Logo

dev-resources.site

for different kinds of informations.

Basic Authentication for Nuxt.js (JSON Web Token + Local Storage)

Published at
9/30/2024
Categories
authjs
jwt
webdev
nuxt
Author
elifnurturk
Categories
4 categories in total
authjs
open
jwt
open
webdev
open
nuxt
open
Author
11 person written this
elifnurturk
open
Basic Authentication for Nuxt.js (JSON Web Token + Local Storage)

Basic Authentication for Nuxt.js (JSON Web Token + Local Storage)

When developing a web application, ensuring security is essential. In this guide, we’ll explore how to set up a secure authentication flow using Prisma ORM and JSON Web Tokens (JWT) in NUXT 3 projects...

We'll implement a login mechanism that verifies user credentials and generates a JWT token. This token will be saved in localStorage, allowing the user to stay logged in across sessions. There will be two layouts in our application: a login layout for users who are not authenticated and a default layout for authenticated users.

Middleware will check for the presence of a valid token in localStorage on each request, ensuring users without a token are redirected to the login page. Logging out will be straightforward simply clearing the token from localStorage will log the user out and redirect them to the login page.

By following this approach, you’ll implement a basic bearer authentication system in your web application with server & client side guide. If you already have an API endpoint that provides a token upon successful login, you can skip the server-side setup and focus directly on the front-end operations.

Let’s start!

Server-Side setups

Assuming you’ve already set up Prisma and connected your database (or with any ORM tool), it’s time to refine your user model,

model Users {
Id Int @id @default(autoincrement())
Username String @unique
Password String
CreatedAt DateTime @default(now())
}

run the necessary migrations, create an user. The folder architecture will be like;

| components/
| layouts/
| middleware/
| pages/
| prisma/
| |- schema.prisma/
| server/
| |- api/
| | |- auth/
| | | |- login.post.js
|- app.vue
|- nuxt.config.ts
|- package.json

Let’s install required packages that “bcrypt” “jsonwebtoken” “jwt-decode”

npm install bcrypt jsonwebtoken jwt-decode

or

yarn add bcrypt jsonwebtoken jwt-decode
Enter fullscreen mode Exit fullscreen mode

You can create your own JWT token with a help of JWT token generator. The content of token is totally up to you.

/server/api/auth/login.post.js


    import { PrismaClient } from '@prisma/client';
    import bcrypt from 'bcrypt';
    import jwt from 'jsonwebtoken';

    const prisma = new PrismaClient();
    const JWT_SECRET = 'your_token'; // Replace with your secret key

    export default defineEventHandler(async (event) => {
      const { username, password } = await readBody(event);

      // Find the user in the database
      const user = await prisma.users.findUnique({
        where: { Username: username }
      });

      if (!user) {
        return { statusCode: 401, body: { success: false, message: 'Invalid username or password' } };
      }

      // Check if the password is correct
      const validPassword = await bcrypt.compare(password, user.Password);

      if (!validPassword) {
        return { statusCode: 401, body: { success: false, message: 'Invalid username or password' } };
      }

      // Create a JWT token
      const token = jwt.sign(
        { id: user.Id, username: user.Username }, 
        JWT_SECRET, 
        { expiresIn: '12h' } // Token expires in 12 hour
      );


      // Return the token to the frontend
      return { 
        statusCode: 200, 
        body: { 
          success: true, 
          message: 'Login successful', 
          token 
        } 
      };
    });
Enter fullscreen mode Exit fullscreen mode

This handler performs several key tasks: it first extracts the username and password from the request body, then queries the database to locate the user with the specified username. It verifies the provided password against the hashed password stored in the database. Upon successful validation, it generates a JSON Web Token (JWT) with a 48-hour expiration and returns this token to the frontend for subsequent authentication. If the credentials are invalid, it responds with a 401 status code and an appropriate error message.

Let’s fix nuxt.config.ts and check the API if it works.

export default defineNuxtConfig({
...
server: {
proxy: {
'/api': 'http://localhost:3000' // Adjust the port if your backend server is running on a different port
},
router: {
base: '/api'
},
},
router: {
middleware: ['auth']
},
...
});

And the Postman response be like,

It works well!

Client-Side Setups:

We can start by revisiting the file structure. With Prisma and server files already set up, the next steps involve defining layouts, forms, pages, and middleware. Let’s begin with setting up the two layout files.

| components/
| |- LoginForm.vue
| layouts/
| |- default.vue
| |- login.vue
| middleware/
| |- auth.js
| pages/
| |- index.vue
| |- login.vue
| prisma/
| server/
|- app.vue
|- nuxt.config.ts
|- package.json

/layouts/default.vue

    <template>
      <div v-if="isAuthenticated">
        <!-- You can add header footer sidebars etc. --> 
        <NuxtPage />
        <DialogWrapper />
      </div>
      <div v-else>
        <p>Loading...</p>
      </div>
    </template>

    <script setup>
    import { ref, onMounted } from "vue";
    import { useRouter } from "vue-router";
    import { DialogWrapper } from "vue3-promise-dialog";

    const router = useRouter();
    const isAuthenticated = ref(null); // Use null to distinguish between loading and not authenticated

    onMounted(() => {
      const token = localStorage.getItem("authToken");
      if (token) {
        isAuthenticated.value = true;
      } else {
        isAuthenticated.value = false;
        router.push("/login");
      }
    });
    </script>

*/layouts/login.vue*

You can hide all the side bars, panels, pages, header and footer if user is not authenticated.

Enter fullscreen mode Exit fullscreen mode
<template>
  <div>
    <NuxtPage />
    <DialogWrapper />
  </div>
</template>

<script setup>
import { useRouter } from "vue-router";
import { DialogWrapper } from "vue3-promise-dialog";
const router = useRouter();
const navigateToRoute = (route) => {
  router.push(route);
};
</script>
Enter fullscreen mode Exit fullscreen mode
*/app.vue*



Enter fullscreen mode Exit fullscreen mode
<script setup>
import { useRouter } from "vue-router";
import { DialogWrapper } from "vue3-promise-dialog";
const router = useRouter();
const navigateToRoute = (route) => {
  router.push(route);
};
</script>
Enter fullscreen mode Exit fullscreen mode
*/pages/index.vue*

    <template>
      <section>
        <div class="block">
          <h1>
            Welcome to your Web App!
          </h1>
          <button 
             @click="logout">Logout
          </button>
        </div>
      </section>
    </template>
    <script>
    export default {
      methods: {
        logout() {
          // Remove the auth token from localStorage
          localStorage.removeItem("authToken");
          // Redirect the user to the login page
          this.$router.push("/login");
        },
      },
    </script>
Enter fullscreen mode Exit fullscreen mode

/pages/login.vue


    <template>
      <section>
        <div >
          <LoginForm />
        </div>
      </section>
    </template>
    <script>
    definePageMeta({
      layout: "login",
    });
    export default {};
    </script>
Enter fullscreen mode Exit fullscreen mode

Page setups are completed! We can now proceed with implementing the login functionality. A crucial step is to extract the token from the login response and store it in local storage. This ensures that the token is available for authenticating future requests.

/components/LoginForm.vue


    <template>
      <div>
        <form @submit.prevent="signIn">
            <div>
              <label for="username">Username</label
              >
              <input
                type="text"
                id="username"
                v-model="Username"
                required
                class="w-full"
              />
            </div>
            <div>
              <label for="password">Password</label
              >
              <input
                type="password"
                id="password"
                v-model="Password"
                required
                class="w-full"
              />
            </div>
            <button
              type="submit"
              class="w-full"
            >
              Sign in
            </button>
          </form>
      </div>
    </template>

    <script>
    export default {
      data() {
        return {
          Username: "",
          Password: "",
        };
      },

      methods: {
        async signIn() {
          try {
            const response = await fetch("/api/auth/login", {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
              },
              body: JSON.stringify({
                username: this.Username,
                password: this.Password,
              }),
            });

            const data = await response.json();
            if (data.statusCode === 200) {
              // Set the token in local storage
              localStorage.setItem("authToken", data.token);
              alert("Login is successful");
              this.$router.push("/");
            } else {
              console.log("Login failed:", data.message);
              alert("Username or password is invalid");
            }
          } catch (error) {
            console.error("Error during login:", error);
            alert("Error during login. Please try again.");
          }
        },
      },
    };
    </script>
Enter fullscreen mode Exit fullscreen mode

Time for middleware/auth.js file. Essentially, it ensures that only users with a valid token can access to some pages of the application.

/middleware/auth.js

    //middleware/auth.js

    import * as jwtDecode from 'jwt-decode';

    export default defineNuxtRouteMiddleware((to, from) => {
      const token = localStorage.getItem('authToken');

      if (token) {
        try {
          const decodedToken = jwtDecode(token);
          const currentTime = Date.now() / 1000;

          if (decodedToken.exp < currentTime) {
            localStorage.removeItem('authToken');
            return navigateTo('/login');
          }
        } catch (error) {
          // Handle token decoding error
          localStorage.removeItem('authToken');
          return navigateTo('/login');
        }
      } else if (to.name !== 'login') {
        return navigateTo('/login');
      }
    });

Enter fullscreen mode Exit fullscreen mode

This middleware function handles JWT authentication by:

  • Retrieving the JWT token from localStorage.

  • Decoding and verifying the token’s expiration.

  • If expired, it removes the token and redirects to the login page.

  • If decoding fails, it also removes the token and redirects to the login page.

  • Redirecting unauthenticated users to the login page if no valid token is found.

  • In essence, it ensures only users with a valid, non-expired token can access protected routes.

However, it’s important to note that this setup only addresses front-end authentication. If your application has server-side endpoints for managing user sessions or access control, you’ll need to implement additional server-side middleware to handle API safety.

See you in next article!

authjs Article's
30 articles in total
Favicon
Authentication System Using NodeJS
Favicon
Add Authjs to Next.js 15 app router with GitHub Authentication
Favicon
Master Authentication with Auth.js, Next.js, and PostgreSQL: A Comprehensive Guide
Favicon
Nuxt Authorization: How to Implement Team Role-Based Access Control in Nuxt 3
Favicon
Mastering Authentication in Next.js: A Step-by-Step Guide to GitHub Login with Auth.js
Favicon
User Authentication with Auth.js in Next.js App Router
Favicon
Lucia Auth is getting deprected
Favicon
Integrating GitHub Authentication with NextAuth.js: A Step-by-Step Guide
Favicon
Simple Next.js Magic Link JWT Authentication with Prisma, PostgreSQL, and Resend
Favicon
Password Authentication with Auth.js in Astro and Customizing Session Information (auth-astro)
Favicon
Basic Authentication for Nuxt.js (JSON Web Token + Local Storage)
Favicon
Implementing Federated Sign-Out with Auth.js in Next.js 14 App Router
Favicon
Integrating LinkedIn Authentication with NextAuth.js: A Step-by-Step Guide
Favicon
Implementing auth.js v5 with Prisma and Supabase in Next.js
Favicon
Auth, OAuth, and Auth0: What is what?
Favicon
JWT Authentication and Cookie Management in Web Applications
Favicon
🚀 Exciting News!
Favicon
Data Persistence (Cookies, Sessions, Tokens, LocalStorage and SessionStorage)
Favicon
Fashion website
Favicon
The Firebase Shortcut: Simplifying Next.js Authentication
Favicon
Authentication system in Next.Js using Auth.js
Favicon
Roles based authentication using Nextauth and next.js
Favicon
Authentication & Authorization
Favicon
Top User Authentication Tools for Developers
Favicon
Comprehensive Guide to SvelteKitAuth: Secure Authentication for SvelteKit Apps
Favicon
Building a Secure OTP-based Login System in Next.js
Favicon
Implementing Secure Authentication in Next.js with JWT and MongoDB. Protect Routes using middleware
Favicon
Next.js 14 and NextAuth v4 : Credentials Authentication A Detailed Step-by-Step Guide
Favicon
Building a Secure OTP-based Login System in Next.js
Favicon
Web3Auth(次のjs)を使用したXRP Ledgerアカウントの作成:ステップバイステップガイド

Featured ones: