Spaces:
Running
Running
Okay now add nitro as ssr and add an express backend with a simple login and authentication system that creates session id and stores session id as http only cookie and in the ssr middleware for all routes we do have a check for the http only cookie to check if is present or expired to redirect to home page or to login page
d502d70 verified | ```typescript | |
| import { eventHandler, setCookie, getCookie, deleteCookie, createError } from 'h3' | |
| // Simple in-memory session store (use Redis in production) | |
| const sessionStore = new Map<string, { userId: number; email: string; createdAt: number }>() | |
| export const sessionDuration = 24 * 60 * 60 * 1000 // 24 hours in milliseconds | |
| // Middleware to check authentication | |
| export default eventHandler((event) => { | |
| const path = event.node.req.url || '' | |
| const sessionId = getCookie(event, 'session_id') | |
| // Skip auth check for login page and login API | |
| const publicPaths = ['/login.html', '/api/login', '/api/logout', '/_nuxt'] | |
| const isPublicPath = publicPaths.some(p => path.startsWith(p)) | |
| if (isPublicPath) { | |
| return | |
| } | |
| // Check if user is authenticated | |
| if (!sessionId || !sessionStore.has(sessionId)) { | |
| // Redirect to login page | |
| event.node.res.writeHead(302, { | |
| 'Location': '/login.html' | |
| }) | |
| event.node.res.end() | |
| return | |
| } | |
| // Check if session is expired | |
| const session = sessionStore.get(sessionId)! | |
| const now = Date.now() | |
| if (now - session.createdAt > sessionDuration) { | |
| sessionStore.delete(sessionId) | |
| deleteCookie(event, 'session_id') | |
| event.node.res.writeHead(302, { | |
| 'Location': '/login.html' | |
| }) | |
| event.node.res.end() | |
| return | |
| } | |
| // Attach session data to event context | |
| event.context.session = { | |
| id: sessionId, | |
| ...session | |
| } | |
| }) | |
| // Export session store for use in API routes | |
| export { sessionStore } | |
| ``` |