Auth middleware invoked on 404 Errors for static assets in _nuxt folder

[martinsbuss]

Environment

• Operating System: Darwin
• Node Version: v20.18.1
• Nuxt Version: 3.15.2
• CLI Version: 3.20.0
• Nitro Version: 2.10.4
• Package Manager: [email protected]
• Builder: -
• User Config: compatibilityDate, devtools, modules
• Runtime Modules: @sidebase/[email protected]
• Build Modules: -

Reproduction

nuxt.config.ts:

export default defineNuxtConfig({
  compatibilityDate: '2024-11-01',
  devtools: { enabled: true },
  modules: ['@sidebase/nuxt-auth'],
  auth: {
    baseURL: 'http://localhost:8000/api/',
    provider: {
      type: 'local',
      pages: {
        login: '/login',
      },
      endpoints: {
        signIn: { path: 'user/login', method: 'post' },
        signOut: { path: 'user/logout', method: 'post' },
        signUp: { path: 'user/register', method: 'post' },
        getSession: { path: 'user', method: 'get' },
      },
    }
  }
})

1. Log in as any user.
2. Open any static asset in the _nuxt folder (e.g., /_nuxt/foo-bar.js).
3. If the asset doesn't exist on the server:

• Nuxt returns a 404 error.
• Before returning the error, it initializes the nuxt instance and calls the API endpoint to retrieve user data for each non-existent file.

Describe the bug

When Nuxt accesses static assets in the _nuxt folder:

• If the file exists, Nuxt serves its content as expected.
• If the file does not exist (e.g., after deployment), Nuxt returns a 404 error but first:
  • Initializes an instance of the auth middleware.
  • Makes an API request to fetch authenticated user data, even though this is unnecessary for static assets.

This behavior can result in a significant number of redundant API calls when multiple missing files are requested (e.g., during deployment or cache misses). If 10 JavaScript files result in 404 errors (e.g., after deployment), this could trigger 10 API calls to the getSession endpoint specified in the Nuxt configuration.

Additional context

A temporary workaround involves disabling server-side authentication for static routes in the Nuxt configuration.

Example Configuration:

export default defineNuxtConfig({
  compatibilityDate: '2024-11-01',
  devtools: { enabled: true },
  modules: ['@sidebase/nuxt-auth'],
  nitro: {
    routeRules: {
      '/_nuxt/**': {
        auth: {
          disableServerSideAuth: true,
        },
      },
    },
  },  
  auth: {
    baseURL: 'http://localhost:8000/api/',
    provider: {
      type: 'local',
      pages: {
        login: '/login',
      },
      endpoints: {
        signIn: { path: 'user/login', method: 'post' },
        signOut: { path: 'user/logout', method: 'post' },
        signUp: { path: 'user/register', method: 'post' },
        getSession: { path: 'user', method: 'get' },
      },
    },
  },
});

Logs