Open peterhijma opened 3 years ago
Hi @phijma
If I understand correctly, you want to protect some of the files inside content/
only if you are connected with @nuxt/auth
?
Do do this, I think we can imagine a guard hook but it is tricky since @nuxt/auth
is working inside the Nuxt application to give your $auth.loggedIn
and not accessible inside the server middleware.
This is something we need to discuss with @pi0 and @benjamincanac for sure.
Thanks for the response @Atinux
I'll clarify my goals:
I protect my frontend using @nuxt/auth
globally. This works very well, also in combination with @nuxt/content
. The pages I created inside the folder pages
, which display the contents are all protected properly.
But since a while you can go directly to some_domain/_content/
(https://content.nuxtjs.org/advanced#api-endpoint) to check some JSON.
It says there: This module exposes an API endpoint in development so you can easily see the JSON of each directory or file
But, I don't want to expose this endpoint in production to users, because that is kind of a leak of my content inside the content
folder. As the docs talk about development, I think the fact that this endpoint is also visible in production could be a bug.
One workaround I found was by deleting this part in the source: https://github.com/nuxt/content/blob/0c6df8f2c159ff2feac102c5b6a4a5a3ac270c81/packages/content/lib/index.js#L143
Maybe the solution is just to put a condition around this part? (if env == "development", or something like that).
I am adding the pending
label for this one.
I believe this could be added for the version 2 when using the API in production, because it is impossible to hide it for full static generation since the db.json
will be exposed anyway.
Is this still pending?
I think it would also be beneficial to Nuxt Studio if developers could easily offer themes that can control access the Nuxt Content.
Related: https://github.com/nuxt/content/issues/1977 and https://github.com/nuxt/content/discussions/1532
I could not find an answer to this question yet.
I'm using
@nuxt/auth
and have it set up globally innuxt.config.js
. If I'm not logged in, going to any page will redirect me to the login page. However, if I go to../_content
I can view all data. Is it possible to put this endpoint "behind bars"?BTW: I'm using
nuxt start
and dev mode is turned off. Shouldn't the whole endpoint be invisible then? Bug?Thanks in advance!