fix: auto whitelist urls on register

Author: rrd108

src/module.ts

@@ -72,9 +72,20 @@ export default defineNuxtModule<RuntimeModuleOptions>({
       auth: {
         whitelist: (() => {
           const combinedWhitelist = [...(defaultOptions.auth?.whitelist || []), ...(options.auth?.whitelist || [])]
-          // Auto-whitelist /confirm-email if /register is whitelisted
-          if (combinedWhitelist.includes('/register') && !combinedWhitelist.includes('/confirm-email')) {
-            combinedWhitelist.push('/confirm-email')
+          // Auto-whitelist related endpoints if /register is whitelisted
+          if (combinedWhitelist.includes('/register')) {
+            const apiBasePath = options.apiBasePath || defaultOptions.apiBasePath
+            const registrationEndpoints = [
+              '/confirm-email',  // Page route for email confirmation
+              `${apiBasePath}/register`,  // API endpoint for registration
+              `${apiBasePath}/confirm-email`  // API endpoint for email confirmation
+            ]
+            
+            registrationEndpoints.forEach(endpoint => {
+              if (!combinedWhitelist.includes(endpoint)) {
+                combinedWhitelist.push(endpoint)
+              }
+            })
           }
           return combinedWhitelist
         })(),
@@ -98,9 +109,20 @@ export default defineNuxtModule<RuntimeModuleOptions>({
       auth: {
         whitelist: (() => {
           const combinedWhitelist = [...(defaultOptions.auth?.whitelist || []), ...(options.auth?.whitelist || [])]
-          // Auto-whitelist /confirm-email if /register is whitelisted
-          if (combinedWhitelist.includes('/register') && !combinedWhitelist.includes('/confirm-email')) {
-            combinedWhitelist.push('/confirm-email')
+          // Auto-whitelist related endpoints if /register is whitelisted
+          if (combinedWhitelist.includes('/register')) {
+            const apiBasePath = options.apiBasePath || defaultOptions.apiBasePath
+            const registrationEndpoints = [
+              '/confirm-email',  // Page route for email confirmation
+              `${apiBasePath}/register`,  // API endpoint for registration
+              `${apiBasePath}/confirm-email`  // API endpoint for email confirmation
+            ]
+            
+            registrationEndpoints.forEach(endpoint => {
+              if (!combinedWhitelist.includes(endpoint)) {
+                combinedWhitelist.push(endpoint)
+              }
+            })
           }
           return combinedWhitelist
         })(),

test/unit/auto-whitelist.test.ts

@@ -5,18 +5,35 @@ interface TestModuleOptions {
   auth: {
     whitelist: string[]
   }
+  apiBasePath?: string
 }
 
-// Extract the whitelist logic for testing
-const getWhitelistWithAutoConfirmEmail = (options: TestModuleOptions) => {
+// Extract the whitelist logic for testing (matching the module.ts logic)
+const getWhitelistWithAutoRegistrationEndpoints = (options: TestModuleOptions) => {
   const combinedWhitelist = [...options.auth.whitelist]
-  // Auto-whitelist /confirm-email if /register is whitelisted
-  if (combinedWhitelist.includes('/register') && !combinedWhitelist.includes('/confirm-email')) {
-    combinedWhitelist.push('/confirm-email')
+  // Auto-whitelist related endpoints if /register is whitelisted
+  if (combinedWhitelist.includes('/register')) {
+    const apiBasePath = options.apiBasePath || '/api/nuxt-users'
+    const registrationEndpoints = [
+      '/confirm-email',  // Page route for email confirmation
+      `${apiBasePath}/register`,  // API endpoint for registration
+      `${apiBasePath}/confirm-email`  // API endpoint for email confirmation
+    ]
+    
+    registrationEndpoints.forEach(endpoint => {
+      if (!combinedWhitelist.includes(endpoint)) {
+        combinedWhitelist.push(endpoint)
+      }
+    })
   }
   return combinedWhitelist
 }
 
+// Keep backward compatibility helper for existing tests
+const getWhitelistWithAutoConfirmEmail = (options: TestModuleOptions) => {
+  return getWhitelistWithAutoRegistrationEndpoints(options)
+}
+
 describe('Auto-whitelist functionality', () => {
   it('should auto-add /confirm-email when /register is whitelisted', () => {
     const options: TestModuleOptions = {
@@ -70,4 +87,51 @@ describe('Auto-whitelist functionality', () => {
     expect(result).not.toContain('/confirm-email')
     expect(result).toHaveLength(0)
   })
+
+  it('should auto-add registration API endpoints when /register is whitelisted', () => {
+    const options: TestModuleOptions = {
+      auth: {
+        whitelist: ['/register']
+      }
+    }
+
+    const result = getWhitelistWithAutoRegistrationEndpoints(options)
+
+    expect(result).toContain('/register')
+    expect(result).toContain('/confirm-email')
+    expect(result).toContain('/api/nuxt-users/register')
+    expect(result).toContain('/api/nuxt-users/confirm-email')
+    expect(result).toHaveLength(4)
+  })
+
+  it('should use custom API base path for registration endpoints', () => {
+    const options: TestModuleOptions = {
+      auth: {
+        whitelist: ['/register']
+      },
+      apiBasePath: '/api/custom-users'
+    }
+
+    const result = getWhitelistWithAutoRegistrationEndpoints(options)
+
+    expect(result).toContain('/register')
+    expect(result).toContain('/confirm-email')
+    expect(result).toContain('/api/custom-users/register')
+    expect(result).toContain('/api/custom-users/confirm-email')
+    expect(result).not.toContain('/api/nuxt-users/register')
+  })
+
+  it('should not duplicate API endpoints if already present', () => {
+    const options: TestModuleOptions = {
+      auth: {
+        whitelist: ['/register', '/api/nuxt-users/register']
+      }
+    }
+
+    const result = getWhitelistWithAutoRegistrationEndpoints(options)
+
+    expect(result.filter(route => route === '/api/nuxt-users/register')).toHaveLength(1)
+    expect(result).toContain('/confirm-email')
+    expect(result).toContain('/api/nuxt-users/confirm-email')
+  })
 })