The server route are not protected by basicAuth

[Applelo]

Version

nuxt-security: 1.0.0-rc.2
nuxt: 3.8

Reproduction Link

Reproduction on StackBlitz

Steps to reproduce

I tried to protect my server route with basicAuth option with the include parameter but I don't have any prompt shown.

What is Expected?

The server route should be protected by basicAuth

What is actually happening?

The route is not protected by the basicAuth

[Baroshem]

Hey,

The Basic Auth in the module is supposed to protect certain routes (like /secret-route), not api endpoints.

If you want to protect api endpoints, I think the better solution might be just setting some secret param that must be passed, otherwise the request will be blocked wit unauthorized. This param can be set in the application by either environment variable or private runtime config.

Let me know if that works for you.

[Applelo]

Yes It's already implemented on my side, I was expected to use nuxt-security instead of my custom server middleware :)
It's something you can imagine in the future or not ? Just asking if I can make a PR (if I found time) to resolve this issue and support api route ?

[Baroshem]

I think we could add this feature. I am just wondering how it could be implemented as api endpoints can work a bit different than routes.

But if you have an idea already, please feel free to create a Proof of Concept PR with it. I will be happy to assist you and review it :)

[Baroshem]

@Applelo

Would you like to contribute? :)

[Applelo]

Yeah of course, I just need to find time between my own project :)

[Baroshem]

Ah good! Let me know if you need anything from my side. I am planning to release a new version tomorrow (1.0.0-rc.4) and later one more RC version and stable 1.0.0 version.

So ideally I would like your fix to be added to the next 1.0.0-rc.5 version or later in 1.0.1 for example :)

[Baroshem]

Hey @Applelo

I will convert this but into a feature request and wait for your contribution. If you need any help with that, just let me know and I will do my best to help :)

[Baroshem]

Hey @Applelo

Do you need any help from us to implement this feature? :)

[Applelo]

Hi @Baroshem, I don't need help thanks for asking :) I have a lot of work currently in my job and to maintain my projects so I don't had the chance to look how to implement the feature yet.