N
Nuxt2mo ago
Braňo

Supabase module

Hi I am trying to exclude server endpoint verification but I am not sure how to exclude only GET request but keep other methods guarded
2 Replies
kapa.ai
kapa.ai2mo ago
Hi @Braňo. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- I understand you're working with the Nuxt Supabase module and want to exclude authentication verification for GET requests while keeping other HTTP methods (like POST, PUT, etc.) protected. Based on the knowledge sources, you can use H3's isMethod utility to check the request method in your server middleware or API route handlers. Here's how you can implement this: Create a server middleware file to handle authentication checks: 
// server/middleware/auth.ts
import { defineEventHandler, isMethod } from 'h3'

export default defineEventHandler(async (event) => {
  // Skip authentication for GET requests
  if (isMethod(event, 'GET')) {
    return
  }
  
  // For all other methods, require authentication
  // You can use the requireUserSession utility or your own auth check
  const { user } = await requireUserSession(event)
  
  // If no error was thrown by requireUserSession, the request can proceed
})
// server/middleware/auth.ts
import { defineEventHandler, isMethod } from 'h3'

export default defineEventHandler(async (event) => {
  // Skip authentication for GET requests
  if (isMethod(event, 'GET')) {
    return
  }
  
  // For all other methods, require authentication
  // You can use the requireUserSession utility or your own auth check
  const { user } = await requireUserSession(event)
  
  // If no error was thrown by requireUserSession, the request can proceed
})
This middleware will allow GET requests to pass through without authentication checks, while all other HTTP methods (POST, PUT, DELETE, etc.) will require a valid user session. If you're using the Supabase module's redirect options, you might also need to adjust those settings in your nuxt.config.ts file to ensure they align with your authentication strategy: 
// nuxt.config.ts
export default defineNuxtConfig({
  supabase: {
    redirectOptions: {
      login: '/login',
      callback: '/confirm',
      exclude: [
        // Add paths that should be excluded from authentication checks
        // You can use patterns to exclude specific routes
      ],
    },
  },
})
// nuxt.config.ts
export default defineNuxtConfig({
  supabase: {
    redirectOptions: {
      login: '/login',
      callback: '/confirm',
      exclude: [
        // Add paths that should be excluded from authentication checks
        // You can use patterns to exclude specific routes
      ],
    },
  },
})
Remember that client-side middleware is helpful for user experience, but server-side protection is critical for securing your data, as mentioned in the Sessions and Authentication guide. Hope this helps with your Supabase authentication setup! ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai2mo ago
<@295133408101924865> Kapa.ai is still learning and improving, please let me know how I did by reacting below.

Did you find this page helpful?