✨ bearer only

server/middleware/auth.ts

@@ -5,9 +5,9 @@ export default defineEventHandler(async (event) => {
     '/api/token',
   ]
 
-  const bearer = (event.node.req.headers.authentication as string)?.split(' ')[1] || undefined
-  if (bearer && auth.verify(useRuntimeConfig(event), bearer) === true)
-    await auth.set(bearer)
+  const token = auth.bearer(event)
+  if (token && auth.verify(useRuntimeConfig(event), token) === true)
+    await auth.set(token)
   if (gatedRoutes.some(route => getRequestURL(event).pathname.startsWith(route)))
     if (!auth.user())
       return metapi().error(event, 'Not Authenticated', 401)

server/routes/token.ts

@@ -1,14 +1,13 @@
 import { z } from 'zod'
 
 const index = defineEventHandler(async (event) => {
-  console.log(parseCookies(event))
   return metapi().render(
     await prisma.$extends({
       result: {
         token: {
           isCurrent: {
             needs: { hash: true },
-            compute({ hash }) { return hash === parseCookies(event).token },
+            compute({ hash }) { return hash === auth.bearer(event) },
           },
         },
       },

server/utils/auth.ts

@@ -1,9 +1,13 @@
+import type { H3Event } from 'h3'
 import type { Token } from '@prisma/client'
 import type { RuntimeConfig } from 'nuxt/schema'
 import type { User } from '~/types/models'
 
 let token: Token & { user: User } | null = null
 
+const bearer = (event: H3Event): string | undefined =>
+  (event.node.req.headers.authentication as string)?.split(' ')[1] || undefined
+
 const set = async (hash: string): Promise<User> => {
   // if (token?.user) return token.user
   token = await prisma.token.findUnique({
@@ -37,4 +41,5 @@ export const auth = {
   user,
   hash,
   clear,
+  bearer,
 }