I'm trying to implement a login system in my app (Nuxt 2) using #nuxt/auth. The backend is a Node.js + Express + Passport, using sessions and cookies.
I think it's important to say I'm using http-proxy-middleware in my front end, so my back end can be accessible in the same domain with localhost:3000/api/... or localhost:3000/uploads for uploaded files.
The backend seems to be working as expected, creating the sessions, returning an User object if logged in and 401 if not. I did some research and didn't find much advantages to use JWT so I opted for sessions and cookies instead (but any recommendations are valid). Cookies expiration time is set in the backend as 24 hours.
In my front end I don't have any custom middlewares.
In the front end, I can log in and it redirects me to home ('/'), and I can access protected pages, I have set auth globally but excluded from the login layout with auth: false.
But when I refresh the page or try to access some URL manually (e.g. /timeline) it goes back to the login page. I tried to show $auth.user in the login page and it's showing me the user's information as it was logged in. $auth.loggedIn is true.
One important thing to note is that it takes a while to show the information in $auth.user and $auth.loggedIn shows as false at the first second, maybe something to do with this? I checked the cookies and it seems to be all right, I will post more information below. (this in the login page)
When I tried to access my back end endpoint /api/user I get the user's information so I'm sure in my backend I'm logged in.
Also when I try to log out, at the first moment it logs me out but doesn't redirect to me to the login page. When I try to access some protected page it does redirect me as expected.
But I was expecting to not being redirected to login page when refreshing or accessing URLs manually, how can I fix this please?
This is my nuxt.config.js:
const { createProxyMiddleware } = require('http-proxy-middleware')
export default {
head: {
// ...
},
serverMiddleware: [
createProxyMiddleware('/api', {
target: 'http://localhost:3300/api',
changeOrigin: true,
pathRewrite: {
'^/api': '/'
}
}),
createProxyMiddleware('/uploads', {
target: 'http://localhost:3300',
changeOrigin: true,
pathRewrite: {
'^/uploads': '/uploads'
}
}),
],
router: {
middleware: ['auth']
},
// css: [],
css: [
'~assets/scss/main.scss',
],
// loading bar
loading: {
color: '#ef443b',
},
plugins: [
'~/plugins/vuelidate'
],
components: true,
buildModules: [
'#nuxtjs/eslint-module',
'#nuxtjs/style-resources',
'#nuxtjs/fontawesome',
],
modules: [
'bootstrap-vue/nuxt',
'#nuxtjs/axios',
'#nuxtjs/auth',
'nuxt-precompress',
],
auth: {
cookie: {
options: {
maxAge: 24 * 60 * 60 * 1000, // 24 hrs
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production', // HTTP if local, HTTPS if production
},
},
strategies: {
local: {
token: {
required: false,
type: false
},
endpoints: {
login: {
url: '/api/login',
method: 'POST',
propertyName: false
},
logout: {
url: '/api/logout',
method: 'GET'
},
user: {
url: '/api/user',
method: 'GET',
propertyName: false
},
},
tokenRequired: false,
// tokenType: 'Bearer',
},
},
},
bootstrapVue: {
bootstrapCSS: false, // Or `css: false`
bootstrapVueCSS: false // Or `bvCSS: false`
},
fontawesome: {
component: 'fa',
suffix: false,
icons: {
regular: true,
solid: true,
brands: true,
},
},
styleResources: {
scss: [
'./assets/scss/_variables.scss',
'./assets/scss/_mixins.scss',
],
hoistUseStatements: true,
},
axios: {
baseURL: '/',
withCredentials: true,
credentials: true,
},
env: {
apiUrl: process.env.API_URL,
},
publicRuntimeConfig: {
axios: {
browserBaseURL: process.env.BROWSER_BASE_URL
}
},
privateRuntimeConfig: {
axios: {
baseURL: process.env.BASE_URL
}
},
build: {
transpile: [
'audiomotion-analyzer'
]
},
}
My logout code is as simple as this:
methods: {
logout(e) {
this.$auth.logout()
},
},
These are the cookies when:
I log out and try to log in for the first time (maybe this cookie is from past sessions):
enter image description here
When I'm logged in and redirected to home:
enter image description here
When I access another protected page using a link:
enter image description here
When I try to access an URL manually and gets redirected to /login:
enter image description here
If necessary I can share some code from my backend too, but I think the problem is in my front-end...
EDIT
I just realized I was using this.$router.push('/') after logging in and had no config whatsoever for redirections, so I updated my nuxt.config.js and now it is redirecting without $router.push, and also when I log out. The refresh / manually access problem persists tho.
auth: {
cookie: {
options: {
maxAge: 24 * 60 * 60 * 1000, // 24 hrs
secure: process.env.NODE_ENV && process.env.NODE_ENV === 'production', // HTTP if local, HTTPS if production
},
},
strategies: {
local: {
token: {
required: false,
type: false
},
endpoints: {
login: {
url: '/api/login',
method: 'POST',
propertyName: false
},
logout: {
url: '/api/logout',
method: 'GET'
},
user: {
url: '/api/user',
method: 'GET',
propertyName: 'user'
},
},
tokenRequired: false,
// tokenType: 'Bearer',
},
},
redirect: {
login: '/login',
logout: '/login',
home: '/',
},
},
Related
Hello I have the following configuration
nuxt.config.js
router: {
middleware: ['auth'],
}
auth: {
redirect: {
login: '/login',
logout: '/login',
home: '/',
},
strategies: {
cookie: {
options: {
httpOnly: true,
path: '/',
},
user: {
property: false,
autoFetch: false,
},
endpoints: {
login: { url: '/api/login', method: 'post' },
logout: { url: '/api/logout', method: 'post' },
},
},
},
},
and I the home component it is not necessary be logged, so I set:
export default {
name: 'IndexComponent',
middleware: 'auth',
auth: false,
}
but when I try to access to a / auth always redirects to /login.
when I do click nothing happens and nothing is displayed in the console.
How can I solve this?
In the documentation, it says
In case of global usage, you can set auth option to false in a specific component and the middleware will ignore that route.
But by "component", they mean a .vue component.
In our case, since we're using Nuxt it still needs to be a page (hence a route in the /pages/ directory) because this is logical from a router aspect.
For my nuxt app, i need to use pusher for handling websocket.
I use pusher-js, and i created a nuxt plugin to enable pusher throughtout my app.
The problem is that i need to be auth to use pusher.
That my plugin :
import Pusher from 'pusher-js'
export default ({ $axios, env, $auth }, inject) => {
if (!$auth.loggedIn) {
return
}
const pusher = new Pusher(process.env.PUSHER_APP_KEY, {
cluster: 'eu',
authEndpoint: `${$axios.defaults.baseURL}/broadcasting/auth`,
auth: {
headers: {
Authorization: $auth.strategy.token.get()
}
}
})
inject('pusher', pusher)
}
Here is where i register my plugin in the nuxt-config
auth: {
redirect: {
login: '/auth/login',
logout: '/auth/login',
callback: '/auth/login',
home: '/'
},
strategies: {
laravelJWT: {
provider: 'laravel/jwt',
url: process.env.BASE_BACK_URL + '/platform',
endpoints: {
login: { url: '/auth/login', method: 'post' },
user: { url: '/auth/me' },
logout: { url: '/auth/logout', method: 'post' },
refresh: { url: '/auth/refresh' }
},
user: {
property: 'data'
},
token: {
property: 'access_token',
maxAge: 60 * 60
},
refreshToken: {
maxAge: 20160 * 60
}
}
},
plugins: [
{ src: 'plugins/pusher.js', ssr: false }
]
},
When I'm logged and I refresh the page it's fine. But when I log in via login page, the pusher object is not instantiated (because I was not logged in) and when I want to go to my chat page, the website has not refreshed (cause spa) and I obvioulsy get an error cause I want to access pusher but it does not exist.
So is there a way to refresh the plugin when i login, or to enable it only when i'm logged ?
Thx :)
I am attempting to get Nuxt.js to work with cookie authentication. I am using nuxt-auth with cookie setting. Laravel Backend with Passport.
The reason I need to use Cookies is because I plan on having the nuxt project be on my main domain name (with login) and then having app.mydomainname.com for the actual application. The main website has public facing pages that use authentication as well.
Here is my config for nuxt.js for nuxt-auth:
auth: {
local: false,
redirect: {
login: "/login",
logout: "/login",
callback: "/login",
home: false,
},
strategies: {
cookie: {
token: {
property: "data.access_token",
},
user: {
property: "data",
},
endpoints: {
login: {
url: "v1/auth/login",
method: "post",
propertyName: "access_token",
},
logout: { url: "/v1/auth/logout", method: "delete" },
user: { url: "/v1/settings", method: "get" },
},
},
},
},
Login works fine, but then the cookie does not set when I look in my editthiscookie chrome plugin, thus the call to /settings does not work:
As you see the cookie is just being set to true and not the access token.
Any help with the configuration would be helpful.
Thanks
Figured it out. I had to set set required: true and type: "Bearer" in the token config.
So it looks like this now:
auth: {
redirect: {
login: "/login",
logout: "/login",
callback: "/login",
home: false,
},
strategies: {
local: false,
cookie: {
token: {
property: "data.access_token",
required: true,
type: "Bearer",
},
user: {
property: "data",
},
endpoints: {
login: {
url: "v1/auth/login",
method: "post",
},
logout: { url: "/v1/auth/logout", method: "delete" },
user: { url: "/v1/settings", method: "get" },
},
},
},
},
When I log out in Chrome and Firefox browser it works fine. But when I logged out on safari, it didn't go well. When I click logout, it goes to the login page then returns to the home page. After I click logout one more time. It made it to the login page. So I have to click logout twice on safari browser
My code like this :
async logout () {
await this.$auth.logout()
this.SET_IS_AUTH(false)
// this.$router.push('/')
window.location.href = '/'
}
My auth in nuxt.config.js like this :
auth: {
redirect: {
login: '/',
home: '/home',
logout: '/'
},
strategies: {
local: {
scheme: 'refresh',
token: {
property: 'response.token',
// maxAge: 3600,
// type: 'Bearer'
},
refreshToken: {
property: 'response.token',
// data: 'refresh_token',
// maxAge: 60 * 60
},
endpoints: {
login: {
url: '/auth/token',
method: 'post',
propertyName: 'response.token'
},
user: false,
logout: false
},
tokenRequired: true,
tokenType: 'Bearer '
}
},
token: {
name: 'token'
},
cookie: {
name: 'token'
}
},
How can I solve this problem?
I am trying to resolve this issue past few weeks. I followed couple of series. One on youtube, and one on codecourse. Both of them showed the right way to authenticate user, but once the user is logged in. Login route is still accessible. I will try to give as much information i can.
This is my nuxt.config.js
auth: {
plugins: ["~plugins/auth.js"],
strategies: {
local: {
endpoints: {
login: {
url: "auth/login",
method: "post",
propertyName: "meta.token"
},
user: {
url: "auth/me",
method: "get",
propertyName: "data"
},
logout: {
url: "auth/logout",
method: "post"
},
redirect: {
login: "/auth/login",
logout: "/",
home: "/",
callback: "/"
},
watchLoggedIn: true,
rewriteRedirects: true
}
}
}
},
Here is my login.vue
export default {
middleware: ["guest"],
auth: "guest",
name: "login",
data() {
return {
form: {
email: "",
password: ""
}
};
},
methods: {
async login() {
await this.$auth.loginWith("local", {
data: this.form
});
this.$router.push({
path: this.$route.query.redirect || "/dashboard"
});
}
}
};
It's still accessible after login.
Your configured it wrong. Its all described in the docs. For example middleware
There is no such thing as
middleware: ["guest"],
as in your code. Middleware called auth as you can see in docs. So you need to set it either
Setting per route:
export default {
middleware: 'auth'
}
Globally setting in nuxt.config.js:
router: {
middleware: ['auth']
}