120 lines
3.4 KiB
TypeScript
120 lines
3.4 KiB
TypeScript
export default defineNuxtPlugin(() => {
|
|
// Only run on client side
|
|
if (import.meta.server) return
|
|
|
|
const nuxtApp = useNuxtApp()
|
|
const toast = useToast()
|
|
|
|
// Global error handler for API requests
|
|
nuxtApp.hook('app:error', (error: any) => {
|
|
console.error('[AUTH_ERROR_HANDLER] Application error:', error)
|
|
|
|
// Handle authentication errors
|
|
if (error.statusCode === 401 || error.statusCode === 403) {
|
|
handleAuthError(error)
|
|
}
|
|
})
|
|
|
|
// Intercept $fetch errors globally
|
|
const originalFetch = globalThis.$fetch
|
|
globalThis.$fetch = $fetch.create({
|
|
onResponseError({ response }) {
|
|
console.log('[AUTH_ERROR_HANDLER] Response error:', {
|
|
status: response.status,
|
|
url: response.url,
|
|
statusText: response.statusText
|
|
})
|
|
|
|
// Handle authentication errors (401, 403)
|
|
if (response.status === 401 || response.status === 403) {
|
|
handleAuthError({
|
|
statusCode: response.status,
|
|
statusMessage: response.statusText,
|
|
data: response._data
|
|
})
|
|
}
|
|
|
|
// Handle 404 errors that might be auth-related
|
|
if (response.status === 404 && isProtectedRoute()) {
|
|
console.warn('[AUTH_ERROR_HANDLER] 404 on protected route, may be auth-related')
|
|
// Check if session is still valid
|
|
checkAndHandleSession()
|
|
}
|
|
}
|
|
})
|
|
|
|
const handleAuthError = async (error: any) => {
|
|
console.error('[AUTH_ERROR_HANDLER] Authentication error detected:', error)
|
|
|
|
// Clear all auth-related caches
|
|
clearAuthCaches()
|
|
|
|
// Only show toast and redirect if we're not already on the login page
|
|
const route = useRoute()
|
|
if (route.path !== '/login' && !route.path.startsWith('/auth')) {
|
|
toast.error('Your session has expired. Please log in again.')
|
|
|
|
// Delay navigation slightly to ensure toast is visible
|
|
setTimeout(() => {
|
|
navigateTo('/login')
|
|
}, 500)
|
|
}
|
|
}
|
|
|
|
const clearAuthCaches = () => {
|
|
console.log('[AUTH_ERROR_HANDLER] Clearing authentication caches')
|
|
|
|
// Clear Nuxt app payload caches
|
|
if (nuxtApp.payload.data) {
|
|
delete nuxtApp.payload.data['auth:session:cache']
|
|
delete nuxtApp.payload.data.authState
|
|
}
|
|
|
|
// Clear session cookie
|
|
const sessionCookie = useCookie('nuxt-oidc-auth')
|
|
sessionCookie.value = null
|
|
}
|
|
|
|
const isProtectedRoute = () => {
|
|
const route = useRoute()
|
|
// Check if current route requires authentication
|
|
return route.meta.auth !== false &&
|
|
!route.path.startsWith('/login') &&
|
|
!route.path.startsWith('/auth')
|
|
}
|
|
|
|
const checkAndHandleSession = async () => {
|
|
try {
|
|
// Force a fresh session check without cache
|
|
const response = await fetch('/api/auth/session', {
|
|
headers: {
|
|
'Cache-Control': 'no-cache',
|
|
'Pragma': 'no-cache'
|
|
}
|
|
})
|
|
|
|
if (!response.ok) {
|
|
throw new Error(`Session check failed: ${response.status}`)
|
|
}
|
|
|
|
const sessionData = await response.json()
|
|
|
|
if (!sessionData.authenticated) {
|
|
handleAuthError({
|
|
statusCode: 401,
|
|
statusMessage: 'Session expired'
|
|
})
|
|
}
|
|
} catch (error) {
|
|
console.error('[AUTH_ERROR_HANDLER] Failed to check session:', error)
|
|
handleAuthError({
|
|
statusCode: 401,
|
|
statusMessage: 'Session check failed'
|
|
})
|
|
}
|
|
}
|
|
|
|
// Expose clearAuthCaches for manual use
|
|
nuxtApp.provide('clearAuthCaches', clearAuthCaches)
|
|
})
|