Refactor authentication middleware to remove dependency on Pinia, implementing direct API calls for authentication status checks. Update member API documentation to escape JWT token placeholder for clarity. Update session and user data formats for improved security and consistency.

2026-01-07 17:26:22 +01:00
parent 5ce064cff0
commit 7fb65723c7
4 changed files with 17 additions and 18 deletions
--- a/middleware/auth.global.js
+++ b/middleware/auth.global.js
@@ -1,21 +1,20 @@
 export default defineNuxtRouteMiddleware(async (to, _from) => {
-  // Only run on client-side
-  if (process.server) return
-
-  const authStore = useAuthStore()
-
  // Check if route requires authentication
-  const requiresAuth = to.meta.middleware === 'auth'
+  const mw = to.meta.middleware
+  const requiresAuth =
+    mw === 'auth' || (Array.isArray(mw) && mw.includes('auth'))

  if (requiresAuth) {
-    // Check auth status if not already checked
-    if (!authStore.isLoggedIn) {
-      await authStore.checkAuth()
-    }
-
-    // Redirect to login if not authenticated
-    if (!authStore.isLoggedIn) {
-      return navigateTo('/login')
+    // Nicht auf Pinia angewiesen sein (sonst "no active Pinia" in manchen Nuxt-Lifecycle-Phasen)
+    try {
+      const { data: auth } = await useFetch('/api/auth/status')
+      if (!auth.value || !auth.value.isLoggedIn) {
+        const redirect = encodeURIComponent(to.fullPath || to.path || '/')
+        return navigateTo(`/login?redirect=${redirect}`)
+      }
+    } catch (_e) {
+      const redirect = encodeURIComponent(to.fullPath || to.path || '/')
+      return navigateTo(`/login?redirect=${redirect}`)
    }
  }
 })