search

sidebase / nuxt-auth

Authentication built for Nuxt 3! Easily add authentication via OAuth providers, credentials or Email Magic URLs!
https://auth.sidebase.io
MIT License
1.31k stars 164 forks source link

RFC: `getServerSession` support for Websockets and other non-H3Event requests #135

Closed BracketJohn closed 9 months ago

BracketJohn commented 1 year ago

Describe the feature

It'd be nice if getServerSession could be called with non-H3Event payloads, to allow all standardized req / res sources to get the server session. A prominent example of this are websockets.

Additional information

This arose in #131.

@q16solver's original remark:

createContext actually receives the H3Event from the first argument unless you're using websockets as well, but I do agree that getServerSession's api from nuxt auth should be fixed up and have the same structure as next auth, I shouldn't need to pass in the whole event argument so it can grab the session, it should only need req and res like next auth, because for websockets, there is no H3Event, but I should still be able to have authenticated websockets and be able to grab the session.

This is especially painful when I'm trying to implement auth as middlewares in trpc since I need to propagate the entire event object throughout the context, hopefully this can be fixed c:

@ngajhede I think we can probably keep this issue open and perhaps put a different tag like enhancement to improve the api, what do you think @BracketJohn?

BracketJohn commented 1 year ago

Hey @q16solver 👋

Thanks again for the proposal. Let's discuss this along the use-case of websockets. How are websockets currently supported by Nuxt 3? AFAIU from your comment in #131 they are not molded into an H3Event but instead come in as something different?

Q16solver commented 1 year ago

@BracketJohn I've had a look into how websockets can be done with tRPC + Nuxt 3, and it seems like the only feasible way as of right now, is to use server middlewares, then have a global ws server to prevent additional calls, source code: https://github.com/Esposter/Esposter/blob/main/server/middleware/websocketServer.ts

createContext is also passed here, so I'd assume that is why it passes in different arguments

Q16solver commented 1 year ago

@BracketJohn Do you have any approaches in mind on how to start on this? Perhaps I can try some things though I'm not very familiar with the session code. I had a look through it but it seems that all the nuxt APIs require the H3event to be passed through for setting cookies etc. Maybe this change needs to be done from the nuxt side? Or some other separate method for grabbing the session when it is for websockets? I'm not exactly sure on the security requirements for websockets, maybe all we need to do is just hit the session endpoint and grab the session without doing the set cookies etc.?

BracketJohn commented 1 year ago

Hey @Q16solver - one lead I have for you is to look at https://github.com/stafyniaksacha/nuxt-poc-websockets. This is a PoC of websockets in Nuxt 3. It is from October of las year, so may be a bit outdated.

Other than that: I don't have a good implementation strategy in mind for this at the moment - I'd need to put in research myself to resolve this unfortunately - this is also why it's not on top of my agenda at the moment.

Thank you though for being so active on this repo and trying to push the project, really means a lot (:

BracketJohn commented 1 year ago

blocked by proper websoicket support in nitro -> this will come eventually, waiting for that to come around (:

BracketJohn commented 9 months ago

closed as part of cleanup (: