authentication check and logout functionality in app.vue

2025-08-23 12:47:40 +01:00 · 2025-08-23 12:47:40 +01:00 · 733a1e9f47
commit 733a1e9f47
parent ee00a8018e
9 changed files with 1294 additions and 1653 deletions
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@ -0,0 +1,43 @@
+export default defineEventHandler(async (event) => {
+  // Skip auth check for login page and auth API routes
+  if (event.node.req.url?.startsWith('/api/auth/') || 
+      event.node.req.url === '/login' ||
+      event.node.req.url?.startsWith('/_nuxt/') ||
+      event.node.req.url?.startsWith('/__nuxt_devtools__/')) {
+    return
+  }
+  
+  // Only check auth for API routes and page requests
+  if (event.node.req.url?.startsWith('/api/') || 
+      !event.node.req.url?.includes('.')) {
+    
+    const token = getCookie(event, 'auth-token')
+    
+    if (!token) {
+      if (event.node.req.url?.startsWith('/api/')) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Authentication required'
+        })
+      }
+      // Redirect to login for page requests
+      return sendRedirect(event, '/login')
+    }
+    
+    const session = await useStorage('memory').getItem(`session:${token}`)
+    
+    if (!session || (session.expiresAt && new Date() > new Date(session.expiresAt))) {
+      if (session && session.expiresAt && new Date() > new Date(session.expiresAt)) {
+        await useStorage('memory').removeItem(`session:${token}`)
+      }
+      deleteCookie(event, 'auth-token')
+      if (event.node.req.url?.startsWith('/api/')) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Session expired'
+        })
+      }
+      return sendRedirect(event, '/login')
+    }
+  }
+})