fix(space-nuxt-base): upgrade app-extension-auth

space-plugins/nuxt-base/package.json

@@ -11,7 +11,7 @@
 		"postinstall": "nuxt prepare"
 	},
 	"dependencies": {
-		"@storyblok/app-extension-auth": "1.0.3",
+		"@storyblok/app-extension-auth": "2.0.0-beta.0",
 		"@storyblok/region-helper": "^1.1.0"
 	},
 	"devDependencies": {

space-plugins/nuxt-base/server/middleware/02.auth.global.ts

@@ -13,17 +13,6 @@ export default defineEventHandler(async (event) => {
 		return;
 	}
 
-	// If the user hasn't been authenticated yet.
-	// (Storyfront attaches this query parameter in that case)
-	const queryParams = getQuery(event);
-	if (queryParams['init_oauth'] === 'true') {
-		return await sendRedirect(
-			event,
-			`${appConfig.auth.initOauthFlowUrl}?init_oauth=true`,
-			302,
-		);
-	}
-
 	const appSession = await getAppSession(event);
 
 	if (!appSession) {

space-plugins/nuxt-base/server/utils/getAppSession.ts

@@ -1,15 +1,10 @@
 import {
-	isAppSessionQuery,
-	sessionCookieStore,
+	inferSessionQuery,
+	getSessionStore,
 } from '@storyblok/app-extension-auth';
 
 import type { H3Event } from 'h3';
 
-type AppSessionQuery = {
-	spaceId: number;
-	userId: number;
-};
-
 //      Overall auth flow
 //  (1) https://app.storyblok.com/v1/spaces/xxxx/app_provisions/xxxx
 //  (2) https://<USER-DOMAIN>/?space_id=xxxx&space_is_trial=false&space_name=xxxx&user_id=xxxx&user_name=null&user_lang=en&user_is_admin=true
@@ -29,93 +24,25 @@ type AppSessionQuery = {
 // (11) https://<USER-DOMAIN>/api/connect/callback?code=xxxx&state=xxxx&space_id=xxxx
 
 // Finished. Authenticated successfully.
-// (12) https://<USER-DOMAIN>/?spaceId=xxxx&userId=xxxx
-
-// If a user visits this plugin with the `sb.auth` token already set, they will be redirected to ↓
-// (13) https://<USER-DOMAIN>/?space_id=xxxx&user_id=xxxx
-// instead of spaceId and userId.
-// It should be more consistent, but at least the `nuxt-base` layer takes care of it now.
+// (12) https://<USER-DOMAIN>/?space_id=xxxx&user_id=xxxx
 
 export const getAppSession = async (event: H3Event) => {
-	const appSessionQuery = extractAppSessionQuery(event);
-	if (!isAppSessionQuery(appSessionQuery)) {
-		return;
-	}
-
 	const appConfig = useAppConfig();
-	const sessionStore = sessionCookieStore(getAuthHandlerParams(appConfig.auth))(
-		{
-			req: event.node.req,
-			res: event.node.res,
-		},
-	);
-
-	return await sessionStore.get(appSessionQuery);
-};
-
-function extractAppSessionQuery(event: H3Event): AppSessionQuery | undefined {
+	const sessionStore = getSessionStore(getAuthHandlerParams(appConfig.auth))({
+		req: event.node.req,
+		res: event.node.res,
+	});
 	const appSession = event.context.appSession;
-	const query = getQuery(event);
-
-	if (appSession?.spaceId && appSession?.userId) {
-		// When a page is already authenticated on the server side,
-		// and it's rendering a page that includes `useFetch('...', { server: true })`,
-		// Nuxt directly runs the serverless function on the server side
-		// (without an actual HTTP request).
-		//
-		// In that case `event.context.appSession` exists.
-		return convertToAppSessionQuery(appSession?.spaceId, appSession?.userId);
+	if (appSession && appSession.spaceId && appSession.userId) {
+		return await sessionStore.get({
+			spaceId: appSession.spaceId,
+			userId: appSession.userId,
+		});
 	}
 
-	// (12) if this is a page request (/?spaceId=xxx&userId=yyy)
-	if (query.spaceId && query.userId) {
-		return convertToAppSessionQuery(query.spaceId, query.userId);
-	}
-
-	// (13) if this is a page request (/?space_id=xxx&user_id=yyy)
-	if (query.space_id && query.user_id) {
-		return convertToAppSessionQuery(query.space_id, query.user_id);
-	}
-
-	const referer = getHeader(event, 'referer');
-	// if this is an API request (/api/xxx), the `referer` header exists.
-	if (referer) {
-		// `referer` can be one of the following:
-		// https://<USER-DOMAIN>/?spaceId=xxxx&userId=xxxx
-		// or
-		// https://<USER-DOMAIN>/?space_id=xxxx&user_id=xxxx
-		const refererParams = new URL(referer).searchParams;
-		if (refererParams.get('spaceId') && refererParams.get('userId')) {
-			return convertToAppSessionQuery(
-				refererParams.get('spaceId'),
-				refererParams.get('userId'),
-			);
-		}
-
-		if (refererParams.get('space_id') && refererParams.get('user_id')) {
-			return convertToAppSessionQuery(
-				refererParams.get('space_id'),
-				refererParams.get('user_id'),
-			);
-		}
-	}
-}
-
-function convertToAppSessionQuery(spaceId: any, userId: any): AppSessionQuery {
-	return {
-		spaceId: toNumber(spaceId),
-		userId: toNumber(userId),
-	};
-}
-
-const toNumber = (value: any) => {
-	if (typeof value === 'string') {
-		return parseInt(value, 10);
-	}
-	if (typeof value === 'number') {
-		return value;
+	const appSessionQuery = inferSessionQuery(event.node.req);
+	if (!appSessionQuery) {
+		return;
 	}
-	throw new Error(
-		`Expected to be string or number. Actual value: ${JSON.stringify(value)}`,
-	);
+	return await sessionStore.get(appSessionQuery);
 };