feat(#797, #878): set baseURL via environment variables and improve internal url detection
#913
Conversation
Testing
|
There was a problem hiding this comment.
In general I understand the intent and very like the testing comment you left. However, there are several points:
- What happens to users who already use
baseURLas e.g.http://localhost:3000? In my understanding, requests are now made to this URL without adding/api/auth? This is a breaking change and needs to have its own minor release + docs if we settle on it. - What happens to internal
$fetchcalls? Remember that they have a limitation - they only work when path starts with a/. And here are two facts that break it: - When using
authjsprovider in which these calls are the most relevant, you need to setAUTH_ORIGINorbaseURLto a fully-specified URL (i.e. protocol, hostname, etc.); - Calling a fully-specified URL using
$fetchinvokes external fetch, meaning that a real HTTP call is made from the server to itself - and it has a relatively high cost, bottlenecking performance.
Any implementation that doesn't provide backwards compatibility with at least these two points is therefore highly discouraged :/
I'd like for us to get involved in an RFC discussion and come up with a spec of how calls are made depending on what variable is set. For example, we know for sure:
authjsprovider is the same Nuxt server and therefore should always prefer internal calls, regardless of theAUTH_ORIGIN(only taking into accountpathname);localprovider is isomorphic (with lean towards external backends, it seems), and origin needs to be taken literally - if it is set, we assume all calls are external.
With these in mind, it might even make sense to disconnect the implementations of two providers into separate URL utils.
| @@ -8,7 +8,7 @@ export default defineNuxtConfig({ | |||
| globalAppMiddleware: { | |||
| isEnabled: true | |||
| }, | |||
| baseURL: `http://localhost:${process.env.PORT || 3000}` | |||
| baseURL: `http://localhost:${process.env.PORT || 3000}/api/auth` | |||
There was a problem hiding this comment.
This looks like a breaking change
It is! I had forgotten to add the label. However, I think these changes are desperately needed as the current logic makes no sense and limits how you can use it. E.g. I am working on a project where the external API routes are as follows:
Adding If I provide
This logic has been removed, in favour of checking if Example Nuxt configuration that currently breaksexport default defineNuxtConfig({
modules: ['@sidebase/nuxt-auth'],
runtimeConfig: {
public: {
api: {
baseURL: 'http://localhost:8080'
}
}
},
auth: {
originEnvKey: 'NUXT_PUBLIC_API_BASE_URL',
baseURL: 'http://localhost:8080',
provider: {
type: 'local',
endpoints: {
signIn: { path: '/auth/login', method: 'post' },
signUp: { path: '/auth/register', method: 'post' },
signOut: { path: '/auth/logout', method: 'post' },
getSession: { path: '/accounts/me', method: 'get' }
},
pages: {
login: '/auth/sign-in'
},
token: {
signInResponseTokenPointer: '/token',
maxAgeInSeconds: 60 * 60 * 24
},
session: {
dataType: {
id: 'string',
name: 'string',
email: 'string',
createdAt: 'number',
members: '{ id: number, email: string, roles: string[] }[]'
},
}
},
sessionRefresh: {
enableOnWindowFocus: true,
enablePeriodically: 5000
},
globalAppMiddleware: {
isEnabled: true
}
},
}) |
zoey-kaiser
added
the
breaking-change
commit: |
zoey-kaiser
added
provider-authjs
|
I am using http://localhost:8000/api and then I am not using I am using v0.10.0 |
π Linked issue
closes #797, #878
β Type of change
π Description
π Checklist