feat(auth-middleware): add include to RedirectOptions (#336)

Resolves #268
nuxt-modules · Mar 7, 2024 · f9aad55 · f9aad55
1 parent 5c1df87
commit f9aad55
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 3 deletions.
diff --git a/docs/content/2.get-started.md b/docs/content/2.get-started.md
@@ -98,13 +98,15 @@ Default:
   redirectOptions: {
     login: '/login',
     callback: '/confirm',
+    include: undefined,
     exclude: [],
     cookieRedirect: false,
   }
 ```
 
 - `login`: User will be redirected to this path if not authenticated or after logout.
 - `callback`: This is the path the user will be redirect to after supabase login redirection. Should match configured `redirectTo` option of your [signIn method](https://supabase.com/docs/reference/javascript/auth-signinwithoauth). Should also be configured in your Supabase dashboard under `Authentication -> URL Configuration -> Redirect URLs`.
+- `include`: Routes to include in the redirect. `['/admin(/*)?']` will enable the redirect only for the `admin` page and all sub-pages.
 - `exclude`: Routes to exclude from the redirect. `['/foo', '/bar/*']` will exclude the `foo` page and all pages in your `bar` folder.
 - `cookieRedirect`: Sets a cookie containing the path an unauthenticated user tried to access. The cookie can then be used on the [`/confirm`](https://supabase.nuxtjs.org/authentication#confirm-page-confirm) page to redirect the user to the page they previously tried to visit.
 

diff --git a/docs/content/3.authentication.md b/docs/content/3.authentication.md
@@ -14,7 +14,7 @@ For advanced users who want to implement the auth behaviour themselves, you can
 
 ## Log-in page - `/login`
 
-Each time a user is trying to access a page that needs authentication, he will automatically be redirected to the configured log in page. If you want to allow access to "public" page, you just need to add them in the [exclude](/get-started#redirectoptions) redirect option.
+Each time a user is trying to access a page that needs authentication, he will automatically be redirected to the configured log in page. If you want to allow access to "public" page, you just need to add them in the [exclude](/get-started#redirectoptions) redirect option. Alternatively, you can enable the redirect only for certain routes using the [include](/get-started#redirectoptions) redirect option.
 
 ::callout{icon="i-heroicons-exclamation-triangle-20-solid" color="amber"}
 Ensure to activate the authentication providers you want in the Supabase Dashboard under `Authentication -> Providers`.

diff --git a/docs/content/4.usage/composables/useSupabaseUser.md b/docs/content/4.usage/composables/useSupabaseUser.md
@@ -14,7 +14,7 @@ const user = useSupabaseUser()
 ## Auth middleware
 
 ::callout{icon="i-heroicons-light-bulb"}
-By default, the module is implementing a redirect middleware. All pages of your application are automatically redirected to the [login](/get-started#redirectoptions) page. However, you can allow redirection to "public" pages by setting the [exclude](/get-started#redirectoptions) redirect option.
+By default, the module is implementing a redirect middleware. All pages of your application are automatically redirected to the [login](/get-started#redirectoptions) page. However, you can allow redirection to "public" pages by setting the [exclude](/get-started#redirectoptions) redirect option. Alternatively, you can enable the redirect only for certain routes using the [include](/get-started#redirectoptions) redirect option.
 ::
 
 If the [redirect](/get-started#redirect) option is disabled, you can protect your authenticated routes by creating a custom middleware in your project, here is an example:

diff --git a/playground/nuxt.config.ts b/playground/nuxt.config.ts
@@ -17,6 +17,7 @@ export default defineNuxtConfig({
     redirectOptions: {
       login: '/login',
       callback: '/confirm',
+      // include: ['/protected'],
       exclude: ['/unprotected', '/public/*']
     }
   },

diff --git a/playground/pages/protected.vue b/playground/pages/protected.vue
@@ -0,0 +1,3 @@
+<template>
+  <div>This page is protected. You should only be able to access it, if you are logged in.</div>
+</template>
diff --git a/src/runtime/plugins/auth-redirect.ts b/src/runtime/plugins/auth-redirect.ts
@@ -8,9 +8,20 @@ export default defineNuxtPlugin({
       'global-auth',
       defineNuxtRouteMiddleware((to) => {
         const config = useRuntimeConfig().public.supabase
-        const { login, callback, exclude, cookieRedirect } = config.redirectOptions
+        const { login, callback, include, exclude, cookieRedirect } = config.redirectOptions
         const { cookieName, cookieOptions } = config
 
+        // Redirect only on included routes (if defined)
+        if (include && include.length > 0) {
+          const isIncluded = include.some((path) => {
+            const regex = new RegExp(`^${path.replace(/\*/g, '.*')}$`)
+            return regex.test(to.path)
+          })
+          if (!isIncluded) {
+            return
+          }
+        }
+
         // Do not redirect on login route, callback route and excluded routes
         const isExcluded = [...exclude, login, callback]?.some((path) => {
           const regex = new RegExp(`^${path.replace(/\*/g, '.*')}$`)

diff --git a/src/runtime/types/index.d.ts b/src/runtime/types/index.d.ts
@@ -17,6 +17,7 @@ declare module '@nuxt/schema' {
 export interface RedirectOptions {
   login: string
   callback: string
+  include?: string[]
   exclude?: string[]
   cookieRedirect?: boolean
 }