How to check if request to API endpoint is internal or external?
I have custom API endpoints under
/api protected using nuxt-auth-utils and a server middleware which uses requireUserSession() for all routes under /api. I wish to omit one of these routes from requiring a cookie (logged-in session) ONLY if the request is an internal request, that is, if it was made by either the server (nitro) or the client (nuxt). Is there a deterministic way of checking if a request is an internal request coming from within the app (nuxt and/or nitro)? I already searched through the nuxt, nitro and h3 docs and couldn't find anyting. I would also like to avoid using e.g. "Referer" header which is not 100% deterministic and still only comes from client requests2 Replies
Hi @mrk. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
To answer your question about checking if a request to an API endpoint is internal or external in a Nuxt application, I'm afraid I don't have enough specific information in the provided knowledge sources to give you a definitive solution. The documents don't contain direct information about distinguishing between internal and external requests in the way you've described.
However, I can provide some related information that might be helpful:
1. Nuxt provides ways to access request headers and information. You could potentially use
useRequestHeaders (https://nuxt.com/docs/api/composables/use-request-headers) or useRequestHeader (https://nuxt.com/docs/api/composables/use-request-header) to examine the headers of incoming requests. However, this doesn't directly solve the problem of distinguishing internal from external requests.
2. For server-side operations, you can use utilities like getRequestIP (https://h3.unjs.io/utils/request#getrequestipevent) or getRequestHost (https://h3.unjs.io/utils/request#getrequesthostevent-opts-xforwardedhost) to get information about the request. Again, this doesn't directly solve your specific problem but might be useful in crafting a solution.
3. You mentioned using nuxt-auth-utils and requireUserSession(). These are not covered in the provided knowledge sources, so I can't provide specific advice about how they might interact with your desired solution.
Given the complexity of your requirement and the lack of a direct solution in the provided information, you might need to explore custom solutions or consult more specific Nuxt or Nitro documentation. You could potentially consider setting a custom header for internal requests, but this would require careful implementation to ensure it can't be spoofed by external requests.
I apologize that I couldn't provide a more concrete solution to your specific question. If you need more detailed information, you might want to consult the official Nuxt, Nitro, or H3 documentation directly or reach out to their community forums for more specialized advice.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@802231325141893210> Kapa.ai is still learning and improving, please let me know how I did by reacting below.