sidebase · zoey-kaiser · Aug 9, 2024 · Aug 9, 2024 · Aug 9, 2024 · Aug 10, 2024
diff --git a/docs/guide/local/quick-start.md b/docs/guide/local/quick-start.md
@@ -14,7 +14,7 @@ The entire configuration for the `local` provider is contained inside the `nuxt.
 export default defineNuxtConfig({
   modules: ['@sidebase/nuxt-auth'],
   auth: {
-    baseURL: '/api/auth',
+    baseURL: '/api/auth', // or an external url: (e.g. https://auth.example.com/api/auth)
     provider: {
       type: 'local'
     }

diff --git a/src/module.ts b/src/module.ts
@@ -107,9 +107,7 @@ export default defineNuxtModule<ModuleOptions>({
     const logger = useLogger(PACKAGE_NAME)
 
     // 0. Assemble all options
-    const { origin, pathname = '/api/auth' } = getOriginAndPathnameFromURL(
-      userOptions.baseURL ?? ''
-    )
+    const { origin, pathname = '/api/auth' } = getOriginAndPathnameFromURL(userOptions.baseURL ?? '')
 
     const selectedProvider = userOptions.provider?.type ?? 'authjs'
 

diff --git a/src/runtime/composables/commonAuthState.ts b/src/runtime/composables/commonAuthState.ts
@@ -34,25 +34,34 @@ export function makeCommonAuthState<SessionData>() {
 
   // Determine base url of app
   let baseURL
+  const determinedOrigin = getURL(useRequestEvent()?.node.req, false)
   const { origin, pathname, fullBaseUrl } = useRuntimeConfig().public.auth.computed
   if (origin) {
     // Case 1: An origin was supplied by the developer in the runtime-config. Use it by returning the already assembled full base url that contains it
     baseURL = fullBaseUrl
   }
   else {
     // Case 2: An origin was not supplied, we determine it from the request
-    const determinedOrigin = getURL(useRequestEvent()?.node.req, false)
     baseURL = joinURL(determinedOrigin, pathname)
   }
 
+  // Determine if the API is internal. This is the case if:
+  // - no `ORIGIN` was provided
+  // - the provided `ORIGIN` matches the `determinedOrigin` of the app
+  let isBaseURLInternal = false
+  if (!origin || origin === determinedOrigin) {
+    isBaseURLInternal = true
+  }
+
   return {
     data,
     loading,
     lastRefreshedAt,
     status,
     _internal: {
       baseURL,
-      pathname
+      basePath: pathname,
+      isBaseURLInternal
     }
   }
 }
diff --git a/src/runtime/composables/local/useAuthState.ts b/src/runtime/composables/local/useAuthState.ts
@@ -23,7 +23,8 @@ export interface UseAuthStateReturn extends CommonUseAuthStateReturn<SessionData
   clearToken: () => void
   _internal: {
     baseURL: string
-    pathname: string
+    basePath: string
+    isBaseURLInternal: boolean
     rawTokenCookie: CookieRef<string | null>
   }
 }

diff --git a/src/runtime/types.ts b/src/runtime/types.ts
@@ -516,15 +516,22 @@ export interface CommonUseAuthReturn<SignIn, SignOut, GetSession, SessionData> {
   getSession: GetSession
   refresh: () => Promise<unknown>
 }
-
+/**
+ * Common values required for all providers
+ *
+ * @remark basePath: The `basePath` for the API without an `origin`
+ * @remark baseURL: The `basePath` combined with an `origin` (provided via config or determined)
+ * @remark isBaseURLInternal: Is the origin provided in `baseURL` the same as that of the Nuxt app?
+ */
 export interface CommonUseAuthStateReturn<SessionData> {
   data: WrappedSessionData<SessionData>
   loading: Ref<boolean>
   lastRefreshedAt: Ref<SessionLastRefreshedAt>
   status: ComputedRef<SessionStatus>
   _internal: {
     baseURL: string
-    pathname: string
+    basePath: string
+    isBaseURLInternal: boolean
   }
 }
 

diff --git a/src/runtime/utils/url.ts b/src/runtime/utils/url.ts
@@ -1,20 +1,16 @@
-import { joinURL } from 'ufo'
+import { withBase } from 'ufo'
 import getURL from 'requrl'
 import { sanitizeStatusCode } from 'h3'
 import type { ModuleOptionsNormalized } from '../types'
 import { abortNavigation, useAuthState, useNuxtApp, useRequestEvent } from '#imports'
 
 export const getRequestURL = (includePath = true) => getURL(useRequestEvent()?.node.req, includePath)
 export function joinPathToApiURL(path: string) {
-  const authStateInternal = useAuthState()._internal
+  const { baseURL, basePath, isBaseURLInternal } = useAuthState()._internal
 
-  // For internal calls, use a different base
-  // https://github.com/sidebase/nuxt-auth/issues/742
-  const base = path.startsWith('/')
-    ? authStateInternal.pathname
-    : authStateInternal.baseURL
-
-  return joinURL(base, path)
+  // For internal calls, do not include the `ORIGIN`
+  const base = isBaseURLInternal ? basePath : baseURL
+  return withBase(path, base)
 }
 
 /**