enableOnWindowFocus must be used only in authenticated condition

[YoshimiShima]

Environment

• Operating System: Darwin
• Node Version: v20.11.1
• Nuxt Version: 3.12.2
• CLI Version: 3.12.0
• Nitro Version: 2.9.6
• Package Manager: pnpm@9.5.0
• Builder: -
• User Config: nitro, app, components, debug, devServer, devtools, dir, experimental, googleFonts, i18n, ignore, imports, modules, routeRules, build, runtimeConfig, sourcemap, srcDir, tailwindcss, testUtils, typescript, hooks, vite, auth
• Runtime Modules: @pinia/nuxt@0.5.1, @vueuse/nuxt@10.11.0, @nuxt/test-utils/module@3.13.1, @nuxtjs/google-fonts@3.2.0, @nuxtjs/i18n@8.3.1, @nuxtjs/tailwindcss@6.12.0, @vee-validate/nuxt@4.13.1, @sidebase/nuxt-auth@0.8.1, @pinia-plugin-persistedstate/nuxt@1.2.1, @nuxt/eslint@0.3.13
• Build Modules: -

Reproduction

// nuxt.config.ts

provider: {
  type: 'refresh',
  pages: {
    login: '/login',
  },
},
 sessionRefresh: {
   enablePeriodically: 90000,
   enableOnWindowFocus: true,
 },
globalAppMiddleware: {
   isEnabled: true,
},

// login.vue

definePageMeta({
   auth: {
     unauthenticatedOnly: true,
   },
})

Describe the bug

The enableOnWindowFocus feature should not be triggered on pages that are accessible to unauthenticated users. Currently, when a user switches back to a tab containing an unauthenticated page (such as the login page of us), the refresh mechanism is still executed, which is unnecessary and potentially problematic.

In the current implementation in src/runtime/utils/refreshHandler.ts, there's an inconsistency in how enablePeriodically and enableOnWindowFocus are handled. For enablePeriodically, there's a check for the authenticated state:

https://github.com/sidebase/nuxt-auth/blob/9295d1fe4f27d42c879862a48202f5b215fc0048/src/runtime/utils/refreshHandler.ts#L35-L42

However, for enableOnWindowFocus, no such check exists: https://github.com/sidebase/nuxt-auth/blob/9295d1fe4f27d42c879862a48202f5b215fc0048/src/runtime/utils/refreshHandler.ts#L72-L79 To resolve this issue and ensure consistency, we should add an authentication check for enableOnWindowFocus as well. A proposed solution is to add a condition like:

if (this.config?.enableOnWindowFocus && document.visibilityState === 'visible' && this.auth?.status.value !== 
'unauthenticated') {
  this.auth?.refresh()
}

This change would prevent unnecessary refresh attempts on unauthenticated pages and align the behavior with enablePeriodically. Thanks.

Additional context

No response

Logs

FetchError: [POST] "/app/main/api/auth/refresh": 403