Menttis
Menttis
PostsComments
NNuxt
Created by Menttis on 11/23/2024 in #❓・help
Nuxt turnstile module server side verification in cloudflare pages
Hello, I'm having some trouble with turnstile module. I have this working well in local development, but when I transfer the code to cloudlfare pages the "verifyTurnstileToken" does not seem to work. The ENV is clearly ok, cause I get from the front end the token and it is verified in both environments. So the there's something different going on in the server side on cloudflare pages. 
import protectedRouteAnon from '~/server/protectedRouteAnon'
import { serverSupabaseServiceRole } from '#supabase/server'

export default defineEventHandler(async (event) => {
    await protectedRouteAnon(event);
    const body = await readBody(event)
    const client = serverSupabaseServiceRole(event)
    const runtimeConfig = useRuntimeConfig(event)
    const base_url = runtimeConfig.public.API_HOSTNAME
    const { token } = await readBody(event)

    if (!token) {
        throw createError({
          statusCode: 422,
          statusMessage: 'Token not provided.',
        })
      }

    const tokenResult = await verifyTurnstileToken(token)


    console.log('TOKEN: ' + token) // This logs in both environments
    console.log('TOKEN RESULT: ' + tokenResult.success) // This logs in local but not in cloudlfare pages
 

    if (tokenResult.success){
        try {
            const { data, error } = await client.auth.signInWithOtp({
                email: body?.email,
                options: {
                    emailRedirectTo: base_url+'new-company/confirm',
                    data: {
                        name: body?.name,
                        role: 'logintemp',
                    }
                    }
            })
                if (error) throw error
                else{
                    return tokenResult.success
                }
            }
            catch (error) {
                return { error: error }
            } 
    }
    else{
        return false
    }

})
import protectedRouteAnon from '~/server/protectedRouteAnon'
import { serverSupabaseServiceRole } from '#supabase/server'

export default defineEventHandler(async (event) => {
    await protectedRouteAnon(event);
    const body = await readBody(event)
    const client = serverSupabaseServiceRole(event)
    const runtimeConfig = useRuntimeConfig(event)
    const base_url = runtimeConfig.public.API_HOSTNAME
    const { token } = await readBody(event)

    if (!token) {
        throw createError({
          statusCode: 422,
          statusMessage: 'Token not provided.',
        })
      }

    const tokenResult = await verifyTurnstileToken(token)


    console.log('TOKEN: ' + token) // This logs in both environments
    console.log('TOKEN RESULT: ' + tokenResult.success) // This logs in local but not in cloudlfare pages
 

    if (tokenResult.success){
        try {
            const { data, error } = await client.auth.signInWithOtp({
                email: body?.email,
                options: {
                    emailRedirectTo: base_url+'new-company/confirm',
                    data: {
                        name: body?.name,
                        role: 'logintemp',
                    }
                    }
            })
                if (error) throw error
                else{
                    return tokenResult.success
                }
            }
            catch (error) {
                return { error: error }
            } 
    }
    else{
        return false
    }

})
Any ideas would be greatly appreciated!
6 replies
NNuxt
Created by Menttis on 5/31/2024 in #❓・help
Server middleware secure with Nuxt/Supabase module
Hello, I'm trying to secure Nuxt server API route with middleware, using Nuxt/Supabase module. I have Supabase setup to use roles (RBAC), the goal is to have the JWT decoded from the session. This is working fine on the client side and in Pinia store with jwt-decode. For some reason the serverSupabaseUser and serverSupabaseSession returns empty. So I can't access the data. The user is logged in and I can see the user object just fine on the client side. Any ideas why this the user and session logs empty with code below? 
import { serverSupabaseClient } from '#supabase/server'
import { serverSupabaseUser } from '#supabase/server'
import { serverSupabaseSession } from '#supabase/server'

export default defineEventHandler(async (event) => {
    const supabase = await serverSupabaseClient(event);
    const user = await serverSupabaseUser(event)
    const session = await serverSupabaseSession(event)

   console.log('USER ' + JSON.stringify(user)) // Returns empty object, or null if no .stringify
   console.log('SESSION' + JSON.stringify(session)); // Returns empty object, or null if no .stringify

})
import { serverSupabaseClient } from '#supabase/server'
import { serverSupabaseUser } from '#supabase/server'
import { serverSupabaseSession } from '#supabase/server'

export default defineEventHandler(async (event) => {
    const supabase = await serverSupabaseClient(event);
    const user = await serverSupabaseUser(event)
    const session = await serverSupabaseSession(event)

   console.log('USER ' + JSON.stringify(user)) // Returns empty object, or null if no .stringify
   console.log('SESSION' + JSON.stringify(session)); // Returns empty object, or null if no .stringify

})
1 replies