From aa7389e0c5e6322cc8c62210a984c13917be1277 Mon Sep 17 00:00:00 2001
From: Shaine Gordon <sgordon@realmdigital.co.za>
Date: Tue, 25 Jul 2023 13:07:09 +0200
Subject: [PATCH 1/3] feat: added cookie provider

---
 playground-cookie/app.vue                     |  45 ++++++
 playground-cookie/nuxt.config.ts              |  31 ++++
 playground-cookie/package.json                |  24 +++
 .../pages/always-unprotected.vue              |  11 ++
 playground-cookie/pages/guest.vue             |  16 ++
 playground-cookie/pages/index.vue             |  31 ++++
 playground-cookie/pages/login.vue             |  33 +++++
 .../pages/protected/globally.vue              |   3 +
 playground-cookie/pages/protected/locally.vue |  12 ++
 playground-cookie/pages/signout.vue           |  11 ++
 playground-cookie/public/favicon.ico          | Bin 0 -> 4286 bytes
 .../server/api/auth/login.post.ts             |  26 ++++
 .../server/api/auth/logout.post.ts            |   4 +
 playground-cookie/server/api/auth/user.get.ts |  22 +++
 playground-cookie/tsconfig.json               |   4 +
 pnpm-lock.yaml                                |  38 ++++-
 src/module.ts                                 |  17 +++
 src/runtime/composables/cookie/useAuth.ts     | 137 ++++++++++++++++++
 .../composables/cookie/useAuthState.ts        |  10 ++
 src/runtime/helpers.ts                        |   2 +-
 src/runtime/types.ts                          |  79 +++++++++-
 21 files changed, 549 insertions(+), 7 deletions(-)
 create mode 100644 playground-cookie/app.vue
 create mode 100644 playground-cookie/nuxt.config.ts
 create mode 100644 playground-cookie/package.json
 create mode 100644 playground-cookie/pages/always-unprotected.vue
 create mode 100644 playground-cookie/pages/guest.vue
 create mode 100644 playground-cookie/pages/index.vue
 create mode 100644 playground-cookie/pages/login.vue
 create mode 100644 playground-cookie/pages/protected/globally.vue
 create mode 100644 playground-cookie/pages/protected/locally.vue
 create mode 100644 playground-cookie/pages/signout.vue
 create mode 100644 playground-cookie/public/favicon.ico
 create mode 100644 playground-cookie/server/api/auth/login.post.ts
 create mode 100644 playground-cookie/server/api/auth/logout.post.ts
 create mode 100644 playground-cookie/server/api/auth/user.get.ts
 create mode 100644 playground-cookie/tsconfig.json
 create mode 100644 src/runtime/composables/cookie/useAuth.ts
 create mode 100644 src/runtime/composables/cookie/useAuthState.ts

diff --git a/playground-cookie/app.vue b/playground-cookie/app.vue
new file mode 100644
index 00000000..a647fbc0
--- /dev/null
+++ b/playground-cookie/app.vue
@@ -0,0 +1,45 @@
+<script lang="ts" setup>
+import { ref } from 'vue'
+import { useAuth } from '#imports'
+
+const { signIn, data, status, lastRefreshedAt, signOut, getSession } = useAuth()
+
+const username = ref('')
+const password = ref('')
+</script>
+
+<template>
+  <div>
+    <pre>Status: {{ status }}</pre>
+    <pre>Data: {{ data || 'no session data present, are you logged in?' }}</pre>
+    <pre>Last refreshed at: {{ lastRefreshedAt || 'no refresh happened' }}</pre>
+    <form @submit.prevent="signIn({ username, password })">
+      <input v-model="username" type="text" placeholder="Username">
+      <input v-model="password" type="password" placeholder="Password">
+      <button type="submit">
+        sign in
+      </button>
+    </form>
+    <br>
+    <button @click="signIn({ username, password }, { callbackUrl: '/protected/globally' })">
+      sign in (with redirect to protected page)
+    </button>
+    <br>
+    <button @click="signOut({ callbackUrl: '/signout' })">
+      sign out
+    </button>
+    <br>
+    <button @click="getSession({ required: false })">
+      refresh session (required: false)
+    </button>
+    <br>
+    <button @click="getSession({ required: true, callbackUrl: '/' })">
+      refresh session (required: true)
+    </button>
+    <br>
+    <NuxtLink to="/login">
+      navigate to Login Page
+    </NuxtLink>
+    <NuxtPage />
+  </div>
+</template>
diff --git a/playground-cookie/nuxt.config.ts b/playground-cookie/nuxt.config.ts
new file mode 100644
index 00000000..5c870f16
--- /dev/null
+++ b/playground-cookie/nuxt.config.ts
@@ -0,0 +1,31 @@
+export default defineNuxtConfig({
+  modules: ['../src/module.ts'],
+  build: {
+    transpile: ['jsonwebtoken']
+  },
+  auth: {
+    provider: {
+      type: 'cookie',
+      cookie: {
+        name: 'ApplicationAuth'
+      },
+      endpoints: {
+        getSession: { path: '/user' }
+      },
+      pages: {
+        login: '/'
+      },
+      sessionDataType: { id: 'string', email: 'string', name: 'string', role: 'admin | guest | account', subscriptions: "{ id: number, status: 'ACTIVE' | 'INACTIVE' }[]" }
+    },
+    session: {
+      // Whether to refresh the session every time the browser window is refocused.
+      enableRefreshOnWindowFocus: true,
+
+      // Whether to refresh the session every `X` milliseconds. Set this to `false` to turn it off. The session will only be refreshed if a session already exists.
+      enableRefreshPeriodically: 5000
+    },
+    globalAppMiddleware: {
+      isEnabled: true
+    }
+  }
+})
diff --git a/playground-cookie/package.json b/playground-cookie/package.json
new file mode 100644
index 00000000..c40c6f56
--- /dev/null
+++ b/playground-cookie/package.json
@@ -0,0 +1,24 @@
+{
+  "private": true,
+  "name": "nuxt-auth-playground-cookie",
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint . --max-warnings=0",
+    "dev": "nuxi prepare && nuxi dev",
+    "build": "nuxi build",
+    "start": "nuxi preview",
+    "generate": "nuxi generate",
+    "postinstall": "nuxt prepare"
+  },
+  "dependencies": {
+    "jsonwebtoken": "^9.0.0",
+    "zod": "^3.21.4"
+  },
+  "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.1",
+    "eslint": "^8.37.0",
+    "nuxt": "^3.4.2",
+    "typescript": "^5.0.3",
+    "vue-tsc": "^1.2.0"
+  }
+}
diff --git a/playground-cookie/pages/always-unprotected.vue b/playground-cookie/pages/always-unprotected.vue
new file mode 100644
index 00000000..fbda39ff
--- /dev/null
+++ b/playground-cookie/pages/always-unprotected.vue
@@ -0,0 +1,11 @@
+<template>
+  <div>I'm always public, even when the global auth middleware is enabled!</div>
+</template>
+
+<script setup lang="ts">
+import { definePageMeta } from '#imports'
+
+definePageMeta({
+  auth: false
+})
+</script>
diff --git a/playground-cookie/pages/guest.vue b/playground-cookie/pages/guest.vue
new file mode 100644
index 00000000..38b5d659
--- /dev/null
+++ b/playground-cookie/pages/guest.vue
@@ -0,0 +1,16 @@
+<script setup lang="ts">
+import { definePageMeta } from '#imports'
+
+definePageMeta({
+  auth: {
+    unauthenticatedOnly: true,
+    navigateAuthenticatedTo: '/protected/globally'
+  }
+})
+</script>
+
+<template>
+  <div>
+    <p>Hey!</p>
+  </div>
+</template>
diff --git a/playground-cookie/pages/index.vue b/playground-cookie/pages/index.vue
new file mode 100644
index 00000000..9d414476
--- /dev/null
+++ b/playground-cookie/pages/index.vue
@@ -0,0 +1,31 @@
+<script setup lang="ts">
+import { definePageMeta } from '#imports'
+
+definePageMeta({ auth: false })
+</script>
+
+<template>
+  <div>
+    <nuxt-link to="/">
+      -> manual login, logout, refresh button
+    </nuxt-link>
+    <br>
+    <nuxt-link to="/protected/globally">
+      -> globally protected page
+    </nuxt-link>
+    <br>
+    <nuxt-link to="/protected/locally">
+      -> locally protected page (only works if global middleware disabled)
+    </nuxt-link>
+    <br>
+    <nuxt-link to="/always-unprotected">
+      -> page that is always unprotected
+    </nuxt-link>
+    <br>
+    <nuxt-link to="/guest">
+      -> guest mode
+    </nuxt-link>
+    <br>
+    <div>select one of the above actions to get started.</div>
+  </div>
+</template>
diff --git a/playground-cookie/pages/login.vue b/playground-cookie/pages/login.vue
new file mode 100644
index 00000000..a9786e3b
--- /dev/null
+++ b/playground-cookie/pages/login.vue
@@ -0,0 +1,33 @@
+<script lang="ts" setup>
+import { ref } from 'vue'
+import { definePageMeta, useAuth } from '#imports'
+
+const { signIn, token, data, status, lastRefreshedAt } = useAuth()
+
+const username = ref('')
+const password = ref('')
+
+definePageMeta({
+  auth: {
+    unauthenticatedOnly: true,
+    navigateAuthenticatedTo: '/'
+  }
+})
+</script>
+
+<template>
+  <div>
+    <h1>Login Page</h1>
+    <pre>Status: {{ status }}</pre>
+    <pre>Data: {{ data || 'no session data present, are you logged in?' }}</pre>
+    <pre>Last refreshed at: {{ lastRefreshedAt || 'no refresh happened' }}</pre>
+    <pre>JWT token: {{ token || 'no token present, are you logged in?' }}</pre>
+    <form @submit.prevent="signIn({ username, password })">
+      <input v-model="username" type="text" placeholder="Username">
+      <input v-model="password" type="password" placeholder="Password">
+      <button type="submit">
+        sign in
+      </button>
+    </form>
+  </div>
+</template>
diff --git a/playground-cookie/pages/protected/globally.vue b/playground-cookie/pages/protected/globally.vue
new file mode 100644
index 00000000..ed51ab4a
--- /dev/null
+++ b/playground-cookie/pages/protected/globally.vue
@@ -0,0 +1,3 @@
+<template>
+  <div>I'm a secret! My protection works via a global middleware. If you turned off the global middleware, then I'll also be visible without authentication :(</div>
+</template>
diff --git a/playground-cookie/pages/protected/locally.vue b/playground-cookie/pages/protected/locally.vue
new file mode 100644
index 00000000..08f70345
--- /dev/null
+++ b/playground-cookie/pages/protected/locally.vue
@@ -0,0 +1,12 @@
+<template>
+  <div>I'm a secret! My protection works via the named `nuxt-auth` module middleware.</div>
+</template>
+
+<script setup lang="ts">
+import { definePageMeta } from '#imports'
+
+// Note: This is only for testing, it does not make sense to do this with `globalAppMiddleware` turned on
+definePageMeta({
+  middleware: 'auth'
+})
+</script>
diff --git a/playground-cookie/pages/signout.vue b/playground-cookie/pages/signout.vue
new file mode 100644
index 00000000..d8c053fd
--- /dev/null
+++ b/playground-cookie/pages/signout.vue
@@ -0,0 +1,11 @@
+<template>
+  <div>
+    You just signed out!
+  </div>
+</template>
+
+<script setup lang="ts">
+import { definePageMeta } from '#imports'
+
+definePageMeta({ auth: false })
+</script>
diff --git a/playground-cookie/public/favicon.ico b/playground-cookie/public/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..18993ad91cfd43e03b074dd0b5cc3f37ab38e49c
GIT binary patch
literal 4286
zcmeHLOKuuL5PjK%MHWVi6lD<!mRb4$mdFuu1m7S&L72}0%nh7nb{xS*IY7K-1~WG>
zOGiR<sv2rs-P1h`ut*jRDypfj@9U}_3E&NVhC}c-e)fS606r6u2w#X;ZXeov|87fL
z!TI})z`sQxSz?%$m}Cpw?WF=YNnu;Mk#t%h*=w(2a7>EbCw`xmFozJ^aNatJY>w+g
ze6a2@u~m#^BZm@8wco9#Crlli0uLb^3E$t2-WIc^#(?t)*@`UpuofJ(Uyh@F>b3Ph
z$D^m8Xq~pTkGJ4Q`Q2)te3mgkWYZ^Ijq|hkiP^9`De={bQQ%heZC$QU2UpP(-tbl8
zPWD2abEew;oat@w`uP3J^YpsgT%~jT(Dk%oU}sa$7|n6hBjDj`+I;RX(>)%<Y^V1u
zxpEJLVzZ2NFGX+1TXChn89VxczG?Ja<o=SJ8n{y5$ezyw`8sz3-<3{&C8oX)|94kh
z+0M_EV^O^m@tH21JEPN_ux%Gy1GUw?U~8Zr)3xvGXUSPO+3I<5aAh6uT<iYgm~_ug
ziEA0#JM$)SV%(oc@>lm_7N{+B7Mu%H?422lE%MBJH!!YTN2oT7xr>>N-8OF$C&qU^
z>vLsa{$0X%q1fjOe3P1mCv#lN{xQ4_*HCSAZjTb1`}mlc+9rl8$B3OP%VT@mch_~G
z7Y+4b{r>9e=M+7vSI;BgB?ryZDY4m>&w<W+!o=%S{hjU42>cHSn81VH1N~`0gvwH{
z8dv#hG|OK`>1;j7tM#B)Z7zDN?{6=dUal}$e<J#b(FPcAa6L9y8G}E@q!eIA^eYgE
GM1KL3x?{8e

literal 0
HcmV?d00001

diff --git a/playground-cookie/server/api/auth/login.post.ts b/playground-cookie/server/api/auth/login.post.ts
new file mode 100644
index 00000000..40b38db0
--- /dev/null
+++ b/playground-cookie/server/api/auth/login.post.ts
@@ -0,0 +1,26 @@
+import z from 'zod'
+import { sign } from 'jsonwebtoken'
+
+export const SECRET = 'dummy'
+
+export default eventHandler(async (event) => {
+  const result = z.object({ username: z.string().min(1), password: z.literal('1') }).safeParse(await readBody(event))
+  if (!result.success) {
+    throw createError({ statusCode: 403, statusMessage: 'Unauthorized, hint: try `hunter2` as password' })
+  }
+
+  const expiresIn = 1500
+  const { username } = result.data
+  const user = {
+    username,
+    picture: 'https://github.com/nuxt.png',
+    name: 'User ' + username
+  }
+
+  const cookieValue = sign({ ...user, scope: ['test', 'user'] }, SECRET, { expiresIn }) // We just use `sign` here to create a payload. The cookie provider does not actually use JWTs. Any user info must come from GetSession
+
+  setCookie(event, 'ApplicationAuth', cookieValue, { httpOnly: true, sameSite: 'lax', secure: true })
+
+  setResponseStatus(event, 200)
+  return null
+})
diff --git a/playground-cookie/server/api/auth/logout.post.ts b/playground-cookie/server/api/auth/logout.post.ts
new file mode 100644
index 00000000..48707645
--- /dev/null
+++ b/playground-cookie/server/api/auth/logout.post.ts
@@ -0,0 +1,4 @@
+export default eventHandler((event) => {
+  deleteCookie(event, 'ApplicationAuth')
+  return { status: 'OK' }
+})
diff --git a/playground-cookie/server/api/auth/user.get.ts b/playground-cookie/server/api/auth/user.get.ts
new file mode 100644
index 00000000..37777bd3
--- /dev/null
+++ b/playground-cookie/server/api/auth/user.get.ts
@@ -0,0 +1,22 @@
+import {H3Event} from 'h3'
+import {verify} from 'jsonwebtoken'
+import {SECRET} from '~/server/api/auth/login.post'
+
+const ensureAuth = (event: H3Event) => {
+  const cookieValue = getCookie(event, 'ApplicationAuth')
+
+  if (typeof cookieValue === 'undefined') {
+    throw createError({ statusCode: 403, statusMessage: 'no cookie found' })
+  }
+
+  try {
+    return verify(cookieValue, SECRET) // This is just a sample page. The cookie provider does not actually use JWTs.
+  } catch (error) {
+    console.error('Login failed. Here\'s the raw error:', error)
+    throw createError({ statusCode: 403, statusMessage: 'You must be logged in to use this endpoint' })
+  }
+}
+
+export default eventHandler((event) => {
+  return ensureAuth(event)
+})
diff --git a/playground-cookie/tsconfig.json b/playground-cookie/tsconfig.json
new file mode 100644
index 00000000..1dc1eb73
--- /dev/null
+++ b/playground-cookie/tsconfig.json
@@ -0,0 +1,4 @@
+{
+  "extends": "./.nuxt/tsconfig.json",
+  "exclude": ["../docs"]
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 3a3e1ab7..572f86e3 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -1,5 +1,9 @@
 lockfileVersion: '6.0'
 
+settings:
+  autoInstallPeers: true
+  excludeLinksFromLockfile: false
+
 importers:
 
   .:
@@ -78,6 +82,31 @@ importers:
         specifier: ^1.2.0
         version: 1.2.0(typescript@5.0.4)
 
+  playground-cookie:
+    dependencies:
+      jsonwebtoken:
+        specifier: ^9.0.0
+        version: 9.0.0
+      zod:
+        specifier: ^3.21.4
+        version: 3.21.4
+    devDependencies:
+      '@types/jsonwebtoken':
+        specifier: ^9.0.1
+        version: 9.0.1
+      eslint:
+        specifier: ^8.37.0
+        version: 8.38.0
+      nuxt:
+        specifier: ^3.4.2
+        version: 3.4.2(@types/node@18.15.11)(eslint@8.38.0)(rollup@3.20.2)(typescript@5.0.4)(vue-tsc@1.2.0)
+      typescript:
+        specifier: ^5.0.3
+        version: 5.0.4
+      vue-tsc:
+        specifier: ^1.2.0
+        version: 1.2.0(typescript@5.0.4)
+
   playground-local:
     dependencies:
       jsonwebtoken:
@@ -1516,7 +1545,7 @@ packages:
       debug: 4.3.4
       globby: 11.1.0
       is-glob: 4.0.3
-      semver: 7.4.0
+      semver: 7.5.0
       tsutils: 3.21.0(typescript@5.0.4)
       typescript: 5.0.4
     transitivePeerDependencies:
@@ -1537,7 +1566,7 @@ packages:
       '@typescript-eslint/typescript-estree': 5.58.0(typescript@5.0.4)
       eslint: 8.38.0
       eslint-scope: 5.1.1
-      semver: 7.4.0
+      semver: 7.5.0
     transitivePeerDependencies:
       - supports-color
       - typescript
@@ -4077,7 +4106,7 @@ packages:
       jws: 3.2.2
       lodash: 4.17.21
       ms: 2.1.3
-      semver: 7.4.0
+      semver: 7.5.0
     dev: false
 
   /jwa@1.4.1:
@@ -5717,6 +5746,7 @@ packages:
     hasBin: true
     dependencies:
       lru-cache: 6.0.0
+    dev: true
 
   /semver@7.5.0:
     resolution: {integrity: sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==}
@@ -6611,7 +6641,7 @@ packages:
       espree: 9.5.1
       esquery: 1.5.0
       lodash: 4.17.21
-      semver: 7.4.0
+      semver: 7.5.0
     transitivePeerDependencies:
       - supports-color
     dev: true
diff --git a/src/module.ts b/src/module.ts
index 2b5e7b97..d8d17a2b 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -39,6 +39,23 @@ const defaultsByBackend: { [key in SupportedAuthProviders]: DeepRequired<Extract
     },
     sessionDataType: { id: 'string | number' }
   },
+  cookie: {
+    type: 'cookie',
+    pages: {
+      login: '/login'
+    },
+    endpoints: {
+      signIn: { path: '/login', method: 'post' },
+      signOut: { path: '/logout', method: 'post' },
+      signUp: { path: '/register', method: 'post' },
+      getSession: { path: '/session', method: 'get' },
+      csrf: { path: '/session', method: 'get' }
+    },
+    cookie: {
+      name: ''
+    },
+    sessionDataType: { id: 'string | number' }
+  },
   authjs: {
     type: 'authjs',
     trustHost: false,
diff --git a/src/runtime/composables/cookie/useAuth.ts b/src/runtime/composables/cookie/useAuth.ts
new file mode 100644
index 00000000..c0485092
--- /dev/null
+++ b/src/runtime/composables/cookie/useAuth.ts
@@ -0,0 +1,137 @@
+import { readonly } from 'vue'
+import { callWithNuxt, useCookie } from '#app'
+import { CommonUseAuthReturn, SignOutFunc, SignInFunc, GetSessionFunc, SecondarySignInOptions } from '../../types'
+import { _fetch } from '../../utils/fetch'
+import { useTypedBackendConfig } from '../../helpers'
+import { getRequestURLWN } from '../../utils/callWithNuxt'
+import { useAuthState } from './useAuthState'
+// @ts-expect-error - #auth not defined
+import type { SessionData } from '#auth'
+import { useNuxtApp, useRuntimeConfig, nextTick, navigateTo } from '#imports'
+
+type Credentials = { username?: string, email?: string, password?: string } & Record<string, any>
+
+const isExternalUrl = (url: string) => {
+  return !!(url && url.startsWith('http'))
+}
+
+const signIn: SignInFunc<Credentials, any> = async (credentials, signInOptions, signInParams) => {
+  const nuxt = useNuxtApp()
+
+  const config = useTypedBackendConfig(useRuntimeConfig(), 'cookie')
+  const { path, method } = config.endpoints.signIn
+  await _fetch<Record<string, any>>(nuxt, path, {
+    method,
+    body: {
+      ...credentials,
+      ...(signInOptions ?? {})
+    },
+    params: signInParams ?? {}
+  })
+
+  await nextTick(getSession)
+
+  const { callbackUrl, redirect = true } = signInOptions ?? {}
+  if (redirect) {
+    const urlToNavigateTo = callbackUrl ?? await getRequestURLWN(nuxt)
+    return navigateTo(urlToNavigateTo, { external: isExternalUrl(urlToNavigateTo) })
+  }
+}
+
+const signOut: SignOutFunc = async (signOutOptions) => {
+  const nuxt = useNuxtApp()
+  const runtimeConfig = await callWithNuxt(nuxt, useRuntimeConfig)
+  const config = useTypedBackendConfig(runtimeConfig, 'cookie')
+  const { data } = await callWithNuxt(nuxt, useAuthState)
+
+  data.value = null
+
+  const { path, method } = config.endpoints.signOut
+
+  const res = await _fetch(nuxt, path, { method })
+
+  const { callbackUrl, redirect = true } = signOutOptions ?? {}
+  if (redirect) {
+    const urlToNavigateTo = callbackUrl ?? await getRequestURLWN(nuxt)
+    await navigateTo(urlToNavigateTo, { external: isExternalUrl(urlToNavigateTo) })
+  }
+
+  return res
+}
+
+const getSession: GetSessionFunc<SessionData | null | void> = async (getSessionOptions) => {
+  const nuxt = useNuxtApp()
+
+  const config = useTypedBackendConfig(useRuntimeConfig(), 'cookie')
+  const { path, method } = config.endpoints.getSession
+  const { data, loading, lastRefreshedAt } = useAuthState()
+
+  const cookie = useCookie(config.cookie.name)
+
+  loading.value = true
+  try {
+    let headers = { }
+    if (cookie.value) {
+      headers = { credentials: 'include', Cookie: `${config.cookie.name}=${cookie.value}` }
+    }
+    data.value = await _fetch<SessionData>(nuxt, path, { method, headers })
+  } catch (e) {
+    // Clear all data: Request failed so we must not be authenticated
+    data.value = null
+  }
+  loading.value = false
+  lastRefreshedAt.value = new Date()
+
+  const { required = false, callbackUrl, onUnauthenticated } = getSessionOptions ?? {}
+  if (required && data.value === null) {
+    if (onUnauthenticated) {
+      return onUnauthenticated()
+    } else {
+      const urlToNavigateTo = callbackUrl ?? await getRequestURLWN(nuxt)
+      await navigateTo(urlToNavigateTo, { external: isExternalUrl(urlToNavigateTo) })
+    }
+  }
+
+  return data.value
+}
+
+const signUp = async (credentials: Credentials, signInOptions?: SecondarySignInOptions) => {
+  const nuxt = useNuxtApp()
+
+  const { path, method } = useTypedBackendConfig(useRuntimeConfig(), 'cookie').endpoints.signUp
+  await _fetch(nuxt, path, {
+    method,
+    body: credentials
+  })
+
+  return signIn(credentials, signInOptions)
+}
+
+interface UseAuthReturn extends CommonUseAuthReturn<typeof signIn, typeof signOut, typeof getSession, SessionData> {
+  signUp: typeof signUp
+}
+export const useAuth = (): UseAuthReturn => {
+  const {
+    data,
+    status,
+    lastRefreshedAt,
+  } = useAuthState()
+
+  const getters = {
+    status,
+    data: readonly(data),
+    lastRefreshedAt: readonly(lastRefreshedAt),
+  }
+
+  const actions = {
+    getSession,
+    signIn,
+    signOut,
+    signUp
+  }
+
+  return {
+    ...getters,
+    ...actions
+  }
+}
diff --git a/src/runtime/composables/cookie/useAuthState.ts b/src/runtime/composables/cookie/useAuthState.ts
new file mode 100644
index 00000000..e987cfbe
--- /dev/null
+++ b/src/runtime/composables/cookie/useAuthState.ts
@@ -0,0 +1,10 @@
+import type { Session } from 'next-auth'
+import { CommonUseAuthStateReturn } from '../../types'
+import { makeCommonAuthState } from '../commonAuthState'
+
+export type SessionData = Session
+
+interface UseAuthStateReturn extends CommonUseAuthStateReturn<SessionData> {}
+
+export const useAuthState = (): UseAuthStateReturn => makeCommonAuthState<SessionData>()
+export default useAuthState
diff --git a/src/runtime/helpers.ts b/src/runtime/helpers.ts
index 03bf1457..651c6e8b 100644
--- a/src/runtime/helpers.ts
+++ b/src/runtime/helpers.ts
@@ -25,7 +25,7 @@ export const getOriginAndPathnameFromURL = (url: string) => {
  * Get the backend configuration from the runtime config in a typed manner.
  *
  * @param runtimeConfig The runtime config of the application
- * @param type Backend type to be enforced (e.g.: `local` or `authjs`)
+ * @param type Backend type to be enforced (e.g.: `local` or `authjs` or `cookie`)
  */
 export const useTypedBackendConfig = <T extends SupportedAuthProviders>(runtimeConfig: ReturnType<typeof useRuntimeConfig>, type: T): Extract<DeepRequired<AuthProviders>, { type: T }> => {
   if (runtimeConfig.public.auth.provider.type === type) {
diff --git a/src/runtime/types.ts b/src/runtime/types.ts
index 4d17dfa6..f07c66d7 100644
--- a/src/runtime/types.ts
+++ b/src/runtime/types.ts
@@ -47,7 +47,7 @@ export type SessionDataObject = {
 /**
  * Available `nuxt-auth` authentication providers.
  */
-export type SupportedAuthProviders = 'authjs' | 'local'
+export type SupportedAuthProviders = 'authjs' | 'local' | 'cookie'
 
 /**
  * Configuration for the `local`-provider.
@@ -57,6 +57,7 @@ type ProviderLocal = {
    * Uses the `local` provider to facilitate autnetication. Currently, two providers exclusive are supported:
    * - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
    * - `local`: Username and password provider with support for static-applications
+   * - `cookie`: Cookie-based authentication for static applications
    *
    * Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
    */
@@ -153,6 +154,78 @@ type ProviderLocal = {
   sessionDataType?: SessionDataObject,
 }
 
+/**
+ * Configuration for the `cookie`-provider.
+ */
+type ProviderCookie = {
+  /**
+   * Uses the `cookie` provider to facilitate authentication. Currently, two providers exclusive are supported:
+   * - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
+   * - `local`: Username and password provider with support for static-applications
+   * - `cookie`: Cookie-based authentication for static applications
+   *
+   * Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
+   */
+  type: Extract<SupportedAuthProviders, 'cookie'>
+  /**
+   * Endpoints to use for the different methods. `nuxt-auth` will use this and the root-level `baseURL` to create the final request. E.g.:
+   * - `baseURL=/api/auth`, `path=/login` will result in a request to `/api/auth/login`
+   * - `baseURL=http://localhost:5000/_authenticate`, `path=/sign-in` will result in a request to `http://localhost:5000/_authenticate/sign-in`
+   */
+  cookie: {
+    name: string
+  },
+  endpoints?: {
+    /**
+     * What method and path to call to perform the sign-in. This endpoint must return a token that can be used to authenticate subsequent requests.
+     *
+     * @default { path: '/login', method: 'post' }
+     */
+    signIn?: { path?: string, method?: RouterMethod },
+    /**
+     * What method and path to call to perform the sign-out.
+     *
+     * @default { path: '/logout', method: 'post' }
+     */
+    signOut?: { path?: string, method?: RouterMethod },
+    /**
+     * What method and path to call to perform the sign-up.
+     *
+     * @default { path: '/register', method: 'post' }
+     */
+    signUp?: { path?: string, method?: RouterMethod },
+    /**
+     * What method and path to call to fetch user / session data from. `nuxt-auth` will send the token received upon sign-in as a header along this request to authenticate.
+     *
+     * Refer to the `token` configuration to configure how `nuxt-auth` uses the token in this request. By default it will be send as a bearer-authentication header like so: `Authentication: Bearer eyNDSNJDASNMDSA....`
+     *
+     * @default { path: '/session', method: 'get' }
+     * @example { path: '/user', method: 'get' }
+     */
+    getSession?: { path?: string, method?: RouterMethod },
+    csrf?: { path?: string, method?: RouterMethod },
+  },
+  /**
+   * Pages that `nuxt-auth` needs to know the location off for redirects.
+   */
+  pages?: {
+    /**
+     * Path of the login-page that the user should be redirected to, when they try to access a protected page without being logged in.
+     *
+     * @default '/login'
+     */
+    login?: string
+  },
+  /**
+   * Define an interface for the session data object that `nuxt-auth` expects to receive from the `getSession` endpoint.
+   *
+   * @default { id: 'string | number' }
+   * @example { id: 'string', name: 'string', email: 'string' }
+   * @advanced_array_example { id: 'string', email: 'string', name: 'string', role: 'admin | guest | account', subscriptions: "{ id: number, status: 'ACTIVE' | 'INACTIVE' }[]" }
+   */
+  sessionDataType?: SessionDataObject,
+}
+
 /**
  * Configuration for the `authjs`-provider.
  */
@@ -161,6 +234,7 @@ export type ProviderAuthjs = {
    * Uses the `authjs` provider to facilitate autnetication. Currently, two providers exclusive are supported:
    * - `authjs`: `next-auth` / `auth.js` based OAuth, Magic URL, Credential provider for non-static applications
    * - `local`: Username and password provider with support for static-applications
+   * - `cookie`: Cookie-based authentication for static applications
    *
    * Read more here: https://sidebase.io/nuxt-auth/v0.6/getting-started
    */
@@ -188,7 +262,7 @@ export type ProviderAuthjs = {
   addDefaultCallbackUrl?: boolean | string
 }
 
-export type AuthProviders = ProviderAuthjs | ProviderLocal
+export type AuthProviders = ProviderAuthjs | ProviderLocal | ProviderCookie
 
 /**
  * Configuration for the application-side session.
@@ -227,6 +301,7 @@ export interface ModuleOptions {
    * Full url at which the app will run combined with the path to authentication. You can set this differently depending on your selected authentication-provider:
    * - `authjs`: You must set the full URL, with origin and path in production. You can leave this empty in development
    * - `local`: You can set a full URL, but can also leave this empty to fallback to the default value of `/api/auth` or set only the path.
+   * - `cookie`: You can set a full URL, but can also leave this empty to fallback to the default value of `/api/auth` or set only the path.
    *
    * ### `authjs`
    *

From ca6a49c2d1431e8dc8af399270473d2f6ce556ab Mon Sep 17 00:00:00 2001
From: Shaine Gordon <sgordon@realmdigital.co.za>
Date: Tue, 15 Aug 2023 09:46:37 +0200
Subject: [PATCH 2/3] chore: fixed linting violations

---
 playground-cookie/server/api/auth/user.get.ts | 6 +++---
 src/runtime/composables/cookie/useAuth.ts     | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/playground-cookie/server/api/auth/user.get.ts b/playground-cookie/server/api/auth/user.get.ts
index 37777bd3..db35f1e2 100644
--- a/playground-cookie/server/api/auth/user.get.ts
+++ b/playground-cookie/server/api/auth/user.get.ts
@@ -1,6 +1,6 @@
-import {H3Event} from 'h3'
-import {verify} from 'jsonwebtoken'
-import {SECRET} from '~/server/api/auth/login.post'
+import { H3Event } from 'h3'
+import { verify } from 'jsonwebtoken'
+import { SECRET } from '~/server/api/auth/login.post'
 
 const ensureAuth = (event: H3Event) => {
   const cookieValue = getCookie(event, 'ApplicationAuth')
diff --git a/src/runtime/composables/cookie/useAuth.ts b/src/runtime/composables/cookie/useAuth.ts
index c0485092..ddfb8f06 100644
--- a/src/runtime/composables/cookie/useAuth.ts
+++ b/src/runtime/composables/cookie/useAuth.ts
@@ -114,13 +114,13 @@ export const useAuth = (): UseAuthReturn => {
   const {
     data,
     status,
-    lastRefreshedAt,
+    lastRefreshedAt
   } = useAuthState()
 
   const getters = {
     status,
     data: readonly(data),
-    lastRefreshedAt: readonly(lastRefreshedAt),
+    lastRefreshedAt: readonly(lastRefreshedAt)
   }
 
   const actions = {

From 5f09f5cf1f25e433c198a6960a8f7cf400ecec11 Mon Sep 17 00:00:00 2001
From: Shaine Gordon <sgordon@realmdigital.co.za>
Date: Tue, 15 Aug 2023 09:48:34 +0200
Subject: [PATCH 3/3] ci: added test-playground-cookie Github Action job

---
 .github/workflows/ci.yaml | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ab2ac7c2..3c6b3d01 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -67,8 +67,6 @@ jobs:
       # start prod-app and curl from it
       - run: "timeout 60 pnpm start & (sleep 45 && curl --fail localhost:3000)"
 
-
-
   test-playground-authjs:
     runs-on: ubuntu-latest
     defaults:
@@ -99,3 +97,32 @@ jobs:
         env:
           AUTH_ORIGIN: 'http://localhost:3001'
           PORT: 3001
+
+  test-playground-cookie:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./playground-cookie
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Use Node.js 16.14.2
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16.14.2
+
+      - uses: pnpm/action-setup@v2
+        name: Install pnpm
+        id: pnpm-install
+        with:
+          version: 8
+
+      # Install deps
+      - run: pnpm i
+
+      # Check building
+      - run: pnpm build
+
+      # start prod-app and curl from it
+      - run: "timeout 60 pnpm start & (sleep 45 && curl --fail localhost:3000)"