feat: Address 404 errors and session management issues, improve authorization middleware to use cached auth state, and adjust auth refresh plugin for better session validation

middleware/authorization.ts

@@ -10,17 +10,29 @@ export default defineNuxtRouteMiddleware(async (to) => {
   console.log('[AUTHORIZATION] Checking route access for:', to.path, 'Required roles:', to.meta.roles);
 
   try {
-    // Get current session data with groups
-    const sessionData = await $fetch('/api/auth/session') as any;
+    // Get auth state from authentication middleware (already cached)
+    const nuxtApp = useNuxtApp();
+    const authState = nuxtApp.payload?.data?.authState;
     
-    if (!sessionData.authenticated || !sessionData.user) {
-      console.log('[AUTHORIZATION] User not authenticated, redirecting to login');
-      return navigateTo('/login');
+    // If auth state not available, authentication middleware hasn't run or failed
+    if (!authState || !authState.authenticated || !authState.user) {
+      console.log('[AUTHORIZATION] No auth state found from authentication middleware');
+      
+      // Try to get from session cache as fallback
+      const sessionCache = nuxtApp.payload?.data?.['auth:session:cache'];
+      if (!sessionCache || !sessionCache.authenticated) {
+        console.log('[AUTHORIZATION] User not authenticated, redirecting to login');
+        return navigateTo('/login');
+      }
+      
+      // Use cached session
+      authState.user = sessionCache.user;
+      authState.groups = sessionCache.groups || [];
     }
 
     // Get required roles for this route
     const requiredRoles = Array.isArray(to.meta.roles) ? to.meta.roles : [to.meta.roles];
-    const userGroups = sessionData.groups || [];
+    const userGroups = authState.groups || [];
 
     // Check if user has any of the required roles
     const hasRequiredRole = requiredRoles.some(role => userGroups.includes(role));
@@ -29,29 +41,20 @@ export default defineNuxtRouteMiddleware(async (to) => {
       console.log('[AUTHORIZATION] Access denied. User groups:', userGroups, 'Required roles:', requiredRoles);
       
       // Store the error in nuxtApp to show toast on redirect
-      const nuxtApp = useNuxtApp();
       nuxtApp.payload.authError = `Access denied. This page requires one of the following roles: ${requiredRoles.join(', ')}`;
       
       // Redirect to dashboard instead of login since user is authenticated
       return navigateTo('/dashboard');
     }
 
-    // Store auth state in nuxtApp for use by components
-    const nuxtApp = useNuxtApp();
-    if (!nuxtApp.payload.data) {
-      nuxtApp.payload.data = {};
-    }
-    nuxtApp.payload.data.authState = {
-      user: sessionData.user,
-      authenticated: sessionData.authenticated,
-      groups: sessionData.groups || []
-    };
-
     console.log('[AUTHORIZATION] Access granted for route:', to.path);
   } catch (error) {
     console.error('[AUTHORIZATION] Error checking route access:', error);
     
-    // If session check fails, redirect to login
-    return navigateTo('/login');
+    // Don't automatically redirect to login on errors
+    // Let the authentication middleware handle auth failures
+    const toast = useToast();
+    toast.error('Failed to verify permissions. Please try again.');
+    return navigateTo('/dashboard');
   }
 });