Comments (4)
To avoid breaking changes, I am thinking of having:
setUserSession(event, publicData, privateData)
And only expose the publicData
to the endpoint. I need to think about the types though
from nuxt-auth-utils.
For context, the reason why this came up is that I was trying to store private data into the users sessions. Knowing how sessions work, I figured it would be safe to add it there. After all it was only data I needed within a Nitro context.
I missed the comments in the code example from the documentation explaining that the actual logic is that nothing attached to the user sessions is safe. I found it later via the jsdocs while debugging some code. In hindsight it is kind of obvious that this is the only way it could work.
So in reality there is no way to attach private data to the users session (without some workarounds?), which seems like a missed opportunity.
I think:
data.public
is a great idea and solves the original issue.- we need a dedicated docs section explaining how session data is stored / exposed given how sensitive it is
from nuxt-auth-utils.
Do you already have something in mind? I can have a go at this as I have good use for it.
An easy way is to just have two types and merge them into a single object:
export interface PublicSessionData {
user?: User
}
export interface PrivateSessionData {
}
// Like this?
export interface SessionData {
public?: PublicSessionData
private?: PrivateSessionData
}
// Or this?
export interface SessionData extends PrivateSessionData {
public?: PublicSessionData
}
and then /api/session.get
:
export default eventHandler(async (event) => {
const session = await requireUserSession(event)
await sessionHooks.callHookParallel('fetch', session, event)
return session.public
})
Or we could do some crazy key manipulation in a way that private properties can be filtered out recursively.
But that does not sound like the way to go.
from nuxt-auth-utils.
Can you open a PR with your solution @Gerbuuun ?
from nuxt-auth-utils.
Related Issues (20)
- Discord oauth error HOT 2
- Better typing of UserSession HOT 3
- Max key length? HOT 1
- `setUserSession()` is merging data HOT 4
- Utils does not work with Azure SWA HOT 7
- Verify Request Origin for session decoding HOT 1
- [Google] Not possible to provide extra config for authorization HOT 1
- Prefer Single Exports Over `oauth` HOT 1
- Support Dynamic Config HOT 1
- Casdoor Provider Support.
- Usage with email/password - questions HOT 11
- Create OAuth provider in userland code HOT 1
- (discord oauth2) Session state not persisting across page refreshes with Nuxt 3 and useUserSession only when deployed on Vercel HOT 3
- Facebook Login HOT 4
- How can use Laravel passport HOT 1
- Cannot use clear in middleware HOT 1
- Add more scopes on the google oath HOT 2
- The API (server routes) for getting and deleting sessions should be configurable HOT 4
- Microsoft OAuth Question about Access Token HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuxt-auth-utils.