56 lines
1.6 KiB
TypeScript
56 lines
1.6 KiB
TypeScript
export default defineNuxtRouteMiddleware(async (to, from) => {
|
|
// Allow pages to opt-out of auth with definePageMeta({ auth: false })
|
|
if (to.meta.auth === false) {
|
|
return
|
|
}
|
|
|
|
// Public routes that don't require authentication
|
|
const publicRoutes = ['/login', '/register']
|
|
|
|
if (publicRoutes.includes(to.path)) {
|
|
return
|
|
}
|
|
|
|
const authMessage = useCookie('authMessage')
|
|
// Check for tenant cookie (set alongside session cookie on login)
|
|
const tenantCookie = useCookie('routebox_tenant')
|
|
// Also check for session cookie (HTTP-only, but readable in SSR context)
|
|
const sessionCookie = useCookie('routebox_session')
|
|
|
|
// Routes that don't need a toast message (user knows they need to login)
|
|
const silentRoutes = ['/']
|
|
|
|
// On client side, check the reactive auth state
|
|
if (import.meta.client) {
|
|
const { isAuthenticated, checkAuth } = useAuth()
|
|
|
|
// If we already know we're authenticated, allow
|
|
if (isAuthenticated.value) {
|
|
return
|
|
}
|
|
|
|
// If we have a tenant cookie, try to validate the session
|
|
if (tenantCookie.value) {
|
|
const isValid = await checkAuth()
|
|
if (isValid) {
|
|
return
|
|
}
|
|
}
|
|
|
|
// Not authenticated
|
|
if (!silentRoutes.includes(to.path)) {
|
|
authMessage.value = 'Please login to access this page'
|
|
}
|
|
return navigateTo('/login')
|
|
}
|
|
|
|
// Server-side: check for both session and tenant cookies
|
|
// The session cookie is HTTP-only but can be read in SSR context
|
|
if (!sessionCookie.value || !tenantCookie.value) {
|
|
if (!silentRoutes.includes(to.path)) {
|
|
authMessage.value = 'Please login to access this page'
|
|
}
|
|
return navigateTo('/login')
|
|
}
|
|
})
|