Merge pull request #83 from manchenkoff/82-feature-guest-mode-for-glo…

…bal-middleware feat!: added guest mode for global middleware
manchenkoff · Apr 30, 2024 · e695755 · e695755
2 parents 49c0c8c + 9085aca
commit e695755
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 10 deletions.
diff --git a/playground/nuxt.config.ts b/playground/nuxt.config.ts
@@ -24,5 +24,9 @@ export default defineNuxtConfig({
             logout: '/api/logout',
             user: '/api/user',
         },
+        globalMiddleware: {
+            allow404WithoutAuth: true,
+            enabled: false,
+        },
     },
 });
diff --git a/src/index.d.ts b/src/index.d.ts
@@ -1,4 +1,7 @@
-import { SanctumModuleOptions } from './types';
+import type {
+    SanctumModuleOptions,
+    SanctumGlobalMiddlewarePageMeta,
+} from './types';
 
 declare module 'nuxt/schema' {
     interface PublicRuntimeConfig {
@@ -8,6 +11,15 @@ declare module 'nuxt/schema' {
 
 declare module '#app' {
     interface PageMeta {
+        /**
+         * @deprecated Use `sanctum.excluded` instead.
+         */
         excludeFromSanctum?: boolean;
+        /**
+         * Sanctum global middleware page configuration.
+         */
+        sanctum?: Partial<SanctumGlobalMiddlewarePageMeta>;
     }
 }
+
+export {};
diff --git a/src/runtime/middleware/sanctum.global.ts b/src/runtime/middleware/sanctum.global.ts
@@ -24,22 +24,32 @@ export default defineNuxtRouteMiddleware((to) => {
         );
     }
 
-    if (isAuthenticated.value === true) {
-        if (to.path === loginPage) {
-            return navigateTo(homePage, { replace: true });
-        }
+    if (
+        options.globalMiddleware.allow404WithoutAuth &&
+        to.matched.length === 0
+    ) {
+        return;
+    }
 
+    if (
+        to.meta.excludeFromSanctum === true ||
+        to.meta.sanctum?.excluded === true
+    ) {
         return;
     }
 
-    if (to.path === loginPage || to.meta.excludeFromSanctum === true) {
+    const isPageForGuestsOnly =
+        to.path === loginPage || to.meta.sanctum?.guestOnly === true;
+
+    if (isAuthenticated.value === true) {
+        if (isPageForGuestsOnly) {
+            return navigateTo(homePage, { replace: true });
+        }
+
         return;
     }
 
-    if (
-        options.globalMiddleware.allow404WithoutAuth &&
-        to.matched.length === 0
-    ) {
+    if (isPageForGuestsOnly) {
         return;
     }
 

diff --git a/src/types.ts b/src/types.ts
@@ -1,21 +1,39 @@
+/**
+ * Page meta information to be used by the global middleware.
+ */
+export interface SanctumGlobalMiddlewarePageMeta {
+    /**
+     * Determines whether the page should be excluded from middleware checks.
+     */
+    excluded?: boolean;
+    /**
+     * Determines whether the page should be accessible only by unauthenticated users.
+     */
+    guestOnly?: boolean;
+}
+
 /**
  * Definition of Laravel Sanctum endpoints to be used by the client.
  */
 export interface SanctumEndpoints {
     /**
      * The endpoint to request a new CSRF token.
+     * @default '/sanctum/csrf-cookie'
      */
     csrf: string;
     /**
      * The endpoint to send user credentials to authenticate.
+     * @default '/login'
      */
     login: string;
     /**
      * The endpoint to destroy current user session.
+     * @default '/logout'
      */
     logout: string;
     /**
      * The endpoint to fetch current user data.
+     * @default '/api/user'
      */
     user: string;
 }
@@ -26,10 +44,12 @@ export interface SanctumEndpoints {
 export interface CsrfOptions {
     /**
      * Name of the CSRF cookie to extract from server response.
+     * @default 'XSRF-TOKEN'
      */
     cookie: string;
     /**
      * Name of the CSRF header to pass from client to server.
+     * @default 'X-XSRF-TOKEN'
      */
     header: string;
 }
@@ -40,6 +60,7 @@ export interface CsrfOptions {
 export interface ClientOptions {
     /**
      * The number of times to retry a request when it fails.
+     * @default false
      */
     retry: number | false;
 }
@@ -50,26 +71,31 @@ export interface ClientOptions {
 export interface RedirectOptions {
     /**
      * Determines whether to keep the requested route when redirecting after login.
+     * @default false
      */
     keepRequestedRoute: boolean;
     /**
      * Route to redirect to when user is authenticated.
      * If set to false, do nothing.
+     * @default '/'
      */
     onLogin: string | false;
     /**
      * Route to redirect to when user is not authenticated.
      * If set to false, do nothing.
+     * @default '/'
      */
     onLogout: string | false;
     /**
      * Route to redirect to when user has to be authenticated.
      * If set to false, the plugin will throw an 403 error.
+     * @default '/login'
      */
     onAuthOnly: string | false;
     /**
      * Route to redirect to when user has to be a guest.
      * If set to false, the plugin will throw an 403 error.
+     * @default '/'
      */
     onGuestOnly: string | false;
 }
@@ -80,10 +106,12 @@ export interface RedirectOptions {
 export interface GlobalMiddlewareOptions {
     /**
      * Determines whether the global middleware is enabled.
+     * @default false
      */
     enabled: boolean;
     /**
      * Determines whether to allow 404 pages without authentication.
+     * @default true
      */
     allow404WithoutAuth: boolean;
 }
@@ -102,10 +130,12 @@ export interface SanctumModuleOptions {
     origin?: string;
     /**
      * The key to use to store the user identity in the `useState` variable.
+     * @default 'sanctum.user.identity'
      */
     userStateKey: string;
     /**
      * Determine to redirect when user is authenticated.
+     * @default false
      */
     redirectIfAuthenticated: boolean;
     /**
@@ -139,6 +169,7 @@ export interface SanctumModuleOptions {
      * 5: Trace logs
      *
      * More details at https://github.com/unjs/consola?tab=readme-ov-file#log-level
+     * @default 3
      */
     logLevel: number;
 }