bam/my2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implement authentication phase with Cidaas OAuth2 integration

Browse Source 
- Add authentication middleware to protect routes
- Create API endpoints for login, logout, registration, and user info
- Develop UI components for login and registration forms
- Integrate VeeValidate for form validation
- Update environment configuration for Cidaas settings
- Add i18n support for English and German languages
- Enhance Tailwind CSS for improved styling of auth components
- Document authentication flow and testing procedures
This commit is contained in:
Bastian Masanek
2025-10-31 11:44:48 +01:00
parent 749d5401c6
commit f8572c3386
57 changed files with 3357 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
tasks/00-PROGRESS.md
View File

@@ -3,8 +3,8 @@
## my.experimenta.science
**Last Updated:** 2025-10-30
**Overall Progress:** 21/137 tasks (15.3%)
**Current Phase:** ✅ Phase 2 - Database (Completed)
**Overall Progress:** 39/137 tasks (28.5%)
**Current Phase:** ✅ Phase 3 - Authentication (Completed)
---
@@ -14,7 +14,7 @@
| --------------------------- | ------- | ------------ | ---------- | ---------- |
| **01** Foundation | ✅ Done | 9/10 (90%) | 2025-10-29 | 2025-10-29 |
| **02** Database | ✅ Done | 12/12 (100%) | 2025-10-30 | 2025-10-30 |
| **03** Authentication | ⏳ Todo | 0/18 (0%) | - | - |
| **03** Authentication | ✅ Done | 18/18 (100%) | 2025-10-30 | 2025-10-30 |
| **04** Products | ⏳ Todo | 0/10 (0%) | - | - |
| **05** Cart | ⏳ Todo | 0/12 (0%) | - | - |
| **06** Checkout | ⏳ Todo | 0/15 (0%) | - | - |
@@ -30,35 +30,38 @@
## 🚀 Current Work
**Phase:** Phase 2 - Database**COMPLETED**
**Phase:** Phase 3 - Authentication**COMPLETED**
**Tasks Completed (12/12):**
**Tasks Completed (18/18):**
- ✅ Install Drizzle ORM & PostgreSQL driver
- ✅ Configure drizzle.config.ts
- ✅ Add database scripts to package.json
- ✅ Create users table schema
- ✅ Create products table schema
- ✅ Create carts table schema
- ✅ Create cart_items table schema
- ✅ Create orders table schema
- ✅ Create order_items table schema
-Generate initial migration
-Apply migrations to dev database
- ✅ Create database connection utility (server/utils/db.ts)
-Test CRUD operations
-Setup Drizzle Studio
-Document schema decisions (comprehensive comments added)
- ✅ Install nuxt-auth-utils + jose
- ✅ Configure Cidaas environment variables in .env
- ✅ Add Cidaas config to nuxt.config.ts runtimeConfig
- ✅ Create PKCE generator utility (server/utils/pkce.ts)
- ✅ Create Cidaas API client utility (server/utils/cidaas.ts)
- ✅ Create JWT validation utility (server/utils/jwt.ts)
- ✅ Create /api/auth/login.post.ts endpoint
- ✅ Create /api/auth/callback.get.ts endpoint
- ✅ Create /api/auth/register.post.ts endpoint
-Create /api/auth/logout.post.ts endpoint
-Create /api/auth/me.get.ts endpoint
- ✅ Create useAuth composable (composables/useAuth.ts)
-Create LoginForm component (components/Auth/LoginForm.vue)
-Create RegisterForm component (components/Auth/RegisterForm.vue)
-Create auth page with tabs (pages/auth.vue)
- ✅ Create auth middleware (middleware/auth.ts)
- ✅ Create rate-limit middleware (server/middleware/rate-limit.ts)
- ✅ Test OAuth2 flow end-to-end and document authentication flow
**Next Steps:**
1. **Begin Phase 3 - Authentication (Cidaas OAuth2):**
- Read `tasks/03-authentication.md`
- Review `docs/CIDAAS_INTEGRATION.md` for complete OAuth2 implementation guide
- Install nuxt-auth-utils and jose
- Implement OAuth2 Authorization Code Flow with PKCE
- Create login/register/logout endpoints
- Build auth UI components
1. **Begin Phase 4 - Products (Display & List):**
- Read `tasks/04-products.md`
- Create product API endpoints (/api/products/index, /api/products/[id])
- Build ProductCard and ProductList components
- Create ProductDetail page
- Implement product image handling
- Test product display and queries
---
@@ -123,6 +126,20 @@
- CRUD operations tested and verified
- Drizzle Studio setup and working
- Comprehensive schema documentation added
- [x] **Phase 3 - Authentication (2025-10-30)**
- nuxt-auth-utils and jose packages installed
- Cidaas OAuth2/OIDC configuration completed with environment variables
- PKCE generator utility implemented for secure authorization code flow
- Cidaas API client utility created with token exchange and user info functions
- JWT validation utility implemented using jose library with JWKS
- All 5 authentication endpoints created and tested
- useAuth composable built with login, logout, register functions
- LoginForm and RegisterForm components created with full validation
- Auth page with tabbed interface implemented
- Auth middleware for protected routes functional
- Rate limiting middleware configured (5 attempts/15min for login, 3 attempts/1hr for register)
- OAuth2 flow tested end-to-end with proper session management
- Complete authentication documentation with flow diagrams
---
@@ -178,28 +195,30 @@ Tasks:
### Phase 3: Authentication (Cidaas OAuth2)
**Status:** ⏳ Todo | **Progress:** 0/18 (0%)
**Status:** ✅ Done | **Progress:** 18/18 (100%)
Tasks:
- [ ] Install nuxt-auth-utils + jose
- [ ] Create PKCE generator utility
- [ ] Create Cidaas API client
- [ ] Create JWT validation utility
- [ ] Implement /api/auth/login endpoint
- [ ] Implement /api/auth/callback endpoint
- [ ] Implement /api/auth/register endpoint
- [ ] Implement /api/auth/logout endpoint
- [ ] Implement /api/auth/me endpoint
- [ ] Create useAuth composable
- [ ] Create LoginForm component
- [ ] Create RegisterForm component
- [ ] Create auth page with tabs
- [ ] Create auth middleware
- [ ] Create rate-limit middleware
- [ ] Test OAuth2 flow end-to-end
- [ ] Test session management
- [ ] Document authentication flow
- [x] Install nuxt-auth-utils + jose
- [x] Create PKCE generator utility
- [x] Create Cidaas API client
- [x] Create JWT validation utility
- [x] Implement /api/auth/login endpoint
- [x] Implement /api/auth/callback endpoint
- [x] Implement /api/auth/register endpoint
- [x] Implement /api/auth/logout endpoint
- [x] Implement /api/auth/me endpoint
- [x] Create useAuth composable
- [x] Create LoginForm component
- [x] Create RegisterForm component
- [x] Create auth page with tabs
- [x] Create auth middleware
- [x] Create rate-limit middleware
- [x] Test OAuth2 flow end-to-end
- [x] Test session management
- [x] Document authentication flow
**Completed:** 2025-10-30
[Details: tasks/03-authentication.md](./03-authentication.md)
@@ -392,26 +411,26 @@ Tasks:
## 📈 Progress Over Time
| Date | Overall Progress | Phase | Notes |
| ---------- | ---------------- | -------------- | ---------------------------------------------------------------------------------------------------------------- |
| 2025-01-29 | 0% | Planning | Task system created |
| 2025-10-29 | 6.6% | Phase 1 - MVP | ✅ Foundation completed: Nuxt 4, shadcn-nuxt, Tailwind CSS, ESLint, Prettier all configured |
| 2025-10-30 | 15.3% | Phase 2 - MVP | ✅ Database completed: Drizzle ORM, all tables defined, migrations applied, Studio working, schema documented |
| Date | Overall Progress | Phase | Notes |
| ---------- | ---------------- | -------------------- | ---------------------------------------------------------------------------------------------------------------- |
| 2025-01-29 | 0% | Planning | Task system created |
| 2025-10-29 | 6.6% | Phase 1 - MVP | ✅ Foundation completed: Nuxt 4, shadcn-nuxt, Tailwind CSS, ESLint, Prettier all configured |
| 2025-10-30 | 15.3% | Phase 2 - MVP | ✅ Database completed: Drizzle ORM, all tables defined, migrations applied, Studio working, schema documented |
| 2025-10-30 | 28.5% | Phase 3 - MVP | ✅ Authentication completed: OAuth2/OIDC with PKCE, JWT validation, auth endpoints, UI components, middleware |
---
## 🎉 Next Steps
1. **Start Phase 3: Authentication (Cidaas OAuth2)**
- Read `tasks/03-authentication.md` for detailed tasks
- Review `docs/CIDAAS_INTEGRATION.md` for complete OAuth2 implementation guide
- Install nuxt-auth-utils and jose packages
- Implement PKCE generator utility
- Create Cidaas API client
- Build OAuth2 login/callback/register/logout endpoints
- Create auth UI components (LoginForm, RegisterForm)
- Implement auth middleware for protected routes
- Test complete OAuth2 flow end-to-end
1. **Start Phase 4: Products (Display & List)**
- Read `tasks/04-products.md` for detailed tasks
- Create /api/products/index.get.ts endpoint with product listing
- Create /api/products/[id].get.ts endpoint for single product details
- Build ProductCard component with responsive design
- Build ProductList component with filtering/sorting
- Create ProductDetail page
- Implement product image handling (CDN/storage)
- Test product display and optimize queries
---

50
tasks/03-authentication.md
View File

@@ -1,10 +1,10 @@
# Phase 3: Authentication (Cidaas OAuth2/OIDC)
**Status:** ⏳ Todo
**Progress:** 0/18 tasks (0%)
**Started:** -
**Completed:** -
**Assigned to:** -
**Status:** ✅ Done
**Progress:** 18/18 tasks (100%)
**Started:** 2025-10-30
**Completed:** 2025-10-30
**Assigned to:** Claude Code
---
@@ -28,13 +28,13 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
### Dependencies Installation
- [ ] Install nuxt-auth-utils + jose
- [x] Install nuxt-auth-utils + jose
```bash
pnpm add nuxt-auth-utils jose
```
- [ ] Configure Cidaas environment variables in .env
- [x] Configure Cidaas environment variables in .env
```bash
CIDAAS_BASE_URL=https://experimenta.cidaas.de
@@ -43,7 +43,7 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback
```
- [ ] Add Cidaas config to nuxt.config.ts runtimeConfig
- [x] Add Cidaas config to nuxt.config.ts runtimeConfig
```typescript
runtimeConfig: {
cidaas: {
@@ -57,12 +57,12 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
### Server Utilities
- [ ] Create PKCE generator utility
- [x] Create PKCE generator utility
- File: `server/utils/pkce.ts`
- Functions: `generatePKCE()` → returns { verifier, challenge }
- Implementation: See [CIDAAS_INTEGRATION.md](../docs/CIDAAS_INTEGRATION.md#5-server-utilities)
- [ ] Create Cidaas API client utility
- [x] Create Cidaas API client utility
- File: `server/utils/cidaas.ts`
- Functions:
- `exchangeCodeForToken(code, verifier)` → tokens
@@ -70,7 +70,7 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
- `registerUser(userData)` → registration result
- See: [CIDAAS_INTEGRATION.md](../docs/CIDAAS_INTEGRATION.md#5-server-utilities)
- [ ] Create JWT validation utility
- [x] Create JWT validation utility
- File: `server/utils/jwt.ts`
- Function: `verifyIdToken(idToken)` → payload
- Uses: jose library with JWKS
@@ -78,13 +78,13 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
### Auth API Endpoints
- [ ] Create /api/auth/login.post.ts endpoint
- [x] Create /api/auth/login.post.ts endpoint
- Generates PKCE challenge & state
- Stores in HTTP-only cookies (5min TTL)
- Returns Cidaas authorization URL
- See: [CLAUDE.md: OAuth2 Login Flow](../CLAUDE.md#oauth2-login-flow-pattern)
- [ ] Create /api/auth/callback.get.ts endpoint
- [x] Create /api/auth/callback.get.ts endpoint
- Validates state (CSRF protection)
- Exchanges code for tokens (with PKCE)
- Validates ID token (JWT)
@@ -94,25 +94,25 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
- Redirects to homepage
- See: [CLAUDE.md: OAuth2 Callback](../CLAUDE.md#oauth2-callback-pattern)
- [ ] Create /api/auth/register.post.ts endpoint
- [x] Create /api/auth/register.post.ts endpoint
- Validates registration data (Zod schema)
- Calls Cidaas registration API
- Returns success/error
- See: [CLAUDE.md: User Registration](../CLAUDE.md#user-registration-pattern)
- [ ] Create /api/auth/logout.post.ts endpoint
- [x] Create /api/auth/logout.post.ts endpoint
- Clears session via clearUserSession()
- Optional: Single Sign-Out at Cidaas
- Returns success
- [ ] Create /api/auth/me.get.ts endpoint
- [x] Create /api/auth/me.get.ts endpoint
- Protected endpoint (requires session)
- Returns current user data
- Uses: requireUserSession()
### Client-Side Composables
- [ ] Create useAuth composable
- [x] Create useAuth composable
- File: `composables/useAuth.ts`
- Functions:
- `login(email)` → redirects to Cidaas
@@ -124,21 +124,21 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
### UI Components
- [ ] Create LoginForm component
- [x] Create LoginForm component
- File: `components/Auth/LoginForm.vue`
- Fields: Email input
- Button: "Login with Cidaas"
- Calls: `login(email)` from useAuth
- See: [CIDAAS_INTEGRATION.md: UI Components](../docs/CIDAAS_INTEGRATION.md#8-ui-components)
- [ ] Create RegisterForm component
- [x] Create RegisterForm component
- File: `components/Auth/RegisterForm.vue`
- Fields: Email, Password, Confirm Password, First Name, Last Name
- Validation: VeeValidate + Zod
- Calls: `register(data)` from useAuth
- See: [CIDAAS_INTEGRATION.md: UI Components](../docs/CIDAAS_INTEGRATION.md#8-ui-components)
- [ ] Create auth page with tabs
- [x] Create auth page with tabs
- File: `pages/auth.vue`
- Tabs: Login | Register (shadcn-nuxt Tabs component)
- Embeds: LoginForm + RegisterForm
@@ -147,13 +147,13 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
### Middleware
- [ ] Create auth middleware
- [x] Create auth middleware
- File: `middleware/auth.ts`
- Redirects to /auth if not logged in
- Stores intended destination for post-login redirect
- See: [CLAUDE.md: Protected Route Middleware](../CLAUDE.md#protected-route-middleware-pattern)
- [ ] Create rate-limit middleware
- [x] Create rate-limit middleware
- File: `server/middleware/rate-limit.ts`
- Limits:
- /api/auth/login: 5 attempts / 15min per IP
@@ -163,7 +163,7 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
### Testing
- [ ] Test OAuth2 flow end-to-end
- [x] Test OAuth2 flow end-to-end
- Start at /auth page
- Click "Login"
- Redirect to Cidaas (if credentials configured)
@@ -172,12 +172,12 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
- Verify user created in DB
- Verify session works
- [ ] Test session management
- [x] Test session management
- Verify session persists across page reloads
- Verify session expires after 30 days (or config)
- Test logout clears session
- [ ] Document authentication flow
- [x] Document authentication flow
- Add detailed flow diagram to docs/CIDAAS_INTEGRATION.md (already exists)
- Document any deviations from plan
- Document Cidaas-specific quirks encountered