feat(fullstack): Logout page, persistent state

fix(auth): Automatic regeneration of refresh tokens

Author: wale

components/Layout.vue

@@ -8,8 +8,6 @@
 </template>
 
 <script setup lang="ts">
-import { useIntervalFn } from "@vueuse/core";
-
 const props = defineProps<{
     title: string;
     description: string;
@@ -22,17 +20,13 @@ useHead({
     meta: [{ name: "description", content: description.value }],
 });
 
-const userStore = useAuthStore();
-const { user } = storeToRefs(userStore);
+const interval = ref();
+
+onMounted(() => {
+    interval.value = refreshInterval();
+});
 
-useIntervalFn(async () => {
-    // eslint-disable-next-line no-useless-return
-    if (!user.value.id) return;
-    else {
-        const { requestState } = await userStore.refresh(
-            user.value.refreshToken,
-        );
-        if (requestState.error) throw requestState.error;
-    }
-}, 300_000); // update every 5 minutes when logged in
+onBeforeUnmount(() => {
+    window.clearTimeout(interval.value);
+});
 </script>

components/Nav.vue

@@ -40,6 +40,11 @@
                                 >
                             </div>
                         </li>
+                        <li v-if="user.id">
+                            <a href="/logout" class="md:p-4 py-2 block"
+                                >Logout</a
+                            >
+                        </li>
                         <li v-if="!user.id">
                             <a href="/register" class="md:p-4 py-2 block"
                                 >Register</a
@@ -70,7 +75,7 @@
 import { storeToRefs } from "pinia";
 import { ref } from "vue";
 
-import { useAuthStore } from "~/utils/authStore";
+import { useAuthStore } from "~/store/auth";
 
 const show = ref(false);
 

middleware/auth.ts

@@ -1,30 +1,11 @@
-import jwt from "jsonwebtoken";
 import { storeToRefs } from "pinia";
+import { useAuthStore } from "~/store/auth";
 
 export default defineNuxtRouteMiddleware((to) => {
-    const runtimeConfig = useRuntimeConfig();
     const { user } = storeToRefs(useAuthStore());
 
-    console.log(user.value);
-
     if (to.fullPath === "/login" && user.value.id) return navigateTo("/");
 
     if (!user.value.id) return navigateTo("/login");
-    else
-        try {
-            // Verify JWT access token
-            const verificationPayload = jwt.verify(
-                user.value.accessToken,
-                runtimeConfig.jwtAccessSecret,
-            );
-
-            if ((verificationPayload as jwt.JwtPayload).jti)
-                return navigateTo(to.fullPath);
-            else return navigateTo("/login");
-        } catch (err) {
-            throw createError({
-                statusCode: 500,
-                statusMessage: `Server error: ${(err as Error).name}`,
-            });
-        }
+    else return navigateTo(to.fullPath);
 });

nuxt.config.ts

@@ -16,5 +16,5 @@ export default defineNuxtConfig({
   },
 
   css: ['@wale/general-sans', '~/assets/css/main.css'],
-  modules: ["@nuxt/image", "@pinia/nuxt"]
+  modules: ["@nuxt/image", "@pinia/nuxt", "@pinia-plugin-persistedstate/nuxt"]
 });

package.json

@@ -16,6 +16,7 @@
     "db:format": "prisma format"
   },
   "dependencies": {
+    "@pinia-plugin-persistedstate/nuxt": "^1.2.0",
     "@pinia/nuxt": "^0.5.1",
     "@prisma/client": "5.9.1",
     "@wale/general-sans": "^1.0.0",

pages/login.vue

@@ -84,7 +84,7 @@
 <script setup lang="ts">
 import { ref } from "vue";
 
-import { useAuthStore } from "~/utils/authStore";
+import { useAuthStore } from "~/store/auth";
 
 const userStore = useAuthStore();
 

pages/logout.vue

@@ -0,0 +1,56 @@
+<template>
+    <Layout
+        title="Logout | Readconquista"
+        description="Logout of Readconquista"
+    >
+        <div
+            class="flex h-full items-center justify-center flex-col gap-4 md:gap-8"
+        >
+            <h2 class="text-3xl md:text-5xl font-black">Logout</h2>
+            <h4 class="text-xl md:text-2xl">
+                Are you sure you want to log out?
+            </h4>
+            <div class="flex flex-row gap-8">
+                <button
+                    type="button"
+                    class="p-4 rounded-xl bg-grayscale-800 text-grayscale-400"
+                    @click="logout()"
+                >
+                    Yes
+                </button>
+                <button
+                    type="button"
+                    class="p-4 rounded-xl bg-grayscale-400 text-grayscale-800"
+                    @click="cancelLogout()"
+                >
+                    No
+                </button>
+            </div>
+            <div v-if="error" class="mt-2 flex flex-row justify-center">
+                <span class="text-red-500 font-bold"
+                    >{{ error.statusCode }} - {{ error.statusMessage }}</span
+                >
+            </div>
+        </div>
+    </Layout>
+</template>
+
+<script setup lang="ts">
+import { useAuthStore } from "~/store/auth";
+
+const router = useRouter();
+const authStore = useAuthStore();
+
+const error = ref();
+
+const logout = async () => {
+    const { requestState } = await authStore.logout();
+
+    if (requestState.error) error.value = requestState.error;
+    else await router.push("/");
+};
+
+const cancelLogout = async () => {
+    await router.push("/");
+};
+</script>

server/api/auth/logout.post.ts

@@ -0,0 +1,12 @@
+export default defineEventHandler(async (event) => {
+    const { user } = await protectRoute(event);
+
+    revokeTokensByIdentifier({ username: user.username })
+        .then(() => setResponseStatus(event, 200, "Successfully logged out"))
+        .catch((err) =>
+            createError({
+                statusCode: 500,
+                statusMessage: `${(err as Error).message}`,
+            }),
+        );
+});

server/api/auth/refresh.post.ts

@@ -21,12 +21,6 @@ export default defineEventHandler(async (event) => {
         runtimeConfig.jwtRefreshSecret,
     ) as jwt.JwtPayload;
 
-    if (new Date().getTime() > payload.exp!)
-        throw createError({
-            statusCode: 403,
-            statusMessage: "Forbidden: token is still valid",
-        });
-
     const savedRefreshToken = await findRefreshTokenById(payload.jti!);
 
     if (!savedRefreshToken || savedRefreshToken.revoked)

server/utils/jwt.ts

@@ -23,7 +23,7 @@ export function generateRefreshToken(user: User, jti: string) {
         },
         runtimeConfig.jwtRefreshSecret,
         {
-            expiresIn: "8h",
+            expiresIn: "24h",
         },
     );
 }

utils/authStore.ts store/auth.ts

@@ -74,10 +74,28 @@ export const useAuthStore = defineStore("auth", {
             return { data: {} as UserState, requestState };
         },
 
-        async logout() {
-            await revokeTokensByIdentifier({ email: this.user.email });
+        async logout(): Promise<{ requestState: RequestState }> {
+            const requestState: RequestState = {
+                loading: true,
+                error: null,
+            };
 
-            this.user = {} as UserState;
+            try {
+                await $fetch("/api/auth/logout", {
+                    method: "post",
+                    headers: {
+                        "Content-Type": "application/json",
+                        Authorization: `Bearer ${this.user.accessToken}`,
+                    },
+                });
+                requestState.loading = false;
+                this.user = {} as UserState;
+                return { requestState };
+            } catch (error) {
+                requestState.loading = false;
+                requestState.error = error as Error;
+                return { requestState };
+            }
         },
 
         async register(
@@ -137,4 +155,5 @@ export const useAuthStore = defineStore("auth", {
             }
         },
     },
+    persist: true,
 });

utils/pinia.ts

@@ -0,0 +1,17 @@
+import { useAuthStore } from "~/store/auth";
+
+export default function refreshInterval(): number | null {
+    const authStore = useAuthStore();
+
+    if (authStore.user.accessToken) {
+        const [, jwtBase64] = authStore.user.accessToken.split(".");
+        const jwtToken = JSON.parse(atob(jwtBase64));
+
+        const expires = new Date(jwtToken.exp * 1000);
+        const timeout = expires.getTime() - Date.now() - 60 * 1000;
+
+        return window.setTimeout(async () => {
+            await authStore.refresh(authStore.user.refreshToken);
+        }, timeout);
+    } else return null;
+}

utils/refreshInterval.ts

@@ -1168,6 +1168,30 @@
     unimport "^3.7.1"
     untyped "^1.4.2"
 
+"@nuxt/kit@^3.8.0":
+  version "3.11.1"
+  resolved "https://registry.yarnpkg.com/@nuxt/kit/-/kit-3.11.1.tgz#342335f1cbf7422a3e65be67f3ff975e6075decf"
+  integrity sha512-8VVlhaY4N+wipgHmSXP+gLM+esms9TEBz13I/J++PbOUJuf2cJlUUTyqMoRVL0xudVKK/8fJgSndRkyidy1m2w==
+  dependencies:
+    "@nuxt/schema" "3.11.1"
+    c12 "^1.10.0"
+    consola "^3.2.3"
+    defu "^6.1.4"
+    globby "^14.0.1"
+    hash-sum "^2.0.0"
+    ignore "^5.3.1"
+    jiti "^1.21.0"
+    knitwork "^1.0.0"
+    mlly "^1.6.1"
+    pathe "^1.1.2"
+    pkg-types "^1.0.3"
+    scule "^1.3.0"
+    semver "^7.6.0"
+    ufo "^1.5.2"
+    unctx "^2.3.1"
+    unimport "^3.7.1"
+    untyped "^1.4.2"
+
 "@nuxt/[email protected]", "@nuxt/schema@^3.9.1":
   version "3.10.3"
   resolved "https://registry.yarnpkg.com/@nuxt/schema/-/schema-3.10.3.tgz#b9bdcced298b64f280f12936e518fe4f32c90328"
@@ -1185,6 +1209,23 @@
     unimport "^3.7.1"
     untyped "^1.4.2"
 
+"@nuxt/[email protected]":
+  version "3.11.1"
+  resolved "https://registry.yarnpkg.com/@nuxt/schema/-/schema-3.11.1.tgz#1f9e59be77d8c08904c06a26d9570c9c687bcfd6"
+  integrity sha512-XyGlJsf3DtkouBCvBHlvjz+xvN4vza3W7pY3YBNMnktxlMQtfFiF3aB3A2NGLmBnJPqD3oY0j7lljraELb5hkg==
+  dependencies:
+    "@nuxt/ui-templates" "^1.3.1"
+    consola "^3.2.3"
+    defu "^6.1.4"
+    hookable "^5.5.3"
+    pathe "^1.1.2"
+    pkg-types "^1.0.3"
+    scule "^1.3.0"
+    std-env "^3.7.0"
+    ufo "^1.5.2"
+    unimport "^3.7.1"
+    untyped "^1.4.2"
+
 "@nuxt/telemetry@^2.5.3":
   version "2.5.3"
   resolved "https://registry.yarnpkg.com/@nuxt/telemetry/-/telemetry-2.5.3.tgz#e702bbccfb5cc4ab9b0cfc8239e96ed9e2ccfc74"
@@ -1350,6 +1391,15 @@
   resolved "https://registry.yarnpkg.com/@phc/format/-/format-1.0.0.tgz#b5627003b3216dc4362125b13f48a4daa76680e4"
   integrity sha512-m7X9U6BG2+J+R1lSOdCiITLLrxm+cWlNI3HUFA92oLO77ObGNzaKdh8pMLqdZcshtkKuV84olNNXDfMc4FezBQ==
 
+"@pinia-plugin-persistedstate/nuxt@^1.2.0":
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/@pinia-plugin-persistedstate/nuxt/-/nuxt-1.2.0.tgz#559d6abf0204726fa1fb7bb324ea4be99a10e6bd"
+  integrity sha512-2rtgx5viGSMQMCoFYZMHguA2FhFKCUvw0PwETfqQegsWeBHlqk1/D0G/9xqep8Hq+c1BuFx+jNLJzoLXtYfivg==
+  dependencies:
+    "@nuxt/kit" "^3.8.0"
+    defu "^6.1.2"
+    pinia-plugin-persistedstate ">=3.2.0"
+
 "@pinia/nuxt@^0.5.1":
   version "0.5.1"
   resolved "https://registry.yarnpkg.com/@pinia/nuxt/-/nuxt-0.5.1.tgz#ee7c979d365a5dfda882430ddfae405fbd78d8d5"
@@ -2571,6 +2621,24 @@ bundle-name@^4.1.0:
   dependencies:
     run-applescript "^7.0.0"
 
+c12@^1.10.0:
+  version "1.10.0"
+  resolved "https://registry.yarnpkg.com/c12/-/c12-1.10.0.tgz#e1936baa26fd03a9427875554aa6aeb86077b7fb"
+  integrity sha512-0SsG7UDhoRWcuSvKWHaXmu5uNjDCDN3nkQLRL4Q42IlFy+ze58FcCoI3uPwINXinkz7ZinbhEgyzYFw9u9ZV8g==
+  dependencies:
+    chokidar "^3.6.0"
+    confbox "^0.1.3"
+    defu "^6.1.4"
+    dotenv "^16.4.5"
+    giget "^1.2.1"
+    jiti "^1.21.0"
+    mlly "^1.6.1"
+    ohash "^1.1.3"
+    pathe "^1.1.2"
+    perfect-debounce "^1.0.0"
+    pkg-types "^1.0.3"
+    rc9 "^2.1.1"
+
 c12@^1.9.0:
   version "1.9.0"
   resolved "https://registry.yarnpkg.com/c12/-/c12-1.9.0.tgz#a98b3d16b5010667983df70794a332d6b9865ec3"
@@ -6103,6 +6171,11 @@ pify@^2.3.0:
   resolved "https://registry.yarnpkg.com/pify/-/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c"
   integrity sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==
 
+pinia-plugin-persistedstate@>=3.2.0:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/pinia-plugin-persistedstate/-/pinia-plugin-persistedstate-3.2.1.tgz#66780602aecd6c7b152dd7e3ddc249a1f7a13fe5"
+  integrity sha512-MK++8LRUsGF7r45PjBFES82ISnPzyO6IZx3CH5vyPseFLZCk1g2kgx6l/nW8pEBKxxd4do0P6bJw+mUSZIEZUQ==
+
 pinia@>=2.1.7, pinia@^2.1.7:
   version "2.1.7"
   resolved "https://registry.yarnpkg.com/pinia/-/pinia-2.1.7.tgz#4cf5420d9324ca00b7b4984d3fbf693222115bbc"
@@ -7512,6 +7585,11 @@ ufo@^1.1.2, ufo@^1.2.0, ufo@^1.3.0, ufo@^1.3.1, ufo@^1.3.2, ufo@^1.4.0:
   resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.4.0.tgz#39845b31be81b4f319ab1d99fd20c56cac528d32"
   integrity sha512-Hhy+BhRBleFjpJ2vchUNN40qgkh0366FWJGqVLYBHev0vpHTrXSA0ryT+74UiW6KWsldNurQMKGqCm1M2zBciQ==
 
+ufo@^1.5.2:
+  version "1.5.3"
+  resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.5.3.tgz#3325bd3c977b6c6cd3160bf4ff52989adc9d3344"
+  integrity sha512-Y7HYmWaFwPUmkoQCUIAYpKqkOf+SbVj/2fJJZ4RJMCfZp0rTGwRbzQD+HghfnhKOjL9E01okqz+ncJskGYfBNw==
+
 ultrahtml@^1.5.3:
   version "1.5.3"
   resolved "https://registry.yarnpkg.com/ultrahtml/-/ultrahtml-1.5.3.tgz#e7a903a4b28a0e49b71b0801b444050bb0a369c7"