fix(webapp): localize footer/menu and harden auth routes

2026-04-21 11:16:27 +07:00
parent 54aac790ee
commit 84deb2d1bc
6 changed files with 74 additions and 24 deletions
--- a/server/middleware/00-logto.ts
+++ b/server/middleware/00-logto.ts
@@ -23,6 +23,28 @@ const RESOURCES = [
  'https://billing.optovia.ru'
 ]

+const LOCALE_CODES = ['ru', 'en'] as const
+
+function resolveLocalizedPath(pathname: string) {
+  const trimmed = pathname === '/' ? '/' : pathname.replace(/\/+$/, '') || '/'
+  const segments = trimmed.split('/').filter(Boolean)
+  const firstSegment = segments[0]
+
+  if (firstSegment && LOCALE_CODES.includes(firstSegment as (typeof LOCALE_CODES)[number])) {
+    const normalized = `/${segments.slice(1).join('/')}` || '/'
+    const normalizedPath = normalized === '//' ? '/' : normalized
+    return {
+      localePrefix: `/${firstSegment}`,
+      normalizedPath: normalizedPath || '/',
+    }
+  }
+
+  return {
+    localePrefix: '',
+    normalizedPath: trimmed,
+  }
+}
+
 const createSessionWrapper = (event: H3Event) => {
  const storage = useStorage('logto')
  let currentSessionId = ''
@@ -60,16 +82,19 @@ const createSessionWrapper = (event: H3Event) => {
 }

 export default defineEventHandler(async (event) => {
-  const endpoint = process.env.NUXT_LOGTO_ENDPOINT || 'https://auth.optovia.ru'
-  const appId = process.env.NUXT_LOGTO_APP_ID || ''
-  const appSecret = process.env.NUXT_LOGTO_APP_SECRET || ''
+  const endpoint = process.env.NUXT_LOGTO_ENDPOINT || process.env.LOGTO_ENDPOINT || 'https://auth.optovia.ru'
+  const appId = process.env.NUXT_LOGTO_APP_ID || process.env.LOGTO_APP_ID || process.env.LOGTO_CLIENT_ID || ''
+  const appSecret = process.env.NUXT_LOGTO_APP_SECRET || process.env.LOGTO_APP_SECRET || process.env.LOGTO_CLIENT_SECRET || ''
+  const url = getRequestURL(event)
+  const { localePrefix, normalizedPath } = resolveLocalizedPath(url.pathname)

  if (!appId || !appSecret) {
+    if (normalizedPath === '/sign-in' || normalizedPath === '/sign-out' || normalizedPath === '/callback') {
+      await sendRedirect(event, localePrefix || '/', 302)
+    }
    return
  }

-  const url = getRequestURL(event)
-
  if (getCookie(event, LEGACY_COOKIE_NAME)) {
    setCookie(event, LEGACY_COOKIE_NAME, '', { path: '/', maxAge: 0 })
  }
@@ -113,21 +138,23 @@ export default defineEventHandler(async (event) => {
    }
  )

-  if (url.pathname === '/sign-in') {
+  if (normalizedPath === '/sign-in') {
+    const callbackPath = `${localePrefix}/callback`
    await logto.signIn({
-      redirectUri: new URL('/callback', url).href
+      redirectUri: new URL(callbackPath || '/callback', url).href
    })
    return
  }

-  if (url.pathname === '/sign-out') {
-    await logto.signOut(new URL('/', url).href)
+  if (normalizedPath === '/sign-out') {
+    const homePath = localePrefix || '/'
+    await logto.signOut(new URL(homePath, url).href)
    return
  }

-  if (url.pathname === '/callback') {
+  if (normalizedPath === '/callback') {
    await logto.handleSignInCallback(url.href)
-    await sendRedirect(event, '/', 302)
+    await sendRedirect(event, localePrefix || '/', 302)
    return
  }