Merge branch 'main' into feat/json-pointer-extractor

sidebase · Oct 11, 2023 · f7730c6 · f7730c6
2 parents 63cd53e + 26aaa45
commit f7730c6
Show file tree

Hide file tree

Showing 25 changed files with 6,594 additions and 6,907 deletions.
diff --git a/README.md b/README.md
@@ -106,7 +106,7 @@ This module also has it's own playground:
 
 #### Testing different Providers
 
-We have one playtground per provider:
+We have one playground per provider:
 - [`local`](./playground-local)
 - [`authjs`](./playground-authjs)
 

diff --git a/docs/.nuxtrc b/docs/.nuxtrc
@@ -0,0 +1 @@
+imports.autoImport=true
diff --git a/docs/README.md b/docs/README.md
@@ -15,13 +15,13 @@ npx nuxi init docs -t nuxt-themes/docus-starter
 Install dependencies:
 
 ```bash
-yarn install
+npm install
 ```
 
 ## Development
 
 ```bash
-yarn dev
+npm dev
 ```
 
 ## Edge Side Rendering
@@ -31,7 +31,7 @@ Can be deployed to Vercel Functions, Netlify Functions, AWS, and most Node-compa
 Look at all the available presets [here](https://nuxt.com/docs/getting-started/deployment#presets).
 
 ```bash
-yarn build
+npm build
 ```
 
 ## Static Generation
@@ -41,15 +41,15 @@ Use the `generate` command to build your application.
 The HTML files will be generated in the .output/public directory and ready to be deployed to any static compatible hosting.
 
 ```bash
-yarn generate
+npm generate
 ```
 
 ## Preview build
 
 You might want to preview the result of your build locally, to do so, run the following command:
 
 ```bash
-yarn preview
+npm preview
 ```
 
 ---

diff --git a/docs/app.config.ts b/docs/app.config.ts
@@ -1,5 +1,6 @@
 export default defineAppConfig({
+  // @ts-ignore
   docus: {
-    title: 'My Docs'
+    title: 'nuxt-auth'
   }
 })
diff --git a/docs/content/2.configuration/3.nuxt-auth-handler.md b/docs/content/2.configuration/3.nuxt-auth-handler.md
@@ -92,7 +92,9 @@ export default NuxtAuthHandler({
 ```
 ::
 
+::alert{type="info"}
 The `NuxtAuthHandler` accepts [all options that NextAuth.js accepts for its API initialization](https://next-auth.js.org/configuration/options#options). Use this place to configure authentication providers (oauth-Google, credential flow, ...), your `secret`, add callbacks for authentication events, configure a custom logger and more. Read the [`NextAuth.js` docs to see all possible options](https://next-auth.js.org/configuration/options#options).
+::
 
 ### secret
 

diff --git a/docs/content/3.application-side/4.protecting-pages.md b/docs/content/3.application-side/4.protecting-pages.md
@@ -1,6 +1,7 @@
 # Protecting Pages
 
 `nuxt-auth` offers different approaches to protect pages:
+
 1. Global protection: Protects all pages with manual exceptions
 2. Local protection: Protects specific pages
 3. Custom middleware: Create your own middleware
@@ -48,6 +49,7 @@ That's it! Every page of your application will now need authentication for the u
 ### Disabling the global middleware locally
 
 To disable the global middleware on a specific page only, you can use the [`definePageMeta` macro](https://nuxt.com/docs/api/utils/define-page-meta#definepagemeta) to turn `auth` off:
+
 ```vue
 <!-- file: ~/pages/index.vue -->
 <template>
@@ -61,7 +63,6 @@ definePageMeta({ auth: false })
 
 Note: This only works on `pages/`. It notably does not work inside the `app.vue`.
 
-
 ## Local middleware
 
 To protect specific pages with a middleware, you can use the [`definePageMeta` macro](https://nuxt.com/docs/api/utils/define-page-meta#definepagemeta) to turn `auth` on:

diff --git a/docs/content/5.recipes/4.custom-session-data.md b/docs/content/5.recipes/4.custom-session-data.md
@@ -47,7 +47,7 @@ export default NuxtAuthHandler({
           });
         }
       },
-    )}
+    })
    ]
    ... // other config
 

diff --git a/docs/content/v0.6/1.getting-started/3.quick-start.md b/docs/content/v0.6/1.getting-started/3.quick-start.md
@@ -66,8 +66,9 @@ The local provider does not require any additional steps, as it relies on an alr
 So when you call the `signIn` method, the endpoint `/api/auth/login` will be hit with the `username` and `password` you pass as a body-payload. You likely have to modify these parameters to fit to your backend - you can adjust these parameters in your `nuxt.config.ts` using the options [specified here](/nuxt-auth/v0.6/configuration/nuxt-config).
 
 Note: The backend can also be in the same Nuxt 3 application, e.g., have a look at this example in the `nuxt-auth` repository:
-- [backend-implementation](https://github.com/sidebase/nuxt-auth/v0.6/tree/main/examples/local/server/api/auth)
-- [`nuxt.config.ts` matching this implementation](https://github.com/sidebase/nuxt-auth/v0.6/tree/main/examples/local/nuxt.config.ts)
+- [full nuxt app](https://github.com/sidebase/nuxt-auth/tree/main/playground-local)
+    - its [backend](https://github.com/sidebase/nuxt-auth/tree/main/playground-local/server/api/auth)
+    - its [`nuxt.config.ts`](https://github.com/sidebase/nuxt-auth/blob/main/playground-local/nuxt.config.ts)
 
 ::alert{type="info"}
 The linked example-implementation only serves as a starting-point and is not considered to be secure.

diff --git a/docs/content/v0.6/2.configuration/2.nuxt-config.md b/docs/content/v0.6/2.configuration/2.nuxt-config.md
@@ -206,6 +206,15 @@ type ProviderLocal = {
      * Note: Your backend may reject / expire the token earlier / differently.
      */
     maxAgeInSeconds?: number,
+    /**
+     * The cookie sameSite policy. Can be used as a form of csrf forgery protection. If set to `strict`, the cookie will only be passed with requests to the same 'site'. Typically, this includes subdomains. So, a sameSite: strict cookie set by app.mysite.com will be passed to api.mysite.com, but not api.othersite.com. 
+     *
+     * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
+     *
+     * @default 'lax'
+     * @example 'strict'
+     */
+     sameSiteAttribute?:  boolean | 'lax' | 'strict' | 'none' | undefined,
   },
   /**
    * Define an interface for the session data object that `nuxt-auth` expects to receive from the `getSession` endpoint.

diff --git a/docs/content/v0.6/3.application-side/2.session-access-and-management.md b/docs/content/v0.6/3.application-side/2.session-access-and-management.md
@@ -1,5 +1,7 @@
 # Session Access and Management
 
+## `useAuth` Composable
+
 The `useAuth` composable is your main gateway to accessing and manipulating session-state and data. Here's the main methods you can use:
 ::code-group
 ```ts [authjs]
@@ -132,6 +134,18 @@ This is a configuration option available to dynamically type the `SessionData` t
 
 `nuxt-auth` uses [unjs/knitwork](https://github.com/unjs/knitwork) to generate the correct typescript interface from the type you provide.
 
+## Force refetching the session (`local` provider only)
+
+Calling `getSession` will by default **only** refetch the current session if the token returned by `useAuthState` is defined.
+Passing the `{ force: true }` option will always update the current session:
+
+::code-group
+```ts [local]
+// force update the current session
+await getSession({ force: true })
+```
+::
+
 ## Redirects
 
 You can also pass the `callbackUrl` option to both the `signIn`, the `signOut` and the `getSession` methods. This allows you to redirect a user to a certain pages, after they've completed the action. This can be useful when a user attempts to open a page (`/protected`) but has to go through external authentication (e.g., via their google account) first.

diff --git a/docs/content/v0.6/3.application-side/4.protecting-pages.md b/docs/content/v0.6/3.application-side/4.protecting-pages.md
@@ -46,6 +46,20 @@ export default defineNuxtConfig({
 
 That's it! Every page of your application will now need authentication for the user to visit it.
 
+### Middleware Options
+
+#### `unauthenticatedOnly`
+
+Whether to only allow unauthenticated users to access this page. Authenticated users will be redirected to `/` or the route defined in `navigateAuthenticatedTo`
+
+#### `navigateAuthenticatedTo`
+
+Where to redirect authenticated users if `unauthenticatedOnly` is set to true
+
+#### `navigateUnauthenticatedTo`
+
+Where to redirect unauthenticated users if this page is protected
+
 ### Disabling the global middleware locally
 
 To disable the global middleware on a specific page only, you can use the [`definePageMeta` macro](https://nuxt.com/docs/api/utils/define-page-meta#definepagemeta) to turn `auth` off:

diff --git a/docs/content/v0.6/6.resources/6.nuxt-security b/docs/content/v0.6/6.resources/6.nuxt-security
@@ -0,0 +1,19 @@
+---
+description: "How to integrate nuxt-security with nuxt-auth"
+---
+
+In order to use the [NuxtSecurity](https://nuxt.com/modules/security) module with Nuxtauth, please use the following config, to disable the checks on the NuxtAuth routes:
+
+```js{}[nuxt.config.ts]
+export default defineNuxtConfig({
+  routeRules: {
+    "/api/auth/**": {
+      security: {
+        xssValidator: false,
+      },
+    },
+  }
+}
+```
+
+Solution provided by [tmlmt](https://github.com/tmlmt) in https://github.com/sidebase/nuxt-auth/issues/324#issuecomment-1757010620
diff --git a/docs/content/v0.6/_dir.yml b/docs/content/v0.6/_dir.yml
@@ -1,3 +1,4 @@
 title: Future (>=v0.6)
 icon: icon-park-outline:future-build-one
 layout: module
+aside.level: 2
-Original file line number
+Diff line change
@@ Expand Up / @@ -92,7 +92,9 @@ export default NuxtAuthHandler({ @@
     ```
     ::
+    ::alert{type="info"}
     The `NuxtAuthHandler` accepts [all options that NextAuth.js accepts for its API initialization](https://next-auth.js.org/configuration/options#options). Use this place to configure authentication providers (oauth-Google, credential flow, ...), your `secret`, add callbacks for authentication events, configure a custom logger and more. Read the [`NextAuth.js` docs to see all possible options](https://next-auth.js.org/configuration/options#options).
+    ::
     ### secret
@@ Expand Down @@