feat: Added option to remove server

sidebase · Dec 14, 2023 · d7148df · d7148df
1 parent 24c31b8
commit d7148df
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/src/module.ts b/src/module.ts
@@ -8,6 +8,7 @@ import type { ModuleOptions, SupportedAuthProviders, AuthProviders } from './run
 
 const topLevelDefaults = {
   isEnabled: true,
+  disableServerSideAuth: false,
   session: {
     enableRefreshPeriodically: false,
     enableRefreshOnWindowFocus: true

diff --git a/src/runtime/plugin.ts b/src/runtime/plugin.ts
@@ -5,7 +5,7 @@ import { useAuth, useAuthState } from '#imports'
 
 export default defineNuxtPlugin(async (nuxtApp) => {
   // 1. Initialize authentication state, potentially fetch current session
-  const { data, lastRefreshedAt } = useAuthState()
+  const { data, lastRefreshedAt, loading } = useAuthState()
   const { getSession } = useAuth()
 
   // Skip auth if we're prerendering
@@ -14,8 +14,14 @@ export default defineNuxtPlugin(async (nuxtApp) => {
     nitroPrerender = getHeader(nuxtApp.ssrContext.event, 'x-nitro-prerender') !== undefined
   }
 
+  // Skip auth if the developer chooses
+  const { disableServerSideAuth } = useRuntimeConfig().public.auth
+  if (disableServerSideAuth) {
+    loading.value = true;
+  }
+
   // Only fetch session if it was not yet initialized server-side
-  if (typeof data.value === 'undefined' && !nitroPrerender) {
+  if (typeof data.value === 'undefined' && !nitroPrerender && !disableServerSideAuth) {
     await getSession()
   }
 
@@ -35,6 +41,10 @@ export default defineNuxtPlugin(async (nuxtApp) => {
   let refetchIntervalTimer: NodeJS.Timer
 
   nuxtApp.hook('app:mounted', () => {
+    if (disableServerSideAuth) {
+      getSession()
+    }
+
     document.addEventListener('visibilitychange', visibilityHandler, false)
 
     if (enableRefreshPeriodically !== false) {

diff --git a/src/runtime/types.ts b/src/runtime/types.ts
@@ -232,6 +232,11 @@ export interface ModuleOptions {
    * Whether the module is enabled at all
    */
   isEnabled?: boolean
+  /**
+   * Forces your server to send a "loading" status on all requests, prompting the client to fetch on the client. If your website has caching, this prevents the server from caching someone's authentication status.
+   * @default false
+   */
+  disableServerSideAuth?: boolean
   /**
    * Full url at which the app will run combined with the path to authentication. You can set this differently depending on your selected authentication-provider:
    * - `authjs`: You must set the full URL, with origin and path in production. You can leave this empty in development