Gate the app behind Google sign-in restricted to verified @theodo.com identities, and record the real reporter on filed defects (F9). - nuxt-auth-utils for sealed cookie sessions + the Google OAuth handler, mounted at /auth/google/callback to match the registered redirect URI. - isAllowedGoogleUser re-derives the domain from Google's verified email; the spoofable `hd` claim is deliberately ignored (DESIGN T9). - Default-deny: server middleware 401s unauthenticated /api calls (health and the session endpoint excepted); a global route middleware redirects unauthenticated page navigations to /login. - getReporter() now reads the session email instead of the dev stub. - Env contract moves to nuxt-auth-utils names (NUXT_SESSION_PASSWORD, NUXT_OAUTH_GOOGLE_*); .env.example, compose and README updated. Unit-tested: domain check (incl. hd-spoof + look-alike) and public-path matching. Live OAuth round-trip pending manual verification.
27 lines
853 B
TypeScript
27 lines
853 B
TypeScript
// https://nuxt.com/docs/api/configuration/nuxt-config
|
|
import tailwindcss from '@tailwindcss/vite'
|
|
|
|
export default defineNuxtConfig({
|
|
compatibilityDate: '2025-07-15',
|
|
devtools: { enabled: true },
|
|
modules: ['@nuxt/eslint', '@nuxt/test-utils/module', 'nuxt-auth-utils'],
|
|
css: ['~/assets/css/main.css'],
|
|
// Tailwind v4 integrates as a Vite plugin (no @nuxtjs/tailwindcss module).
|
|
vite: {
|
|
plugins: [tailwindcss()],
|
|
},
|
|
app: {
|
|
head: {
|
|
// DaisyUI theme is selected via data-theme on the root element.
|
|
htmlAttrs: { 'data-theme': 'light' },
|
|
link: [
|
|
{ rel: 'preconnect', href: 'https://api.fonts.coollabs.io' },
|
|
{
|
|
rel: 'stylesheet',
|
|
href: 'https://api.fonts.coollabs.io/css2?family=Cutive+Mono&family=Playfair+Display:wght@400;700;800&display=swap',
|
|
},
|
|
],
|
|
},
|
|
},
|
|
})
|