feat: auth session managed on sessionStorage

2025-10-31 19:55:22 +01:00
parent bbf58ecb19
commit 6be93d915e
2 changed files with 33 additions and 22 deletions
--- a/front-nuxt/app/middleware/auth.global.ts
+++ b/front-nuxt/app/middleware/auth.global.ts
@@ -1,43 +1,45 @@
 import { USER_SESSION_STORAGE_KEY } from "~/constants/session.constants";
 import type { User } from "~/stores/user";

+const LOGIN_ROUTE = "/login";
+
 export default defineNuxtRouteMiddleware((to, from) => {
    let session: string | null = null;

-    // Not secured routes
+    // Not secured route// Recover user session
    if (
        to.path.startsWith("/favicon.ico") ||
        to.path.startsWith("/assets/") ||
-        to.path.startsWith("/login")
+        to.path.startsWith(LOGIN_ROUTE)
    ) {
        return;
    }

-    const userStore = useUserStore();
-    userStore.update({ id: "test", roles: ["admin"] });
-
    // Recover user session
    // NOTE: using the sessionStorage will not allow the user to have multiple tabs, to communicate them one can use the
-    //  broadcast channel: https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API
+    //  broadcast channel, although its not the safest way: https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API
    try {
        session = sessionStorage.getItem(
            USER_SESSION_STORAGE_KEY,
        );
+
+        // Manage secured routes
+        if (session) {
+            const user = JSON.parse(session) as User;
+            if (
+                user.apiSession?.exp &&
+                user.apiSession.exp > Date.now()
+            ) {
+                // try refresh token if it exists
+                // else just redirect to login
+                return navigateTo(LOGIN_ROUTE);
+            }
+        } else {
+            return navigateTo(LOGIN_ROUTE);
+        }
    } catch (e) {
        console.error(">> [!] Not in client");
    }

-    // Manage secured routes
-    if (session) {
-        const user = JSON.parse(session) as User;
-        if (
-            user.apiSession?.exp &&
-            user.apiSession.exp > Date.now()
-        ) {
-            // try refresh token
-            // else just redirect to login
-        }
-    }
-
    console.log(">> Global Middleware from ", from.path);
 });