enh(#935): allow external login page

src/runtime/middleware/sidebase-auth.ts

@@ -1,5 +1,6 @@
-import { determineCallbackUrl } from '../utils/url'
+import { determineCallbackUrl, isExternalUrl } from '../utils/url'
 import { isProduction } from '../helpers'
+import { ERROR_PREFIX } from '../utils/logger'
 import { defineNuxtRouteMiddleware, navigateTo, useAuth, useRuntimeConfig } from '#imports'
 
 type MiddlewareMeta = boolean | {
@@ -98,23 +99,30 @@ export default defineNuxtRouteMiddleware((to) => {
     return navigateTo(options.navigateUnauthenticatedTo)
   }
 
+  const loginPage = authConfig.provider.pages.login
+  if (typeof loginPage !== 'string') {
+    console.warn(`${ERROR_PREFIX} provider.pages.login is misconfigured`)
+    return
+  }
+
   // Default callback URL was provided
+  const external = isExternalUrl(loginPage)
   if (typeof globalAppMiddleware === 'object' && globalAppMiddleware.addDefaultCallbackUrl) {
     let redirectUrl: string = to.fullPath
     if (typeof globalAppMiddleware.addDefaultCallbackUrl === 'string') {
       redirectUrl = globalAppMiddleware.addDefaultCallbackUrl
     }
 
     return navigateTo({
-      path: authConfig.provider.pages.login,
+      path: loginPage,
       query: {
         redirect: redirectUrl
       }
-    })
+    }, { external })
   }
 
   // Fall back to login page
-  return navigateTo(authConfig.provider.pages.login)
+  return navigateTo(loginPage, { external })
 })
 
 interface MiddlewareOptionsNormalized {
@@ -146,7 +154,7 @@ function normalizeUserOptions(userOptions: MiddlewareMeta | undefined): Middlewa
     if (userOptions.unauthenticatedOnly === undefined) {
       if (!isProduction) {
         console.warn(
-          '[@sidebase/nuxt-auth] `unauthenticatedOnly` was not provided to `definePageMeta` - defaulting to Guest Mode enabled. '
+          `${ERROR_PREFIX} \`unauthenticatedOnly\` was not provided to \`definePageMeta\` - defaulting to Guest Mode enabled. `
           + 'Read more at https://auth.sidebase.io/guide/application-side/protecting-pages#middleware-options'
         )
       }

src/runtime/utils/fetch.ts

@@ -1,9 +1,8 @@
 import { resolveApiUrlPath } from './url'
+import { ERROR_PREFIX } from './logger'
 import { callWithNuxt, useRuntimeConfig } from '#app'
 import type { useNuxtApp } from '#imports'
 
-const ERROR_PREFIX = '[@sidebase/nuxt-auth]'
-
 export async function _fetch<T>(nuxt: ReturnType<typeof useNuxtApp>, path: string, fetchOptions?: Parameters<typeof $fetch>[1]): Promise<T> {
   const runtimeConfig = await callWithNuxt(nuxt, useRuntimeConfig)
   const joinedPath = resolveApiUrlPath(path, runtimeConfig)

src/runtime/utils/logger.ts

@@ -0,0 +1 @@
+export const ERROR_PREFIX = '[@sidebase/nuxt-auth]'

src/runtime/utils/url.ts

@@ -17,7 +17,7 @@ export function resolveApiUrlPath(
   runtimeConfig: RuntimeConfig
 ): string {
   // Fully-specified endpoint path - do not join with `baseURL`
-  if (endpointPath.startsWith('http://') || endpointPath.startsWith('https://')) {
+  if (isExternalUrl(endpointPath)) {
     return endpointPath
   }
 
@@ -95,3 +95,12 @@ export function determineCallbackUrl<T extends string | Promise<string>>(
     return getOriginalTargetPath()
   }
 }
+
+/**
+ * Naively checks if a URL is external or not by comparing against its protocol.
+ *
+ * URL being valid is not a concern for this function as it is used with developer-controlled inputs.
+ */
+export function isExternalUrl(url: string): boolean {
+  return url.startsWith('http://') || url.startsWith('https://')
+}