diff --git a/docs/content/v0.6/3.application-side/4.protecting-pages.md b/docs/content/v0.6/3.application-side/4.protecting-pages.md index c5d28644..dd75c1db 100644 --- a/docs/content/v0.6/3.application-side/4.protecting-pages.md +++ b/docs/content/v0.6/3.application-side/4.protecting-pages.md @@ -11,13 +11,51 @@ Briefly summarized, you can enable global protection (1) in your `nuxt.config.ts export default defineNuxtConfig({ modules: ['@sidebase/nuxt-auth'], auth: { - globalAppMiddleware: true + globalAppMiddleware: true // Boolean or GlobalMiddlewareOptions } }) ``` Now *all pages* will require sign-in. Learn how to add excepted pages [below](/nuxt-auth/v0.6/application-side/protecting-pages#disabling-the-global-middleware-locally) +You can also set an object as the `globalAppMiddleware` in which you can futhur customize the behaviour of the global protection. + +```ts +/** + * Configuration for the global application-side authentication-middleware. + */ +interface GlobalMiddlewareOptions { + /** + * Whether to add a global authentication middleware that protects all pages. + * + * @example true + * @default false + */ + isEnabled: boolean + /** + * Whether to enforce authentication if the target-route does not exist. Per default the middleware redirects + * to Nuxts' default 404 page instead of forcing a sign-in if the target does not exist. This is to avoid a + * user-experience and developer-experience of having to sign-in only to see a 404 page afterwards. + * + * Note: Setting this to `false` this may lead to `vue-router` + node related warnings like: "Error [ERR_HTTP_HEADERS_SENT] ...", + * this may be related to https://github.com/nuxt/framework/issues/9438. + * + * @example false + * @default true + */ + allow404WithoutAuth?: boolean + /** + * Whether to automatically set the callback url to the page the user tried to visit when the middleware stopped them. This is useful to disable this when using the credentials provider, as it does not allow a `callbackUrl`. Setting this + * to a string-value will result in that being used as the callbackUrl path. Note: You also need to set the global `addDefaultCallbackUrl` setting to `false` if you want to fully disable this. + * + * @example false + * @example /i-caught-you-but-now-you-are-signed-in + * @default true + */ + addDefaultCallbackUrl?: boolean | string +} +``` + To enable page-local protection (2), add the following `definePageMeta` directive to a page: ```vue @@ -48,18 +86,47 @@ That's it! Every page of your application will now need authentication for the u ### Middleware Options +In order to use these options, you will still have to define the middleware inside of the [`definePageMeta` macro](https://nuxt.com/docs/api/utils/define-page-meta#definepagemeta) + #### `unauthenticatedOnly` Whether to only allow unauthenticated users to access this page. Authenticated users will be redirected to `/` or the route defined in `navigateAuthenticatedTo` +```vue + +``` + #### `navigateAuthenticatedTo` Where to redirect authenticated users if `unauthenticatedOnly` is set to true +```vue + +``` + #### `navigateUnauthenticatedTo` Where to redirect unauthenticated users if this page is protected +```vue + +``` + ### Disabling the global middleware locally To disable the global middleware on a specific page only, you can use the [`definePageMeta` macro](https://nuxt.com/docs/api/utils/define-page-meta#definepagemeta) to turn `auth` off: