Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(#836)!: unification and flexibility with AUTH_ORIGIN #837

Merged
merged 15 commits into from
Aug 8, 2024
Merged
8 changes: 4 additions & 4 deletions docs/guide/advanced/deployment/self-hosted.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ This guide will explain how you can self-host a Nuxt3 application running NuxtAu

When deploying the Auth.JS provider, the application must be informed what URL it is running at. This is to properly determine callback urls when navigating users to external OAuth providers. Depending on your setup, NuxtAuth allows you to set this value at either [**Runtime**](https://nuxt.com/docs/guide/going-further/hooks#app-hooks-runtime) or [**Buildtime**](https://nuxt.com/docs/guide/going-further/hooks#nuxt-hooks-build-time).

- **Runtime:** Set the `AUTH_ORIGIN` environment variable.
- **Runtime:** Set the `NUXT_AUTH_ORIGIN` environment variable.
hywax marked this conversation as resolved.
Show resolved Hide resolved
- **Buildtime:** Set the `baseURL`-config key inside the `nuxt.config.ts`

The origin consists out of:
Expand All @@ -15,17 +15,17 @@ The origin consists out of:
- **host:** e.g., localhost, example.org, google.com
- **port:** empty (implies `:80` for http and `:443` for https), :3000, :8888

An example of the `AUTH_ORIGIN` would be: `https://my-awesome-app.com`
An example of the `NUXT_AUTH_ORIGIN` would be: `https://my-awesome-app.com`

:::info Origin Order
When [attempting to determine the server origin](https://github.com/sidebase/nuxt-auth/blob/main/src/runtime/server/services/utils.ts#L11), NuxtAuth checks the available options in the following order:
- **Prio 1**: Using `AUTH_ORIGIN`
- **Prio 1**: Using `NUXT_AUTH_ORIGIN`
- **Prio 2**: Using `baseURL`-config key from inside the `nuxt.config.ts`
- **Prio 3**: Infer the origin _(Only in development)_
:::

:::tip
We recommend setting the `AUTH_ORIGIN` during runtime and leaving the `baseURL`-config key empty, to avoid using a potentially incorrect ORIGIN.
We recommend setting the `NUXT_AUTH_ORIGIN` during runtime and leaving the `baseURL`-config key empty, to avoid using a potentially incorrect ORIGIN.
:::

In addition to verifying that the origin is correctly set, also ensure that you have a secure [`secret` set in the NuxtAuthHandler](/guide/authjs/nuxt-auth-handler#secret).
Expand Down
8 changes: 8 additions & 0 deletions docs/guide/application-side/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ export default defineNuxtConfig({
auth: {
isEnabled: true,
disableServerSideAuth: false,
originEnvKey: 'AUTH_ORIGIN',
baseURL: 'http://localhost:3000/api/auth',
provider: { /* your provider config */ },
sessionRefresh: {
Expand All @@ -25,6 +26,13 @@ export default defineNuxtConfig({

Whether the module is enabled at all

## `originEnvKey`

- **Type**: `string`
- **Default**: `AUTH_ORIGIN`

The name of the environment variable that holds the origin of the application. This is used to determine the origin of your application in production. Read more [here](/resources/error-reference#auth-no-origin).

## `disableServerSideAuth`

- **Type**: `boolean`
Expand Down
14 changes: 12 additions & 2 deletions docs/resources/error-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,18 @@ export default NuxtAuthHandler({

`AUTH_NO_ORIGIN` will appear as a warning message during development and be thrown as an error that stops the application during production. It is safe to ignore the development warning - it is only meant as a heads-up for your later production-deployment. `AUTH_NO_ORIGIN` occurs when the origin of your application was not set. NuxtAuth tries to find the origin of your application in the following order:

1. Use the `AUTH_ORIGIN` environment variable if it is set,
1. Use the `NUXT_AUTH_ORIGIN` environment variable if it is set
2. Development only: Determine the origin automatically from the incoming HTTP request


The `origin` is important for callbacks that happen to a specific origin for `oauth` flows. Note that in order for (2) to work the `origin` already has to be set at build-time, i.e., when you run `npm run build` or `npm run generate` and it will lead to the `origin` being inside your app-bundle.

```ts
// file: nuxt.config.ts
export default defineNuxtConfig({
runtimeConfig: {
authOrigin: 'https://example.org', // You can either set a default or leave it empty
}

// ... rest of your config
})
```
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
"knitwork": "^1.1.0",
"nitropack": "^2.9.7",
"requrl": "^3.0.2",
"scule": "^1.3.0",
"ufo": "^1.5.4"
},
"peerDependencies": {
Expand Down
129 changes: 119 additions & 10 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions src/module.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import type {
const topLevelDefaults = {
isEnabled: true,
disableServerSideAuth: false,
originEnvKey: 'AUTH_ORIGIN',
sessionRefresh: {
enablePeriodically: false,
enableOnWindowFocus: true,
Expand Down
11 changes: 8 additions & 3 deletions src/runtime/server/services/utils.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { H3Event } from 'h3'
import getURL from 'requrl'
import { joinURL } from 'ufo'
import { camelCase } from 'scule'
import { isProduction } from '../../helpers'
import { ERROR_MESSAGES } from './errors'
import { useRuntimeConfig } from '#imports'
Expand All @@ -9,14 +10,18 @@ import { useRuntimeConfig } from '#imports'
* Get `origin` and fallback to `x-forwarded-host` or `host` headers if not in production.
*/
export const getServerOrigin = (event?: H3Event): string => {
const config = useRuntimeConfig()

// Prio 1: Environment variable
const envOrigin = process.env.AUTH_ORIGIN
const envOriginKey = config.public.auth.originEnvKey!
const envOriginKeyCamelcase = camelCase(envOriginKey, { normalize: true })
const envOrigin = (config[envOriginKeyCamelcase] ?? process.env[envOriginKey]) as string | undefined
if (envOrigin) {
return envOrigin
}

// Prio 2: Runtime configuration
const runtimeConfigOrigin = useRuntimeConfig().public.auth.computed.origin
// Prio 2: Computed origin
const runtimeConfigOrigin = config.public.auth.computed.origin
if (runtimeConfigOrigin) {
return runtimeConfigOrigin
}
Expand Down
9 changes: 9 additions & 0 deletions src/runtime/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,15 @@ export interface ModuleOptions {
* @default false
*/
disableServerSideAuth?: boolean;
/**
* The name of the environment variable that holds the origin of the application. This is used to determine the full URL of the application in production.
* As an example, if you set `NUXT_AUTH_ORIGIN=http://example.org` in your `.env` file, the module will use this to determine the full URL of the application.
*
* Find more about this in the documentation: https://auth.sidebase.io/resources/error-reference#auth-no-origin
*
* @default 'AUTH_ORIGIN'
*/
originEnvKey?: string
/**
* Full url at which the app will run combined with the path to authentication. You can set this differently depending on your selected authentication-provider:
* - `authjs`: You must set the full URL, with origin and path in production. You can leave this empty in development
Expand Down