fix: clear cached recipe actions on logout to prevent cross-user leak (#7815)

Co-authored-by: Michael Genson <71845777+michael-genson@users.noreply.github.com>
Co-authored-by: Michael Genson <genson.michael@gmail.com>
This commit is contained in:
Ivan Bondarenko
2026-07-02 19:52:15 +02:00
committed by GitHub
parent 87468de8b6
commit 3ddb47ac02
9 changed files with 71 additions and 7 deletions

View File

@@ -1,6 +1,7 @@
import { ref, computed } from "vue";
import type { UserOut } from "~/lib/api/types/user";
import { clearAllStores } from "~/composables/store";
import { clearComposableCaches } from "~/composables/use-clear-composable-caches";
import { getTokenCookieOptions } from "~/composables/use-token-cookie";
interface AuthData {
@@ -25,6 +26,11 @@ interface AuthState {
const authUser = ref<UserOut | null>(null);
const authStatus = ref<"loading" | "authenticated" | "unauthenticated">("loading");
export function resetAuth() {
authUser.value = null;
authStatus.value = "unauthenticated";
}
export const useAuthBackend = function (): AuthState {
const { $axios } = useNuxtApp();
const router = useRouter();
@@ -41,8 +47,7 @@ export const useAuthBackend = function (): AuthState {
// Only clear token on auth errors, not network errors
if (error?.response?.status === 401) {
setToken(null);
authUser.value = null;
authStatus.value = "unauthenticated";
resetAuth();
if (redirect) {
router.push("/login");
}
@@ -99,12 +104,14 @@ export const useAuthBackend = function (): AuthState {
}
finally {
setToken(null);
authUser.value = null;
authStatus.value = "unauthenticated";
resetAuth();
// Clear all cached store data to prevent data leakage between users
clearAllStores();
// Clear cached composable refs to prevent data leakage between users
clearComposableCaches();
// Clear Nuxt's useAsyncData cache
clearNuxtData();