Nuxt Auto CRUD Template

Authentication & Security

Strategic configuration for Session/JWT auth and template-level social identity.

The nuxt-auto-crud stack provides a dual-layer security model. The Core Engine handles low-level session/JWT verification and RBAC enforcement, while the Template Implementation manages OAuth2 flows and password lifecycle management.

πŸ›‘οΈ Identity Strategies Core Engine

The engine supports two primary authentication modes defined in nuxt.config.ts.

ModeUse CaseRequirements
SessionFullstack Nuxt applications.nuxt-auth-utils, nuxt-authorization.
JWTHeadless / API-only deployments.NUXT_JWT_SECRET env variable.

Session Configuration

autoCrud: {
  auth: {
    type: 'session',
    authentication: true, // Middleware user session check
    authorization: true    // Granular RBAC checks via nuxt-authorization
  }
}

πŸ”‘ Social Identity Template Implementation

The reference template utilizes nuxt-auth-utils for seamless OAuth2 integration.

OAuth2 Provider Mapping

Configure identity providers in runtimeConfig.oauth:

  • GitHub: NUXT_OAUTH_GITHUB_CLIENT_ID / _SECRET
  • Google: NUXT_OAUTH_GOOGLE_CLIENT_ID / _SECRET

πŸ“§ Password Lifecycle Template Implementation

Security flows for password recovery are pre-integrated using Resend.

FeatureLocal DevProduction
CaptureLogs to Server ConsoleSends via Resend API
StorageSQLite users tableSQLite users table
TokenSigned JWE/UUIDSigned JWE/UUID

Email Configuration

Ensure environment variables are set for email delivery:

NUXT_EMAIL_FROM=noreply@example.com
NUXT_RESEND_API_KEY=re_123456789

🚦 Authorization Flow

All API requests follow a strict sequential check:

  1. Authentication: Is the user valid?
  2. Resource Check: Does the model exist?
  3. RBAC Check: Does the user's role have the action (create/read/etc) permission for this resource?
  4. Ownership Check: If action_own is assigned, does the createdBy ID match the current user?

Module Configuration

Detailed reference for nuxt-auto-crud module options, including schema pathing and authentication integration.

Resource Policy & Visibility

Defining serialization boundaries and API visibility for resources.