imacat/lucia-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce requiresAuth routes in global router guard with login return-to redirects

Browse Source 
Co-Authored-By: Codex <codex@openai.com>
This commit is contained in:
依瑪貓
2026-03-08 19:07:56 +08:00
parent 90cc6689c8
commit b3f4ace13f
2 changed files with 80 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/router/index.ts
View File

@@ -10,6 +10,8 @@
*/ */
import { createRouter, createWebHistory } from "vue-router"; import { createRouter, createWebHistory } from "vue-router";
import { useLoginStore } from "@/stores/login";
import { getCookie, setCookie } from "@/utils/cookieUtil";
import AuthContainer from "@/views/AuthContainer.vue"; import AuthContainer from "@/views/AuthContainer.vue";
import MainContainer from "@/views/MainContainer.vue"; import MainContainer from "@/views/MainContainer.vue";
import Login from "@/views/Login/LoginPage.vue"; import Login from "@/views/Login/LoginPage.vue";
@@ -171,18 +173,51 @@ const router = createRouter({
routes, routes,
}); });
/**
* Builds a login redirect target with a return-to query.
* @param {string} fullPath - The destination path to return after login.
* @returns {{path: string, query: {"return-to": string}}} The redirect target.
*/
function buildLoginRedirect(fullPath: string) {
return {
path: "/login",
query: {
"return-to": btoa(fullPath),
},
};
}
// Global navigation guard // Global navigation guard
router.beforeEach((to, from) => { router.beforeEach(async (to) => {
// to: Route: the target route object being navigated to // to: Route: the target route object being navigated to
// from: Route: the current route being navigated away from const hasLoginMarker = Boolean(getCookie("isLuciaLoggedIn"));
const hasAccessToken = Boolean(getCookie("luciaToken"));
const hasRefreshToken = Boolean(getCookie("luciaRefreshToken"));
const isAuthenticated = hasLoginMarker && hasAccessToken;
// When navigating to the login page, redirect to Files if already logged in // When navigating to the login page, redirect to Files if already logged in
if (to.name === "Login") { if (to.name === "Login" && isAuthenticated) {
const isLoggedIn = document.cookie return { name: "Files" };
.split(";")
.some((c) => c.trim().startsWith("isLuciaLoggedIn="));
if (isLoggedIn) return { name: "Files" };
} }
const requiresAuth = to.matched.some((routeRecord) => routeRecord.meta.requiresAuth);
if (!requiresAuth || isAuthenticated) {
return undefined;
}
if (hasRefreshToken) {
const loginStore = useLoginStore();
try {
await loginStore.refreshToken();
loginStore.setIsLoggedIn(true);
setCookie("isLuciaLoggedIn", "true");
return undefined;
} catch {
return buildLoginRedirect(to.fullPath);
}
}
return buildLoginRedirect(to.fullPath);
}); });
export default router; export default router;

41
tests/router/routerGuard.test.js
View File

@@ -18,18 +18,34 @@ describe("router beforeEach guard logic", () => {
// Simulate the guard logic from router/index.ts // Simulate the guard logic from router/index.ts
function runGuard(to) { function runGuard(to) {
const isLoggedIn = document.cookie const hasLoginMarker = document.cookie
.split(";") .split(";")
.some((c) => c.trim().startsWith("isLuciaLoggedIn=")); .some((c) => c.trim().startsWith("isLuciaLoggedIn="));
const hasAccessToken = document.cookie
.split(";")
.some((c) => c.trim().startsWith("luciaToken="));
const isAuthenticated = hasLoginMarker && hasAccessToken;
if (to.name === "Login") { if (to.name === "Login") {
if (isLoggedIn) return { name: "Files" }; if (isAuthenticated) return { name: "Files" };
} }
const requiresAuth = (to.matched || []).some((r) => r.meta?.requiresAuth);
if (requiresAuth && !isAuthenticated) {
return {
path: "/login",
query: {
"return-to": btoa(to.fullPath || to.path || "/"),
},
};
}
return undefined; return undefined;
} }
it("redirects logged-in user from Login to Files", () => { it("redirects logged-in user from Login to Files", () => {
document.cookie = "isLuciaLoggedIn=true"; document.cookie = "isLuciaLoggedIn=true";
document.cookie = "luciaToken=token";
expect(runGuard({ name: "Login" })).toEqual({ name: "Files" }); expect(runGuard({ name: "Login" })).toEqual({ name: "Files" });
}); });
@@ -37,8 +53,27 @@ describe("router beforeEach guard logic", () => {
expect(runGuard({ name: "Login" })).toBeUndefined(); expect(runGuard({ name: "Login" })).toBeUndefined();
}); });
it("redirects unauthenticated user when route requiresAuth", () => {
const result = runGuard({
name: "Files",
path: "/files",
fullPath: "/files",
matched: [{ meta: { requiresAuth: true } }],
});
expect(result.path).toBe("/login");
expect(atob(result.query["return-to"])).toBe("/files");
});
it("does not interfere with non-Login routes", () => { it("does not interfere with non-Login routes", () => {
document.cookie = "isLuciaLoggedIn=true"; document.cookie = "isLuciaLoggedIn=true";
expect(runGuard({ name: "Files" })).toBeUndefined(); document.cookie = "luciaToken=token";
expect(
runGuard({
name: "Files",
path: "/files",
fullPath: "/files",
matched: [{ meta: { requiresAuth: true } }],
}),
).toBeUndefined();
}); });
}); });