Make use session sync, use a plugin based approach for session fetching

[BracketJohn]

Closes #65

This PR:

• adds a plugin to maintain the session life cycle
• adds a global auth-middleware
• makes useSession sync
• adds lastRefreshedAt as a public property
• cleans up the structure of the module a bit:
  • add utils folder,
  • factor all useState into a single place to make it easier to maintain + update

Still to do:

• document plugin usage / puropose
• showcase full useSession properties in docs
• update configuration section
• adapt useSession usage everywhere
• make guest mode clearer / more documented -> removed it
• rename refetchInterval

for later work to update https://github.com/sidebase/nuxt-auth-example:

• bump to new version once released
• remove inline middleware
• be aware that getCsrfToken changed

for new issues / out of scope:

• do not register useSessionState composable
• document how to expand user object
• add a global server-middleware
• add broadcasting to sync session between tabs (opened RFC: Add session broadcasting to share the nuxt auth session between tabs #70)

Checklist:

• issue number linked above after pound (#)
  • replace "Closes " with "Contributes to" or other if this PR does not close the issue
• manually checked my feature / checking not applicable
• wrote tests / testing not applicable
• attached screenshots / screenshot not applicable

[JoaoPedroAS51]

Awesome!!! Nice work!! 😃

I just pointed out a thing here and there.

[JoaoPedroAS51]

Is there a reason for we use two different funcs to get the url? I'm just concerned about causing a mismatch between _getBasePath and getRequestUrl

[BracketJohn]

Originally, I did this to ensure that when the origin is set, it's strictly used on the app- and server-side. However, that doesn't make any sense as on the app-side anyone can edit the js/html/... anyways.

I'll use the useRequestEvent here but keep using the origin in the auth handler.

[JoaoPedroAS51]

Maybe we can create a func that uses the origin defined by the user and if not defined fallback to requrl. Makes sense? I believe this would fix the host/port issue

[BracketJohn]

I thought on the server-side we need it for security reasons, but you may be right that we can drop it. Looking through the next auth docs and code I cannot find a place that requires it, only the secret / NEXTAUTH_SECRET.

Let's investige + remove this in another issue.

[BracketJohn]

I've opened #72 foer this (:

[JoaoPedroAS51]

As we are not using Broadcast yet, we can add a check here to avoid an unnecessary request in client side if the session was already fetched in server side.

Suggested change

	await getSession()
	// Fetch the session only if not initialized yet.
	if (data.value === undefined) {
	await getSession()
	}

[JoaoPedroAS51]

I think we can use return here instead of await

[JoaoPedroAS51]

As status is now computed, we don't need to add readonly