Very flexible and easily customizable authorization module using jwt token. It has SSR support.
vue-router-auth is used to configure routes.
If you find an error, incorrect behavior please open the corresponding
issue.
Please also rate this repository. 😊
$ npm i vue-simple-auth
import initialize from 'vue-simple-auth';
initialize(options);
import initialize from 'vue-simple-auth';
import Cookies from 'universal-cookie';
export default async function({ router, store, ssrContext }) {
const cookies = ssrContext ? new Cookies(ssrContext.req.headers.cookie) : new Cookies();
const config = {...};
await initialize({ router, store, cookies, config });
};
During initialization, you should already have an http client installed. That is, Vue.prototype.$axios or Vue.prototype.$http should already exist.
In the example above, there are two obscure points: 1. cookies, 2. Asynchronous initialization function.
1. Cookies are necessary for us for SSR. Therefore, we transfer a universal object of interaction with cookies to the module.
It could be another dependency, not necessarily a universal-cookie.
2. During initialization, the module will try to authorize the user if a jwt token is present in cookies.
Therefore, the initialization function is asynchronous.
Where the project should call the initialization function depends on the project itself and this decision remains at your discretion.
The main thing is to pass the required parameters to the initialization function: router, store, cookies, config.
After initialization, we get access to this.$auth from any component.
export default {
data() {
return {
loading: false,
};
},
methods: {
async login() {
this.loading = true;
await this.$auth.login({ email: '[email protected]', password: '123123' });
this.loading = false;
},
},
}
The login method accepts credentials and returns a Promise. This action takes place in two stages:
- A request to receive a jwt token.
- Request for user data $auth.loginByToken, saving user data in the store.
export default {
methods: {
async loginByToken(token) {
await this.$auth.loginByToken(token);
},
},
}
This method makes a request for user data. If the request is successful, it saves the token using the $auth.rememberToken method and saves the user data to the store.
export default {
methods: {
async logout() {
await this.$auth.logout();
},
},
}
Sends a logout request (if specified in config), then using the $auth.localLogout method removes the user from the repository and forgets the token.
export default {
methods: {
localLogout() {
this.$auth.localLogout();
},
},
}
Deletes a token using the $auth.forgetToken method and remove user data from store.
export default {
methods: {
rememberToken(token) {
this.$auth.rememberToken(token);
},
},
}
Saves the token in cookies and adds the header in the HTTP client(axios, vue-resource).
export default {
methods: {
forgetToken() {
this.$auth.forgetToken();
},
},
}
Removes the token from cookies and the header in the http client.
export default {
methods: {
async fetchUser() {
await this.$auth.fetchUser();
},
},
}
Updating user data from the server.
$auth.user - Local user data storage.
$auth.token - Current token.
$auth.loggedIn - Flag indicating whether the user is authorized or not.
default config:
{
httpClient: 'axios',
watchLoggedIn: true,
cookies: {
path: '/'
},
token: {
name: 'Authorization',
type: 'Bearer'
},
vuex: {
namespace: '$auth'
},
redirect: {
routes: {
auth: '/profile',
guest: '/',
},
queryFrom: 'from',
guard: ({ $auth }) => $auth.loggedIn,
},
endpoints: {
authenticate: {
method: 'post',
url: '/auth/login',
property: 'access_token'
},
user: {
method: 'get',
url: '/auth/user'
},
logout: false
},
strategy,
}
When initializing the module, you can specify the following settings:
Type: String|Object. Default: 'axios'.
Сlient with the help of which HTTP requests will be sent.
May be 'axios' or 'http'. If http is specified, vue-resource will be used.
You can also configure your own custom HTTP client and specify an object in this field. This feature may be necessary if you need a specific setting of headers and a reaction to a 401 error. See code for details.
Type: Boolean. Default: true.
If set to true, then with login and logout, a redirect to the routes specified in the settings will automatically occur.
Type: Object. Default: { path: '/' }.
Cookies settings.
Type: Object. Default: { name: 'Authorization', type: 'Bearer' }.
Token save settings.
Type: Object. Default: { namespace: '$auth' }.
Using the namespace field, you can rename the module to vuex.
Type: Object.
This option is designed to redirect the user and close routes.
To better understand it, see this plugin: vue-router-auth
routes - routes config from vue-router-auth.
guard - guard config from vue-router-auth.
queryFrom (default: 'from') - If there is a from key in the quere parameter, then after authorization, redirection will be made to it. Only works with the watchLoggedIn option enabled.
Type: Object.
This option is used to indicate where to send requests and what data to expect in response.
property option can be specified as follows: 'data.foo.user'.
default strategy:
export default {
async authenticate({ config }, httpClient, credentials) {
const method = config.endpoints.authenticate.method.toLowerCase()
const { url, property } = config.endpoints.authenticate
const { data } = await httpClient.instance[method](url, credentials)
return getProperty(data, property)
},
async getUser({ config }, httpClient) {
const method = config.endpoints.user.method.toLowerCase()
const { url, property } = config.endpoints.user
const { data } = await httpClient.instance[method](url)
return getProperty(data, property);
},
async logout({ config }, httpClient) {
const method = config.endpoints.user.method.toLowerCase();
config.endpoints.logout
? await httpClient.instance[method](config.endpoints.logout.url)
: await Promise.resolve();
},
rememberToken({ config, cookies }, httpClient, token) {
const { name, type } = config.token;
const tokenString = type ? `${type} ${token}` : token;
cookies.set(name, tokenString, config.cookies);
httpClient.setHeader(name, tokenString);
},
forgetToken({ config, cookies }, httpClient) {
const { name } = config.token;
cookies.remove(name, config.cookies);
httpClient.removeHeader(name);
},
}
Type: Object.
You can also change or completely replace the module strategy.
{
path: '/account',
component: () => import('layouts/Auth.vue'),
meta: {
auth: {
access: true,
},
},
}
see more vue-router-auth
{
path: '/account',
component: () => import('layouts/Auth.vue'),
meta: {
auth: {
access: true,
redirect: ({ to }) => ({ path: '/login', query: { from: to.path } }),
},
},
}
In the example above, if the user is not authorized and tries to go to the /account route, he will be redirected on /login with the from parameter. And when the user logs in, he redirects to the route specified in query.from in priority. Only works with the watchLoggedIn option enabled.
import initialize from 'vue-simple-auth';
import Cookies from 'universal-cookie';
export default async function({ router, store, ssrContext }) {
const cookies = ssrContext ? new Cookies(ssrContext.req.headers.cookie) : new Cookies();
const config = {
// ...
strategy: {
authenticate({ config }, httpClient, credentials) {
// custom logic.
},
},
};
await initialize({ router, store, cookies, config });
};