126 lines
4.0 KiB
TypeScript
126 lines
4.0 KiB
TypeScript
export default defineNuxtRouteMiddleware(async (to) => {
|
|
// Skip auth for SSR
|
|
if (import.meta.server) return;
|
|
|
|
// Check if auth is required (default true unless explicitly set to false)
|
|
const isAuthRequired = to.meta.auth !== false;
|
|
|
|
if (!isAuthRequired) {
|
|
console.log('[MIDDLEWARE] Auth not required for route:', to.path);
|
|
return;
|
|
}
|
|
|
|
// Skip auth check if we're already on the login page to prevent redirect loops
|
|
if (to.path === '/login' || to.path.startsWith('/auth')) {
|
|
return;
|
|
}
|
|
|
|
console.log('[MIDDLEWARE] Checking authentication for route:', to.path);
|
|
|
|
// Use a cached auth state to avoid excessive API calls
|
|
const nuxtApp = useNuxtApp();
|
|
const cacheKey = 'auth:session:cache';
|
|
const cacheExpiry = 30000; // 30 seconds cache
|
|
|
|
// Check if we have a cached session
|
|
const cachedSession = nuxtApp.payload.data?.[cacheKey];
|
|
const now = Date.now();
|
|
|
|
if (cachedSession && cachedSession.timestamp && (now - cachedSession.timestamp) < cacheExpiry) {
|
|
console.log('[MIDDLEWARE] Using cached session');
|
|
if (cachedSession.authenticated && cachedSession.user) {
|
|
// Store auth state for components
|
|
if (!nuxtApp.payload.data) {
|
|
nuxtApp.payload.data = {};
|
|
}
|
|
nuxtApp.payload.data.authState = {
|
|
user: cachedSession.user,
|
|
authenticated: cachedSession.authenticated,
|
|
groups: cachedSession.groups || []
|
|
};
|
|
return;
|
|
}
|
|
return navigateTo('/login');
|
|
}
|
|
|
|
try {
|
|
// Check Keycloak authentication via session API with timeout
|
|
const controller = new AbortController();
|
|
const timeout = setTimeout(() => controller.abort(), 5000); // 5 second timeout
|
|
|
|
const sessionData = await $fetch('/api/auth/session', {
|
|
signal: controller.signal,
|
|
retry: 1,
|
|
retryDelay: 500
|
|
}) as any;
|
|
|
|
clearTimeout(timeout);
|
|
|
|
// Cache the session data
|
|
if (!nuxtApp.payload.data) {
|
|
nuxtApp.payload.data = {};
|
|
}
|
|
|
|
nuxtApp.payload.data[cacheKey] = {
|
|
...sessionData,
|
|
timestamp: now
|
|
};
|
|
|
|
// Store auth state for components
|
|
nuxtApp.payload.data.authState = {
|
|
user: sessionData.user,
|
|
authenticated: sessionData.authenticated,
|
|
groups: sessionData.groups || []
|
|
};
|
|
|
|
console.log('[MIDDLEWARE] Session check result:', {
|
|
authenticated: sessionData.authenticated,
|
|
hasUser: !!sessionData.user,
|
|
userId: sessionData.user?.id,
|
|
groups: sessionData.groups || []
|
|
});
|
|
|
|
if (sessionData.authenticated && sessionData.user) {
|
|
console.log('[MIDDLEWARE] User authenticated, allowing access');
|
|
|
|
// Check for any auth errors from authorization middleware
|
|
if (nuxtApp.payload.authError) {
|
|
const toast = useToast();
|
|
toast.error(String(nuxtApp.payload.authError));
|
|
delete nuxtApp.payload.authError;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
console.log('[MIDDLEWARE] No valid authentication found, redirecting to login');
|
|
return navigateTo('/login');
|
|
|
|
} catch (error: any) {
|
|
console.error('[MIDDLEWARE] Auth check failed:', error);
|
|
|
|
// If it's a network error or timeout, check if we have a recent cached session
|
|
if (error.name === 'AbortError' || error.code === 'ECONNREFUSED') {
|
|
console.log('[MIDDLEWARE] Network error, checking for recent cache');
|
|
const recentCache = nuxtApp.payload.data?.[cacheKey];
|
|
if (recentCache && recentCache.timestamp && (now - recentCache.timestamp) < 300000) { // 5 minutes
|
|
console.log('[MIDDLEWARE] Using recent cache despite network error');
|
|
if (recentCache.authenticated && recentCache.user) {
|
|
// Store auth state for components
|
|
if (!nuxtApp.payload.data) {
|
|
nuxtApp.payload.data = {};
|
|
}
|
|
nuxtApp.payload.data.authState = {
|
|
user: recentCache.user,
|
|
authenticated: recentCache.authenticated,
|
|
groups: recentCache.groups || []
|
|
};
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
return navigateTo('/login');
|
|
}
|
|
});
|