https://tech.uvoo.io/index.php?action=history&feed=atom&title=Vuetify_login
Vuetify login - Revision history
2026-04-04T16:04:29Z
Revision history for this page on the wiki
MediaWiki 1.35.2
https://tech.uvoo.io/index.php?title=Vuetify_login&diff=5621&oldid=prev
Busk: Created page with "Awesome — here’s a clean, working pattern to add username/password login → JWT → protected CRUD to the Vue + Vuetify + vue-postgrest app. It includes: SQL to create..."
2025-08-10T10:47:13Z
<p>Created page with "Awesome — here’s a clean, working pattern to add username/password login → JWT → protected CRUD to the Vue + Vuetify + vue-postgrest app. It includes: SQL to create..."</p>
<p><b>New page</b></p><div>Awesome — here’s a clean, working pattern to add username/password login → JWT → protected CRUD to the Vue + Vuetify + vue-postgrest app.<br />
<br />
It includes:<br />
<br />
SQL to create a users table, bcrypt hashing, and an api.login RPC that returns a JWT<br />
<br />
A Vue auth store (tiny, no Pinia needed) that persists the token<br />
<br />
A router guard that sends unauth’d users to /login<br />
<br />
A Login.vue page that POSTs to /rpc/login, saves the token, and redirects<br />
<br />
Minor changes to the TodosCrud.vue calls so every request carries Authorization: Bearer <jwt><br />
<br />
<br />
<br />
---<br />
<br />
1) Postgres / PostgREST: users + login RPC<br />
<br />
-- Enable needed extensions<br />
CREATE EXTENSION IF NOT EXISTS pgcrypto; -- for crypt() / gen_salt()<br />
CREATE EXTENSION IF NOT EXISTS pgjwt; -- for sign()<br />
<br />
-- Users table (bcrypt hashed password)<br />
CREATE TABLE public.users (<br />
id serial PRIMARY KEY,<br />
username text UNIQUE NOT NULL,<br />
pass_hash text NOT NULL, -- bcrypt<br />
role text NOT NULL DEFAULT 'anon', -- app role in the JWT (e.g., 'web', 'anon')<br />
created_at timestamptz NOT NULL DEFAULT now()<br />
);<br />
<br />
-- Demo user: username 'demo', password 'demo123'<br />
INSERT INTO public.users (username, pass_hash, role)<br />
VALUES (<br />
'demo',<br />
crypt('demo123', gen_salt('bf')),<br />
'web' -- whatever role your PostgREST uses for authenticated requests<br />
);<br />
<br />
-- Example todos table (CRUD role grants)<br />
CREATE TABLE public.todos(<br />
id serial PRIMARY KEY,<br />
title text NOT NULL,<br />
done boolean NOT NULL DEFAULT false,<br />
created_at timestamptz NOT NULL DEFAULT now()<br />
);<br />
<br />
-- Grant access to web role (and maybe read to anon if you want)<br />
GRANT SELECT, INSERT, UPDATE, DELETE ON public.todos TO web;<br />
-- If your PostgREST anon role is `anon`, keep this locked down for anon:<br />
REVOKE ALL ON public.todos FROM anon;<br />
<br />
-- JWT login RPC (returns { token: <jwt> })<br />
-- NOTE: set your secret to exactly what PostgREST uses as PGRST_JWT_SECRET<br />
CREATE OR REPLACE FUNCTION api.login(username text, password text)<br />
RETURNS TABLE (token text) LANGUAGE plpgsql SECURITY DEFINER AS $$<br />
DECLARE<br />
_user public.users%ROWTYPE;<br />
_claims json;<br />
_secret text := current_setting('app.jwt_secret', true); -- we'll set this GUC in postgrest<br />
BEGIN<br />
SELECT * INTO _user FROM public.users WHERE users.username = login.username;<br />
IF NOT FOUND THEN<br />
RAISE EXCEPTION 'invalid_user_or_password' USING ERRCODE = '28P01';<br />
END IF;<br />
<br />
IF crypt(password, _user.pass_hash) <> _user.pass_hash THEN<br />
RAISE EXCEPTION 'invalid_user_or_password' USING ERRCODE = '28P01';<br />
END IF;<br />
<br />
-- JWT claims — include PostgREST-required 'role'<br />
_claims := json_build_object(<br />
'sub', _user.id,<br />
'role', _user.role,<br />
'username', _user.username,<br />
'iat', extract(epoch from now())::int,<br />
'exp', (extract(epoch from now())::int + 60*60*8) -- 8h<br />
);<br />
<br />
IF coalesce(_secret,'') = '' THEN<br />
RAISE EXCEPTION 'jwt_secret_not_configured';<br />
END IF;<br />
<br />
token := sign(_claims, _secret);<br />
RETURN NEXT;<br />
END;<br />
$$;<br />
<br />
-- PostgREST config notes (postgrest.conf):<br />
-- db-anon-role = "anon"<br />
-- db-pre-request = "app.settings" (optional)<br />
-- app.settings.jwt_secret = "<your-long-secret>"<br />
-- (or set environment: PGRST_JWT_SECRET to the same value)<br />
<br />
-- Finally, expose RPC to anon so they can log in<br />
GRANT EXECUTE ON FUNCTION api.login(text, text) TO anon;<br />
<br />
> Make sure PostgREST uses the same secret as the function (app.settings.jwt_secret or PGRST_JWT_SECRET). The function reads it via current_setting('app.jwt_secret', true).<br />
<br />
<br />
<br />
<br />
---<br />
<br />
2) Tiny auth helper (token store)<br />
<br />
// src/auth.ts<br />
import { ref, computed } from 'vue'<br />
<br />
const LS_KEY = 'jwt'<br />
const _token = ref<string | null>(localStorage.getItem(LS_KEY))<br />
<br />
export const isAuthed = computed(() => !!_token.value)<br />
export const token = computed({<br />
get: () => _token.value,<br />
set: (t: string | null) => {<br />
_token.value = t<br />
if (t) localStorage.setItem(LS_KEY, t)<br />
else localStorage.removeItem(LS_KEY)<br />
}<br />
})<br />
<br />
export function authHeaders() {<br />
return token.value ? { Authorization: `Bearer ${token.value}` } : {}<br />
}<br />
<br />
<br />
---<br />
<br />
3) Router with auth guard<br />
<br />
// src/router.ts<br />
import { createRouter, createWebHistory } from 'vue-router'<br />
import { isAuthed } from './auth'<br />
import TodosCrud from './components/TodosCrud.vue'<br />
import Login from './views/Login.vue'<br />
<br />
const routes = [<br />
{ path: '/login', name: 'login', component: Login, meta: { public: true } },<br />
{ path: '/', name: 'home', component: TodosCrud }, // protected<br />
]<br />
<br />
export const router = createRouter({<br />
history: createWebHistory(),<br />
routes,<br />
})<br />
<br />
router.beforeEach((to) => {<br />
if (to.meta.public) return true<br />
if (!isAuthed.value) return { name: 'login', query: { redirect: to.fullPath } }<br />
return true<br />
})<br />
<br />
<br />
---<br />
<br />
4) main.ts (Vuetify + vue-postgrest + Router)<br />
<br />
// src/main.ts<br />
import { createApp } from 'vue'<br />
import App from './App.vue'<br />
<br />
import 'vuetify/styles'<br />
import { createVuetify } from 'vuetify'<br />
import { aliases, mdi } from 'vuetify/iconsets/mdi'<br />
import '@mdi/font/css/materialdesignicons.css'<br />
const vuetify = createVuetify({ icons: { defaultSet: 'mdi', aliases, sets: { mdi } } })<br />
<br />
import VuePostgrest from 'vue-postgrest'<br />
import { router } from './router'<br />
<br />
const app = createApp(App)<br />
<br />
app.use(VuePostgrest, {<br />
apiRoot: 'http://localhost:3000/', // your PostgREST base URL<br />
// We’ll pass per-request headers from components so we can update after login.<br />
})<br />
<br />
app.use(vuetify)<br />
app.use(router)<br />
app.mount('#app')<br />
<br />
<br />
---<br />
<br />
5) Login page (POST /rpc/login, save token, redirect)<br />
<br />
<!-- src/views/Login.vue --><br />
<template><br />
<v-container class="d-flex justify-center align-center" style="min-height: 70vh"><br />
<v-card width="420"><br />
<v-card-title class="text-h6">Sign in</v-card-title><br />
<v-card-text><br />
<v-form @submit.prevent="submit"><br />
<v-text-field<br />
v-model="username"<br />
label="Username"<br />
autocomplete="username"<br />
required<br />
/><br />
<v-text-field<br />
v-model="password"<br />
label="Password"<br />
type="password"<br />
autocomplete="current-password"<br />
required<br />
/><br />
<v-alert v-if="error" type="error" variant="tonal" class="mt-2">{{ error }}</v-alert><br />
<div class="d-flex justify-end mt-4"><br />
<v-btn type="submit" :loading="loading" color="primary">Login</v-btn><br />
</div><br />
</v-form><br />
</v-card-text><br />
</v-card><br />
</v-container><br />
</template><br />
<br />
<script setup lang="ts"><br />
import { ref } from 'vue'<br />
import { token } from '@/auth'<br />
import { useRouter, useRoute } from 'vue-router'<br />
<br />
const router = useRouter()<br />
const route = useRoute()<br />
<br />
const username = ref('')<br />
const password = ref('')<br />
const loading = ref(false)<br />
const error = ref('')<br />
<br />
async function submit() {<br />
loading.value = true<br />
error.value = ''<br />
try {<br />
const res = await fetch('http://localhost:3000/rpc/login', {<br />
method: 'POST',<br />
headers: { 'Content-Type': 'application/json', 'Accept': 'application/json' },<br />
body: JSON.stringify({ username: username.value, password: password.value }),<br />
})<br />
if (!res.ok) {<br />
const t = await res.text()<br />
throw new Error(t || `Login failed (${res.status})`)<br />
}<br />
const json = await res.json() as { token: string }[] | { token: string }<br />
// PostgREST returns rows; handle both shapes safely<br />
const tok = Array.isArray(json) ? json[0]?.token : (json as any)?.token<br />
if (!tok) throw new Error('No token in response')<br />
token.value = tok<br />
<br />
const to = (route.query.redirect as string) || '/'<br />
router.replace(to)<br />
} catch (e: any) {<br />
error.value = e?.message || 'Login failed'<br />
} finally {<br />
loading.value = false<br />
}<br />
}<br />
</script><br />
<br />
<br />
---<br />
<br />
6) Add a Logout button (optional)<br />
<br />
In App.vue (or a small TopBar), add:<br />
<br />
<!-- src/App.vue --><br />
<template><br />
<v-app><br />
<v-app-bar flat><br />
<v-toolbar-title>Todos</v-toolbar-title><br />
<v-spacer /><br />
<v-btn v-if="isAuthed" variant="text" @click="logout">Logout</v-btn><br />
</v-app-bar><br />
<v-main><br />
<router-view /><br />
</v-main><br />
</v-app><br />
</template><br />
<br />
<script setup lang="ts"><br />
import { isAuthed, token } from './auth'<br />
import { useRouter } from 'vue-router'<br />
const router = useRouter()<br />
function logout() {<br />
token.value = null<br />
router.replace('/login')<br />
}<br />
</script><br />
<br />
<br />
---<br />
<br />
7) Update TodosCrud.vue to send Authorization on each request<br />
<br />
We’ll reuse the same component you already had, but add headers: authHeaders() wherever we call PostgREST:<br />
<br />
<script lang="ts"><br />
import { defineComponent } from 'vue'<br />
import { pg } from 'vue-postgrest'<br />
+import { authHeaders } from '@/auth'<br />
<br />
export default defineComponent({<br />
name: 'TodosCrud',<br />
mixins: [pg],<br />
data() {<br />
return {<br />
pgConfig: {<br />
route: 'todos',<br />
query: { select: ['id','title','done','created_at'], order: { id: 'asc' } },<br />
count: 'exact',<br />
},<br />
// ...rest unchanged<br />
}<br />
},<br />
methods: {<br />
refresh() {<br />
- (this as any).pg.$get()<br />
+ (this as any).pg.$get({ headers: authHeaders() })<br />
},<br />
openCreate() {<br />
- this.dialog.model = (this as any).pg.$new({ title: '', done: false })<br />
+ this.dialog.model = (this as any).pg.$new({ title: '', done: false })<br />
this.dialog.mode = 'create'<br />
this.errorMessage = ''<br />
this.dialog.open = true<br />
},<br />
openEdit(item: any) {<br />
this.dialog.model = (this as any).pg.$new({<br />
id: item.id, title: item.title, done: item.done<br />
})<br />
this.dialog.mode = 'edit'<br />
this.errorMessage = ''<br />
this.dialog.open = true<br />
},<br />
async submitDialog() {<br />
this.saving = true<br />
this.errorMessage = ''<br />
try {<br />
if (this.dialog.mode === 'create') {<br />
- await this.dialog.model.$post({ return: 'minimal' })<br />
+ await this.dialog.model.$post({ return: 'minimal', headers: authHeaders() })<br />
} else {<br />
- await this.dialog.model.$patch()<br />
+ await this.dialog.model.$patch({ headers: authHeaders() })<br />
}<br />
this.closeDialog()<br />
this.refresh()<br />
} catch (e: any) {<br />
this.errorMessage = e?.message || 'Save failed'<br />
} finally {<br />
this.saving = false<br />
}<br />
},<br />
async saveInline(item: any) {<br />
try {<br />
- await item.$patch({ columns: ['done'] })<br />
+ await item.$patch({ columns: ['done'], headers: authHeaders() })<br />
} catch (e) {<br />
item.done = !item.done<br />
}<br />
},<br />
async doDelete() {<br />
if (!this.confirm.item) return<br />
this.saving = true<br />
try {<br />
- await this.confirm.item.$delete()<br />
+ await this.confirm.item.$delete({ headers: authHeaders() })<br />
this.confirm.open = false<br />
this.refresh()<br />
} finally {<br />
this.saving = false<br />
}<br />
},<br />
},<br />
mounted() {<br />
// initial load with headers<br />
this.refresh()<br />
}<br />
})<br />
</script><br />
<br />
> This keeps it explicit and guarantees every request carries the latest token. If vue-postgrest in your version supports a global headers setter, you can centralize this, but the above is bulletproof.<br />
<br />
<br />
<br />
<br />
---<br />
<br />
That’s it<br />
<br />
Go to /login, sign in as demo / demo123<br />
<br />
You’ll be redirected to /, where all todos requests now include your JWT<br />
<br />
Use Add / Edit / Delete / Toggle Done; all calls are authorized<br />
<br />
<br />
If you want, I can also wire up server-side pagination in the Vuetify v-data-table that drives limit/offset in pg.$get({ range: { limit, offset }}) and uses pg.$range.totalCount for the total row count.</div>
Busk