Hi have you try to use logout functionality, because I have some problems with that.
When I dispatching me.$store.dispatch("auth/reset") I ended up with endless loop inside auth midleware on line
return redirect("/login");
Can you please give me any hints what the problem it could be?

So I have created a post.vue page where I can submit text and title to the server. I am getting 500 response which indicates I am not providing token to the post request.

If I remove the need for a token on server side, I successfully post and create a new record in the db.

I have tried everything to submit with the header and auth token however now I am without the ideas of what to do in order to resolve this issue.

Any ideas / help please?

edit: This page is available only to already logged in users.

Thanks

Since my back end expects Authorization Bearer token, I changed x-access-token to Authorization. Everything works fine but on refresh, token is lost and it logs me out.

What am I missing?

Help, please! :)

Hey @Kasheftin thanks for this guide, it is absolutely awesome.

I've found a bug (maybe it's not?) where full page reloads within admin are causing this line:

The problem seems to be that this line:

Consequence is that commit('set_user', response.data.result) is never committed and const userIsLoggedIn = !!store.state.auth.user becomes false.

What are your thoughts?

Hi and first, thank you for your tutorial.
I try to dockerize your app and I am stuck with this error:
XMLHttpRequest at '' has been blocked by CORS policy when I click on login
I have 4 containers:

• Frontend (nuxt)
• Backend (node)
• Database
• nginx proxy

run with docker-compose

I modified slightly your code by adding npm cors package to allow cors in backend/server.js

var corsOptions = {
 "origin": "*",
 "methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
 "allowedHeaders": ['Content-Type, Content-Length, x-access-token'],
 "preflightContinue": true,
 "optionsSuccessStatus": 204
}
const app = express()
app.use(cors(corsOptions))

with no success.
Any idea

Doesn't placing code in frontend/middleware/auth.js open you up to an attack, as all client-side code can be easily modified by an attacker in the browser?

Please change
error.response.data.message || error.reponse.status
to
error.response.data.message || error.response.status