nocodb/packages/nc-gui/middleware/auth.global.ts

import { message } from 'ant-design-vue'
import { defineNuxtRouteMiddleware, navigateTo } from '#app'
import { useApi, useGlobal } from '#imports'

/**
 * Global auth middleware
 *
 * On page transitions, this middleware checks if the target route requires authentication.
 * If the user is not signed in, the user is redirected to the sign in page.
 * If the user is signed in and attempts to access a route that does not require authentication (i.e. signin/signup pages),
 * the user is redirected to the home page.
 *
 * By default, we assume that auth is required
 * If not required, mark the page as
 * ```
 * definePageMeta({
 *   requiresAuth: false
 * })
 * ```
 *
 * If auth should be circumvented completely mark the page as public
 * ```
 * definePageMeta({
 *   public: true
 * })
 * ```
 *
 * @example
 * ```
 * definePageMeta({
 *  requiresAuth: false,
 *  ...
 *  })
 * ```
 */
export default defineNuxtRouteMiddleware(async (to, from) => {
  const state = useGlobal()

  const { api } = useApi()

  /** if user isn't signed in and google auth is enabled, try to check if sign-in data is present */
  if (!state.signedIn && state.appInfo.value.googleAuthEnabled) await tryGoogleAuth()

  /** if public allow all visitors */
  if (to.meta.public) return

  /** if shared base allow without validating */
  if (to.params?.projectType === 'base') return

  /** if auth is required or unspecified (same as required) and user is not signed in, redirect to signin page */
  if ((to.meta.requiresAuth || typeof to.meta.requiresAuth === 'undefined') && !state.signedIn.value) {
    /** If this is the first usern navigate to signup page directly */
    if (state.appInfo.value.firstUser) {
      return navigateTo('/signup')
    }

    return navigateTo('/signin')
  } else if (to.meta.requiresAuth === false && state.signedIn.value) {
    /**
     * if user was turned away from non-auth page but also came from a non-auth page (e.g. user went to /signin and reloaded the page)
     * redirect to home page
     *
     * else redirect back to the page they were coming from
     */
    if (from.meta.requiresAuth === false) {
      return navigateTo('/')
    } else {
      return navigateTo(from.path)
    }
  } else {
    /** if users are accessing the projects without having enough permissions, redirect to My Projects page */
    if (to.params.projectId) {
      const user = await api.auth.me({ project_id: to?.params?.projectId as string })
      if (user?.roles?.user) {
        message.error("You don't have enough permission to access the project.")
        return navigateTo('/')
      }
    }
  }
})

/**
 * If present, try using google auth data to sign user in before navigating to the next page
 */
async function tryGoogleAuth() {
  const { signIn } = useGlobal()

  const { api } = useApi()

  if (window.location.search && /\bscope=|\bstate=/.test(window.location.search) && /\bcode=/.test(window.location.search)) {
    try {
      const {
        data: { token },
      } = await api.instance.post(
        `/auth/${window.location.search.includes('state=github') ? 'github' : 'google'}/genTokenByCode${window.location.search}`,
      )

      signIn(token)
    } catch (e: any) {
      if (e.response && e.response.data && e.response.data.msg) {
        message.error({ content: e.response.data.msg })
      }
    }

    const newURL = window.location.href.split('?')[0]
    window.history.pushState('object', document.title, newURL)
  }
}
feat(gui-v2): add google auth signup option 2 years ago			`import { message } from 'ant-design-vue'`
chore(gui-v2): correct usage of `useGlobal` 2 years ago			`import { defineNuxtRouteMiddleware, navigateTo } from '#app'`
feat(gui-v2): add google auth signup option 2 years ago			`import { useApi, useGlobal } from '#imports'`
feat(gui-v2): add auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago
chore(gui-v2): add comments to global auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`/**`
			`* Global auth middleware`
			`*`
			`* On page transitions, this middleware checks if the target route requires authentication.`
			`* If the user is not signed in, the user is redirected to the sign in page.`
			`* If the user is signed in and attempts to access a route that does not require authentication (i.e. signin/signup pages),`
			`* the user is redirected to the home page.`
			`*`
			`* By default, we assume that auth is required`
chore(gui-v2): update middleware docs 2 years ago			`* If not required, mark the page as`
			* ```
			`* definePageMeta({`
			`* requiresAuth: false`
			`* })`
			* ```
			`*`
			`* If auth should be circumvented completely mark the page as public`
			* ```
			`* definePageMeta({`
			`* public: true`
			`* })`
			* ```
chore(gui-v2): add comments to global auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`*`
			`* @example`
			* ```
			`* definePageMeta({`
			`* requiresAuth: false,`
			`* ...`
			`* })`
			* ```
			`*/`
feat(gui-v2): add google auth signup option 2 years ago			`export default defineNuxtRouteMiddleware(async (to, from) => {`
chore(gui-v2): correct usage of `useGlobal` 2 years ago			`const state = useGlobal()`
feat(gui-v2): add auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago
fix(gui-v2): show error message when accessing projects with insufficient permissions 2 years ago			`const { api } = useApi()`

chore(gui-v2): check if signed in before trying google auth 2 years ago			`/** if user isn't signed in and google auth is enabled, try to check if sign-in data is present */`
			`if (!state.signedIn && state.appInfo.value.googleAuthEnabled) await tryGoogleAuth()`
feat(gui-v2): add google auth signup option 2 years ago
chore(gui-v2): check if signed in before trying google auth 2 years ago			`/** if public allow all visitors */`
fix(gui-v2): allow shared form view publicly Signed-off-by: Pranav C <pranavxc@gmail.com> 2 years ago			`if (to.meta.public) return`

chore(gui-v2): check if signed in before trying google auth 2 years ago			`/** if shared base allow without validating */`
feat(gui-v2): skip auth validation if shared base route Signed-off-by: Pranav C <pranavxc@gmail.com> 2 years ago			`if (to.params?.projectType === 'base') return`

chore(gui-v2): add comments to global auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`/** if auth is required or unspecified (same as required) and user is not signed in, redirect to signin page */`
chore(gui-v2): correct usage of `useGlobal` 2 years ago			`if ((to.meta.requiresAuth \|\| typeof to.meta.requiresAuth === 'undefined') && !state.signedIn.value) {`
refactor(gui-v2): corrections Signed-off-by: Pranav C <pranavxc@gmail.com> 2 years ago			`/** If this is the first usern navigate to signup page directly */`
			`if (state.appInfo.value.firstUser) {`
refactor(gui-v2): navigate to signup page if first user Signed-off-by: Pranav C <pranavxc@gmail.com> 2 years ago			`return navigateTo('/signup')`
			`}`
refactor(gui-v2): corrections Signed-off-by: Pranav C <pranavxc@gmail.com> 2 years ago
feat(gui-v2): add auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`return navigateTo('/signin')`
chore(gui-v2): correct usage of `useGlobal` 2 years ago			`} else if (to.meta.requiresAuth === false && state.signedIn.value) {`
chore(gui-v2): add comments to global auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`/**`
			`* if user was turned away from non-auth page but also came from a non-auth page (e.g. user went to /signin and reloaded the page)`
			`* redirect to home page`
			`*`
			`* else redirect back to the page they were coming from`
			`*/`
fix(gui-v2): fix infinite middleware loop Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`if (from.meta.requiresAuth === false) {`
			`return navigateTo('/')`
			`} else {`
			`return navigateTo(from.path)`
			`}`
fix(gui-v2): show error message when accessing projects with insufficient permissions 2 years ago			`} else {`
			`/** if users are accessing the projects without having enough permissions, redirect to My Projects page */`
			`if (to.params.projectId) {`
			`const user = await api.auth.me({ project_id: to?.params?.projectId as string })`
			`if (user?.roles?.user) {`
			`message.error("You don't have enough permission to access the project.")`
			`return navigateTo('/')`
			`}`
			`}`
feat(gui-v2): add auth middleware Signed-off-by: Braks <78412429+bcakmakoglu@users.noreply.github.com> 2 years ago			`}`
			`})`
feat(gui-v2): add google auth signup option 2 years ago
chore(gui-v2): update middleware docs 2 years ago			`/**`
			`* If present, try using google auth data to sign user in before navigating to the next page`
			`*/`
feat(gui-v2): add google auth signup option 2 years ago			`async function tryGoogleAuth() {`
			`const { signIn } = useGlobal()`

			`const { api } = useApi()`

			`if (window.location.search && /\bscope=\|\bstate=/.test(window.location.search) && /\bcode=/.test(window.location.search)) {`
			`try {`
			`const {`
			`data: { token },`
			`} = await api.instance.post(`
			`/auth/${window.location.search.includes('state=github') ? 'github' : 'google'}/genTokenByCode${window.location.search}`,
			`)`

			`signIn(token)`
			`} catch (e: any) {`
			`if (e.response && e.response.data && e.response.data.msg) {`
			`message.error({ content: e.response.data.msg })`
			`}`
			`}`

			`const newURL = window.location.href.split('?')[0]`
			`window.history.pushState('object', document.title, newURL)`
			`}`
			`}`