imacat/lucia-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extract reusable auth guard decision logic and test router auth behavior against it

Browse Source 
Co-Authored-By: Codex <codex@openai.com>
This commit is contained in:
依瑪貓
2026-03-08 19:39:10 +08:00
parent 28fd83242c
commit 6e3aaca3b1
3 changed files with 106 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
src/router/authGuard.ts Normal file
View File

@@ -0,0 +1,74 @@
// The Lucia project.
// Copyright 2026-2026 DSP, inc. All rights reserved.
// Authors:
// imacat.yang@dsp.im (imacat), 2026/03/08
/**
* @module router/authGuard Shared auth-guard decision logic for router.beforeEach
* and unit tests.
*/
/** Minimal route shape used by auth guard decision logic. */
export interface GuardRouteTarget {
name?: unknown;
path?: string;
fullPath?: string;
matched?: Array<{ meta?: { requiresAuth?: boolean } }>;
}
/** Dependency contract for evaluating authentication navigation decisions. */
export interface AuthGuardDependencies {
/** Reads a cookie value by name. */
getCookie: (name: string) => string | null;
/** Attempts to refresh session credentials. */
refreshSession: () => Promise<void>;
/** Persists the logged-in marker cookie after successful refresh. */
setLoginMarker: () => void;
/** Encodes return-to path into query-safe payload. */
encodeReturnTo: (returnToPath: string) => string;
}
/**
* Evaluates auth-related navigation decisions.
* @param {GuardRouteTarget} to - Target route object from router guard.
* @param {AuthGuardDependencies} deps - Side-effect dependencies for auth checks.
* @returns {Promise<{name: string}|{path: string, query: {"return-to": string}}|undefined>}
* Redirect target when needed, otherwise undefined.
*/
export async function evaluateAuthNavigation(
to: GuardRouteTarget,
deps: AuthGuardDependencies,
) {
const hasLoginMarker = Boolean(deps.getCookie("isLuciaLoggedIn"));
const hasAccessToken = Boolean(deps.getCookie("luciaToken"));
const hasRefreshToken = Boolean(deps.getCookie("luciaRefreshToken"));
const isAuthenticated = hasLoginMarker && hasAccessToken;
if (to.name === "Login" && isAuthenticated) {
return { name: "Files" };
}
const requiresAuth = (to.matched || []).some(
(routeRecord) => routeRecord.meta?.requiresAuth,
);
if (!requiresAuth || isAuthenticated) {
return undefined;
}
if (hasRefreshToken) {
try {
await deps.refreshSession();
deps.setLoginMarker();
return undefined;
} catch {
// Fall through to login redirect below.
}
}
const returnToPath = to.fullPath || to.path || "/";
return {
path: "/login",
query: {
"return-to": deps.encodeReturnTo(returnToPath),
},
};
}

48
src/router/index.ts
View File

@@ -13,6 +13,7 @@ import { createRouter, createWebHistory } from "vue-router";
import { useLoginStore } from "@/stores/login"; import { useLoginStore } from "@/stores/login";
import { getCookie, setCookie } from "@/utils/cookieUtil"; import { getCookie, setCookie } from "@/utils/cookieUtil";
import { encodeReturnTo } from "@/utils/returnToEncoding"; import { encodeReturnTo } from "@/utils/returnToEncoding";
import { evaluateAuthNavigation } from "@/router/authGuard";
import AuthContainer from "@/views/AuthContainer.vue"; import AuthContainer from "@/views/AuthContainer.vue";
import MainContainer from "@/views/MainContainer.vue"; import MainContainer from "@/views/MainContainer.vue";
import Login from "@/views/Login/LoginPage.vue"; import Login from "@/views/Login/LoginPage.vue";
@@ -174,51 +175,18 @@ const router = createRouter({
routes, routes,
}); });
/**
* Builds a login redirect target with a return-to query.
* @param {string} fullPath - The destination path to return after login.
* @returns {{path: string, query: {"return-to": string}}} The redirect target.
*/
function buildLoginRedirect(fullPath: string) {
return {
path: "/login",
query: {
"return-to": encodeReturnTo(fullPath),
},
};
}
// Global navigation guard // Global navigation guard
router.beforeEach(async (to) => { router.beforeEach(async (to) => {
// to: Route: the target route object being navigated to return evaluateAuthNavigation(to, {
const hasLoginMarker = Boolean(getCookie("isLuciaLoggedIn")); getCookie,
const hasAccessToken = Boolean(getCookie("luciaToken")); refreshSession: async () => {
const hasRefreshToken = Boolean(getCookie("luciaRefreshToken"));
const isAuthenticated = hasLoginMarker && hasAccessToken;
// When navigating to the login page, redirect to Files if already logged in
if (to.name === "Login" && isAuthenticated) {
return { name: "Files" };
}
const requiresAuth = to.matched.some((routeRecord) => routeRecord.meta.requiresAuth);
if (!requiresAuth || isAuthenticated) {
return undefined;
}
if (hasRefreshToken) {
const loginStore = useLoginStore(); const loginStore = useLoginStore();
try {
await loginStore.refreshToken(); await loginStore.refreshToken();
loginStore.setIsLoggedIn(true); loginStore.setIsLoggedIn(true);
setCookie("isLuciaLoggedIn", "true"); },
return undefined; setLoginMarker: () => setCookie("isLuciaLoggedIn", "true"),
} catch { encodeReturnTo,
return buildLoginRedirect(to.fullPath); });
}
}
return buildLoginRedirect(to.fullPath);
}); });
export default router; export default router;

45
tests/router/routerGuard.test.js
View File

@@ -5,6 +5,7 @@
import { describe, it, expect, beforeEach } from "vitest"; import { describe, it, expect, beforeEach } from "vitest";
import { decodeReturnTo } from "@/utils/returnToEncoding"; import { decodeReturnTo } from "@/utils/returnToEncoding";
import { evaluateAuthNavigation } from "@/router/authGuard";
describe("router beforeEach guard logic", () => { describe("router beforeEach guard logic", () => {
beforeEach(() => { beforeEach(() => {
@@ -17,38 +18,30 @@ describe("router beforeEach guard logic", () => {
}); });
}); });
// Simulate the guard logic from router/index.ts // Run the real auth guard decision logic from src/router/authGuard.ts
async function runGuard(to, options = {}) { async function runGuard(to, options = {}) {
const { refreshSucceeds = true } = options; const { refreshSucceeds = true } = options;
const hasLoginMarker = document.cookie return evaluateAuthNavigation(to, {
.split(";") getCookie: (name) => {
.some((c) => c.trim().startsWith("isLuciaLoggedIn=")); const cookieArr = document.cookie.split(";");
const hasAccessToken = document.cookie for (const cookie of cookieArr) {
.split(";") const c = cookie.trim();
.some((c) => c.trim().startsWith("luciaToken=")); if (c.startsWith(`${name}=`)) {
const hasRefreshToken = document.cookie return c.slice(name.length + 1);
.split(";")
.some((c) => c.trim().startsWith("luciaRefreshToken="));
const isAuthenticated = hasLoginMarker && hasAccessToken;
if (to.name === "Login") {
if (isAuthenticated) return { name: "Files" };
} }
const requiresAuth = (to.matched || []).some((r) => r.meta?.requiresAuth);
if (requiresAuth && !isAuthenticated) {
if (hasRefreshToken) {
if (refreshSucceeds) return undefined;
} }
return { return null;
path: "/login",
query: {
"return-to": btoa(to.fullPath || to.path || "/"),
}, },
}; refreshSession: async () => {
if (!refreshSucceeds) {
throw new Error("refresh failed");
} }
},
return undefined; setLoginMarker: () => {
document.cookie = "isLuciaLoggedIn=true";
},
encodeReturnTo: (path) => btoa(path),
});
} }
it("redirects logged-in user from Login to Files", () => { it("redirects logged-in user from Login to Files", () => {