port-nimara-client-portal/middleware/authentication.ts

export default defineNuxtRouteMiddleware(async (to) => {
  // Skip auth for SSR
  if (import.meta.server) return;

  // Check if auth is required (default true unless explicitly set to false)
  const isAuthRequired = to.meta.auth !== false;
  
  if (!isAuthRequired) {
    console.log('[MIDDLEWARE] Auth not required for route:', to.path);
    return;
  }

  console.log('[MIDDLEWARE] Checking authentication for route:', to.path);

  try {
    // Check Keycloak authentication via session API
    const sessionData = await $fetch('/api/auth/session') as any;
    
    console.log('[MIDDLEWARE] Session check result:', {
      authenticated: sessionData.authenticated,
      hasUser: !!sessionData.user,
      userId: sessionData.user?.id
    });

    if (sessionData.authenticated && sessionData.user) {
      console.log('[MIDDLEWARE] User authenticated, allowing access');
      return;
    }

    console.log('[MIDDLEWARE] No valid authentication found, redirecting to login');
    return navigateTo('/login');
    
  } catch (error) {
    console.error('[MIDDLEWARE] Auth check failed:', error);
    return navigateTo('/login');
  }
});
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`export default defineNuxtRouteMiddleware(async (to) => {`
			`// Skip auth for SSR`
			`if (import.meta.server) return;`
feat: add files 2025-02-16 13:10:19 +01:00
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`// Check if auth is required (default true unless explicitly set to false)`
			`const isAuthRequired = to.meta.auth !== false;`

MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration ## SOLUTION: Migrate to Server-Side OIDC Authentication This completely replaces the problematic keycloak-js client-side implementation with nuxt-oidc-auth, eliminating all CORS and iframe issues. ### Benefits: - No more CORS errors - Server-side OAuth flow - No iframe dependencies - Eliminates cross-domain issues - Works with nginx proxy - No proxy configuration conflicts - Better security - Tokens handled server-side - Cleaner integration - Native Nuxt patterns - Maintains Directus compatibility - Dual auth support ### Installation & Configuration: - Added uxt-oidc-auth module to nuxt.config.ts - Configured Keycloak provider with proper OIDC settings - Updated environment variables for security keys ### Code Changes: #### Authentication Flow: - middleware/authentication.ts - Updated to check both Directus + OIDC auth - composables/useUnifiedAuth.ts - Migrated to use useOidcAuth() - pages/login.vue - Updated SSO button to use oidcLogin('keycloak') #### Configuration: - nuxt.config.ts - Added OIDC provider configuration - .env.example - Updated with nuxt-oidc-auth environment variables - Removed old Keycloak runtime config #### Cleanup: - Removed keycloak-js dependency from package.json - Deleted obsolete files: - composables/useKeycloak.ts - pages/auth/callback.vue - server/utils/keycloak-oauth.ts - server/api/debug/ directory ### Authentication Routes (Auto-Generated): - /auth/keycloak/login - SSO login endpoint - /auth/keycloak/logout - SSO logout endpoint - /auth/keycloak/callback - OAuth callback (handled automatically) ### Security Setup Required: Environment variables needed for production: - NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET - NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key) - NUXT_OIDC_SESSION_SECRET (48-character random string) - NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string) ### Expected Results: SSO login should work without CORS errors Compatible with nginx proxy setup Maintains existing Directus authentication Server-side session management Automatic token refresh Ready for container rebuild and production testing! 2025-06-14 15:58:03 +02:00			`if (!isAuthRequired) {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`console.log('[MIDDLEWARE] Auth not required for route:', to.path);`
MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration ## SOLUTION: Migrate to Server-Side OIDC Authentication This completely replaces the problematic keycloak-js client-side implementation with nuxt-oidc-auth, eliminating all CORS and iframe issues. ### Benefits: - No more CORS errors - Server-side OAuth flow - No iframe dependencies - Eliminates cross-domain issues - Works with nginx proxy - No proxy configuration conflicts - Better security - Tokens handled server-side - Cleaner integration - Native Nuxt patterns - Maintains Directus compatibility - Dual auth support ### Installation & Configuration: - Added uxt-oidc-auth module to nuxt.config.ts - Configured Keycloak provider with proper OIDC settings - Updated environment variables for security keys ### Code Changes: #### Authentication Flow: - middleware/authentication.ts - Updated to check both Directus + OIDC auth - composables/useUnifiedAuth.ts - Migrated to use useOidcAuth() - pages/login.vue - Updated SSO button to use oidcLogin('keycloak') #### Configuration: - nuxt.config.ts - Added OIDC provider configuration - .env.example - Updated with nuxt-oidc-auth environment variables - Removed old Keycloak runtime config #### Cleanup: - Removed keycloak-js dependency from package.json - Deleted obsolete files: - composables/useKeycloak.ts - pages/auth/callback.vue - server/utils/keycloak-oauth.ts - server/api/debug/ directory ### Authentication Routes (Auto-Generated): - /auth/keycloak/login - SSO login endpoint - /auth/keycloak/logout - SSO logout endpoint - /auth/keycloak/callback - OAuth callback (handled automatically) ### Security Setup Required: Environment variables needed for production: - NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET - NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key) - NUXT_OIDC_SESSION_SECRET (48-character random string) - NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string) ### Expected Results: SSO login should work without CORS errors Compatible with nginx proxy setup Maintains existing Directus authentication Server-side session management Automatic token refresh Ready for container rebuild and production testing! 2025-06-14 15:58:03 +02:00			`return;`
			`}`

FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`console.log('[MIDDLEWARE] Checking authentication for route:', to.path);`

Fix SSR and defensive coding for Keycloak integration - Add proper SSR guards and error handling - Make authentication middleware more defensive - Add null checks in useUnifiedAuth composable - Prevent JavaScript errors from breaking page load - Prioritize Directus auth over Keycloak for stability 2025-06-14 15:01:45 +02:00			`try {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`// Check Keycloak authentication via session API`
			`const sessionData = await $fetch('/api/auth/session') as any;`
Fix SSR and defensive coding for Keycloak integration - Add proper SSR guards and error handling - Make authentication middleware more defensive - Add null checks in useUnifiedAuth composable - Prevent JavaScript errors from breaking page load - Prioritize Directus auth over Keycloak for stability 2025-06-14 15:01:45 +02:00
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`console.log('[MIDDLEWARE] Session check result:', {`
			`authenticated: sessionData.authenticated,`
			`hasUser: !!sessionData.user,`
			`userId: sessionData.user?.id`
			`});`
feat: add files 2025-02-16 13:10:19 +01:00
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`if (sessionData.authenticated && sessionData.user) {`
			`console.log('[MIDDLEWARE] User authenticated, allowing access');`
Fix SSR and defensive coding for Keycloak integration - Add proper SSR guards and error handling - Make authentication middleware more defensive - Add null checks in useUnifiedAuth composable - Prevent JavaScript errors from breaking page load - Prioritize Directus auth over Keycloak for stability 2025-06-14 15:01:45 +02:00			`return;`
			`}`
feat: add files 2025-02-16 13:10:19 +01:00
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`console.log('[MIDDLEWARE] No valid authentication found, redirecting to login');`
MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration ## SOLUTION: Migrate to Server-Side OIDC Authentication This completely replaces the problematic keycloak-js client-side implementation with nuxt-oidc-auth, eliminating all CORS and iframe issues. ### Benefits: - No more CORS errors - Server-side OAuth flow - No iframe dependencies - Eliminates cross-domain issues - Works with nginx proxy - No proxy configuration conflicts - Better security - Tokens handled server-side - Cleaner integration - Native Nuxt patterns - Maintains Directus compatibility - Dual auth support ### Installation & Configuration: - Added uxt-oidc-auth module to nuxt.config.ts - Configured Keycloak provider with proper OIDC settings - Updated environment variables for security keys ### Code Changes: #### Authentication Flow: - middleware/authentication.ts - Updated to check both Directus + OIDC auth - composables/useUnifiedAuth.ts - Migrated to use useOidcAuth() - pages/login.vue - Updated SSO button to use oidcLogin('keycloak') #### Configuration: - nuxt.config.ts - Added OIDC provider configuration - .env.example - Updated with nuxt-oidc-auth environment variables - Removed old Keycloak runtime config #### Cleanup: - Removed keycloak-js dependency from package.json - Deleted obsolete files: - composables/useKeycloak.ts - pages/auth/callback.vue - server/utils/keycloak-oauth.ts - server/api/debug/ directory ### Authentication Routes (Auto-Generated): - /auth/keycloak/login - SSO login endpoint - /auth/keycloak/logout - SSO logout endpoint - /auth/keycloak/callback - OAuth callback (handled automatically) ### Security Setup Required: Environment variables needed for production: - NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET - NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key) - NUXT_OIDC_SESSION_SECRET (48-character random string) - NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string) ### Expected Results: SSO login should work without CORS errors Compatible with nginx proxy setup Maintains existing Directus authentication Server-side session management Automatic token refresh Ready for container rebuild and production testing! 2025-06-14 15:58:03 +02:00			`return navigateTo('/login');`

Fix SSR and defensive coding for Keycloak integration - Add proper SSR guards and error handling - Make authentication middleware more defensive - Add null checks in useUnifiedAuth composable - Prevent JavaScript errors from breaking page load - Prioritize Directus auth over Keycloak for stability 2025-06-14 15:01:45 +02:00			`} catch (error) {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`console.error('[MIDDLEWARE] Auth check failed:', error);`
MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration ## SOLUTION: Migrate to Server-Side OIDC Authentication This completely replaces the problematic keycloak-js client-side implementation with nuxt-oidc-auth, eliminating all CORS and iframe issues. ### Benefits: - No more CORS errors - Server-side OAuth flow - No iframe dependencies - Eliminates cross-domain issues - Works with nginx proxy - No proxy configuration conflicts - Better security - Tokens handled server-side - Cleaner integration - Native Nuxt patterns - Maintains Directus compatibility - Dual auth support ### Installation & Configuration: - Added uxt-oidc-auth module to nuxt.config.ts - Configured Keycloak provider with proper OIDC settings - Updated environment variables for security keys ### Code Changes: #### Authentication Flow: - middleware/authentication.ts - Updated to check both Directus + OIDC auth - composables/useUnifiedAuth.ts - Migrated to use useOidcAuth() - pages/login.vue - Updated SSO button to use oidcLogin('keycloak') #### Configuration: - nuxt.config.ts - Added OIDC provider configuration - .env.example - Updated with nuxt-oidc-auth environment variables - Removed old Keycloak runtime config #### Cleanup: - Removed keycloak-js dependency from package.json - Deleted obsolete files: - composables/useKeycloak.ts - pages/auth/callback.vue - server/utils/keycloak-oauth.ts - server/api/debug/ directory ### Authentication Routes (Auto-Generated): - /auth/keycloak/login - SSO login endpoint - /auth/keycloak/logout - SSO logout endpoint - /auth/keycloak/callback - OAuth callback (handled automatically) ### Security Setup Required: Environment variables needed for production: - NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET - NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key) - NUXT_OIDC_SESSION_SECRET (48-character random string) - NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string) ### Expected Results: SSO login should work without CORS errors Compatible with nginx proxy setup Maintains existing Directus authentication Server-side session management Automatic token refresh Ready for container rebuild and production testing! 2025-06-14 15:58:03 +02:00			`return navigateTo('/login');`
feat: add files 2025-02-16 13:10:19 +01:00			`}`
			`});`