Merge branch 'main' into 797/improve-base-url-detection

.github/workflows/ci.yaml

@@ -1,4 +1,4 @@
-name: nodejs CI
+name: CI
 
 on:
   push:

.github/workflows/pkg.pr.new.yml

@@ -0,0 +1,41 @@
+name: Publish Commit
+on:
+  push:
+    branches:
+      - '**'
+    tags:
+      - '!**'
+  pull_request:
+
+env:
+  NODE_VER: 22.5
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [20]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          run_install: false
+
+      - name: Use Node.js ${{ env.NODE_VER }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VER }}
+          cache: 'pnpm'
+
+      - name: Install deps
+        run: pnpm i
+
+      - name: Build and pack
+        run: pnpm prepack
+
+      - name: Publish package preview
+        run: pnpx pkg-pr-new publish --compact

.npmrc

@@ -1,3 +1,4 @@
 shamefully-hoist=true
 strict-peer-dependencies=false
 link-workspace-packages=true
+ignore-workspace-root-check=true

README.md

@@ -64,8 +64,7 @@ Then visit the [Quick Start documentation](https://auth.sidebase.io/guide/gettin
 
 `@sidebase/nuxt-auth` is a library with the goal of supporting authentication for any universal Nuxt 3 application. At the moment three providers are supported:
 - [`authjs`](https://auth.sidebase.io/guide/authjs/quick-start): for non-static apps that want to use [Auth.js / NextAuth.js](https://github.com/nextauthjs/next-auth) to offer the reliability & convenience of a 23k star library to the Nuxt 3 ecosystem with a native developer experience (DX)
-- [`local`](https://auth.sidebase.io/guide/local/quick-start): for static pages that rely on an external backend with a credential flow for authentication.
-- [`refresh`](https://auth.sidebase.io/guide/local/quick-start#refresh-token): for static pages that rely on an external backend with a credential flow and refresh tokens for authentication.
+- [`local`](https://auth.sidebase.io/guide/local/quick-start): for static pages that rely on an external backend with a credential flow for authentication. The Local Provider also supports refresh tokens since `v0.9.0`. Read more [here](https://auth.sidebase.io/upgrade/version-0.9.0).
 
 You can find a full list of our features, as well as which provider supports each feature [on our docs](https://auth.sidebase.io/guide/getting-started/choose-provider).
 
@@ -142,7 +141,6 @@ This module also has it's own playground:
 We have one playground per provider:
 - [`authjs`](./playground-authjs)
 - [`local`](./playground-local)
-- [`refresh`](./playground-refresh)
 
 ##### How to test static Nuxt 3 apps?
 

docs/.vitepress/routes/navbar.ts

@@ -13,7 +13,7 @@ export const routes: DefaultTheme.Config['nav'] = [
         link: '/guide/authjs/quick-start',
       },
       {
-        text: 'Local / Refresh guide',
+        text: 'Local guide',
         link: '/guide/local/quick-start',
       },
     ],
@@ -25,6 +25,10 @@ export const routes: DefaultTheme.Config['nav'] = [
         text: 'Overview',
         link: '/resources/overview',
       },
+      {
+        text: 'Upgrade Guides',
+        link: '/upgrade',
+      },
       {
         text: 'Recipes',
         link: '/recipes/introduction/welcome',
@@ -40,8 +44,12 @@ export const routes: DefaultTheme.Config['nav'] = [
     ],
   },
   {
-    text: '0.8.0',
+    text: '0.9.1',
     items: [
+      {
+        text: '0.8.2',
+        link: 'https://github.com/sidebase/nuxt-auth/tree/0.8.2/docs',
+      },
       {
         text: '0.7.2',
         link: 'https://github.com/sidebase/nuxt-auth/tree/0.7.2/docs/content',

docs/.vitepress/routes/sidebar/guide.ts

@@ -69,7 +69,7 @@ export const routes: DefaultTheme.SidebarItem[] = [
     ],
   },
   {
-    text: 'Local / Refresh Provider',
+    text: 'Local Provider',
     base: '/guide/local',
     items: [
       {

docs/.vitepress/routes/sidebar/index.ts

@@ -2,8 +2,10 @@ import type { DefaultTheme } from 'vitepress'
 
 import { routes as guideRoutes } from './guide'
 import { routes as recipesRoutes } from './recipes'
+import { routes as upgradeRoutes } from './upgrade'
 
 export const routes: DefaultTheme.Config['sidebar'] = {
   '/guide': guideRoutes,
-  '/recipes': recipesRoutes
+  '/recipes': recipesRoutes,
+  '/upgrade': upgradeRoutes
 }

docs/.vitepress/routes/sidebar/upgrade.ts

@@ -0,0 +1,18 @@
+import type { DefaultTheme } from 'vitepress'
+
+export const routes: DefaultTheme.SidebarItem[] = [
+  {
+    text: 'Versions',
+    base: '/upgrade',
+    items: [
+      {
+        text: 'Version 0.9.0',
+        link: '/version-0.9.0'
+      },
+      {
+        text: 'Version 0.8.0',
+        link: '/version-0.8.0'
+      }
+    ],
+  },
+]

docs/.vitepress/theme/components/Layout.vue

@@ -8,10 +8,10 @@ const { Layout } = DefaultTheme
 // Banner Configuration
 const bannerConfig = {
   // Leave text empty to disable the banner
-  text: '✨ NuxtAuth v0.8.0 has been released! ✨',
+  text: '🚀 NuxtAuth v0.9.0 has been released!',
   button: {
-    href: 'https://github.com/sidebase/nuxt-auth/releases/tag/0.8.0',
-    text: 'View release notes',
+    href: '/upgrade/version-0.9.0',
+    text: 'View upgrade guide',
   },
 }
 </script>

docs/guide/advanced/deployment/self-hosted.md

@@ -30,17 +30,17 @@ We recommend setting the `NUXT_AUTH_ORIGIN` during runtime and leaving the `base
 
 In addition to verifying that the origin is correctly set, also ensure that you have a secure [`secret` set in the NuxtAuthHandler](/guide/authjs/nuxt-auth-handler#secret).
 
-## Local / Refresh Provider
+## Local Provider
 
-When deploying a Local or Refresh -provider based app, you will only need to set the correct `baseURL` to your authentication backend.
+When deploying a Local provider based app, you will only need to set the correct `baseURL` to your authentication backend.
 
 This path can either be:
 
 - **Relative**: Pointing at a path inside your own application (e.g. `/api/auth`)
 - **Absolute**: Pointing at a path inside an external application (e.g. `https://my-auth-backend/api`)
 
 :::warning
-For the `local` and `refresh` providers, this value will need to be set at build time. This is required to support static applications.
+For the `local` provider, this value will need to be set at build time. This is required to support static applications.
 
 For this, ensure that you either directly set the `baseURL` inside the `nuxt.config.ts`, or provide a build-time environment variable that overwrites the value inside the `nuxt.config.ts`.
 :::

docs/guide/application-side/configuration.md

@@ -62,7 +62,7 @@ The full url at which the app will run combined with the path to authentication.
 - **port**: _empty_ (implies `:80` for http and `:443` for https), :3000, :8888
 - **path**: the path that directs to the location of your `NuxtAuthHandler` e.g. `/api/auth`
 
-### `local` and `refresh` Providers
+### `local` Provider
 
 Defaults to `/api/auth` for both development and production. Setting this is optional, if you set it you can set it to either:
 - just a path: Will lead to `nuxt-auth` using `baseURL` as a relative path appended to the origin you deploy to. Example: `/backend/auth`
@@ -74,12 +74,12 @@ If you point to a different origin than the one you deploy to you likely have to
 
 ## `provider`
 
-- **Type**: `ProviderAuthjs | ProviderLocal | ProviderRefresh`
+- **Type**: `ProviderAuthjs | ProviderLocal`
 - **Default**: `undefined`
 
 Configuration of the authentication provider. Different providers are supported:
 - AuthJS: See [configuration options here](/guide/authjs/quick-start#configuration)
-- Local / Refresh: See [configuration options here](/guide/local/quick-start)
+- Local: See [configuration options here](/guide/local/quick-start)
 
 ## `sessionRefresh`
 

docs/guide/application-side/session-access.md

@@ -27,25 +27,12 @@ const {
   data,
   lastRefreshedAt,
   token,
-  getSession,
-  signUp,
-  signIn,
-  signOut
-} = useAuth()
-```
-
-```ts [refresh]
-const {
-  status,
-  data,
-  lastRefreshedAt,
-  token,
+  refreshToken,
   getSession,
   signUp,
   signIn,
   signOut,
-  refresh,
-  refreshToken
+  refresh
 } = useAuth()
 ```
 
@@ -86,7 +73,7 @@ const { data } = useAuth()
 </template>
 ```
 
-### `token`
+### `token` <Badge type="warning">local only</Badge>
 
 The fetched token that can be used to authenticate further requests. This could be e.g. a JWT-Bearer token.
 
@@ -103,15 +90,15 @@ function useAPI() {
 }
 ```
 
-:::warning Local / Refresh Only
-`token` is only avalible for the refresh and local providers!
+:::warning Local Only
+`token` is only avalible for the local provider!
 :::
 
 ### `lastRefreshedAt`
 
 Time at which the session was last refreshed, either `undefined` if no refresh was attempted or a `Date` of the time the refresh happened.
 
-### `getCsrfToken`
+### `getCsrfToken` <Badge type="warning">authjs only</Badge>
 
 Returns the current Cross Site Request Forgery Token (CSRF Token) required to make POST requests (e.g. for signing in and signing out).
 
@@ -121,7 +108,7 @@ You likely only need to use this if you are not using the built-in `signIn()` an
 `getCsrfToken` is only avalible for the authjs provider!
 :::
 
-### `getProviders`
+### `getProviders` <Badge type="warning">authjs only</Badge>
 
 Get a list of all the configured OAuth providers. Useful for creating a [custom login page](/guide/authjs/custom-pages#sign-in-page). Returns an array of `Provider`.
 
@@ -158,7 +145,7 @@ const { getSession } = useAuth()
 </template>
 ```
 
-### `signUp`
+### `signUp` <Badge type="warning">local only</Badge>
 
 ```ts
 // `credentials` are the credentials your sign-up endpoint expects,
@@ -184,8 +171,8 @@ await signUp(credentials, undefined, { preventLoginFlow: true })
 You can also pass the `callbackUrl` option to redirect a user to a certain page, after they completed the action. This can be useful when a user attempts to open a page (`/protected`) but has to go through external authentication (e.g., via their google account) first.
 :::
 
-:::warning Local / Refresh Only
-`signUp` is only avalible for the refresh and local providers!
+:::warning Local Only
+`signUp` is only avalible for the local provider!
 :::
 
 ### `signIn`
@@ -257,12 +244,12 @@ const { signOut } = useAuth()
 You can also pass the `callbackUrl` option to redirect a user to a certain page, after they completed the action. This can be useful when a user attempts to open a page (`/protected`) but has to go through external authentication (e.g., via their google account) first.
 :::
 
-### `refreshToken`
+### `refreshToken` <Badge type="warning">local only</Badge>
 
 The fetched refreshToken that can be used to obtain a new access token . E.g. a refreshToken looks like this: `eyDFSJKLDAJ0-3249PPRFK3P5234SDFL;AFKJlkjdsjd.dsjlajhasdji89034`
 
-:::warning Refresh Only
-`refreshToken` is only avalible for the refresh provider!
+:::warning Local Only
+`refreshToken` is only avalible for the local provider!
 :::
 
 ### `refresh`
@@ -297,43 +284,6 @@ lastRefreshedAt.value
 ```
 
 ```ts [local]
-const {
-  status,
-  loading,
-  data,
-  lastRefreshedAt,
-  token,
-  rawToken,
-  setToken,
-  clearToken
-} = useAuthState()
-
-// Session status, either `unauthenticated`, `loading`, `authenticated`
-status.value
-
-// Whether any http request is still pending
-loading.value
-
-// Session data, either `undefined` (= authentication not attempted), `null` (= user unauthenticated), or session / user data your `getSession`-endpoint returns
-data.value
-
-// Time at which the session was last refreshed, either `undefined` if no refresh was attempted or a `Date` of the time the refresh happened
-lastRefreshedAt.value
-
-// The fetched token that can be used to authenticate future requests. E.g., a JWT-Bearer token like so: `Bearer eyDFSJKLDAJ0-3249PPRFK3P5234SDFL;AFKJlkjdsjd.dsjlajhasdji89034`
-token.value
-
-// Cookie that containes the raw fetched token string. This token won't contain any modification or prefixes like `Bearer` or any other.
-rawToken.value
-
-// Helper method to quickly set a new token (alias for rawToken.value = 'xxx')
-setToken('new token')
-
-// Helper method to quickly delete the token cookie (alias for rawToken.value = null)
-clearToken()
-```
-
-```ts [refresh]
 const {
   status,
   loading,
@@ -362,24 +312,18 @@ lastRefreshedAt.value
 // The fetched token that can be used to authenticate future requests. E.g., a JWT-Bearer token like so: `Bearer eyDFSJKLDAJ0-3249PPRFK3P5234SDFL;AFKJlkjdsjd.dsjlajhasdji89034`
 token.value
 
-// The fetched refreshToken that can be used to refresh the Token with  refresh() methode.
-refreshToken.value
-
 // Cookie that containes the raw fetched token string. This token won't contain any modification or prefixes like `Bearer` or any other.
 rawToken.value
 
-// Cookie that containes the raw fetched refreshToken string.
-rawRefreshToken.value
-
 // Helper method to quickly set a new token (alias for rawToken.value = 'xxx')
 setToken('new token')
 
-// Helper method to quickly delete the token and refresh Token cookie (alias for rawToken.value = null and rawRefreshToken.value = null)
+// Helper method to quickly delete the token cookie (alias for rawToken.value = null)
 clearToken()
 ```
 :::
 
-:::warning Local and refresh providers:
+:::warning Local provider:
 Note that you will have to manually call getSession from useAuth composable in order to refresh the new user state when using setToken, clearToken or manually updating rawToken.value:
 :::