vue-ssr-auth

What problem does it solve?

This Skill prevents insecure or fragile authentication implementations by providing a complete, security-focused auth and session management flow for a Vue SSR starter kit.

Core Features & Use Cases

• Email security-code authentication: Implements signup/signin using a 6-digit code generated via crypto.randomInt, delivered by email, and verified before granting access to the dashboard.
• Cryptographic verification & hardened sessions: Hashes security codes with SHA-256, verifies user input using timingSafeEqual, stores passwords with bcryptjs, and manages sessions with express-session using a file-based store.
• Abuse resistance for real endpoints: Enforces rate limiting per endpoint type, includes IP blocking, and gracefully integrates reCAPTCHA v3 (skipping when not configured) to reduce brute-force and automated abuse.
• Use case: Add or update authentication endpoints (signup, signin, verify-code, resend, forgot/reset password, signout, and protected “me/profile/admin” actions) while keeping security controls consistent and testable.

Quick Start

Ask for a guided walkthrough to implement or modify the email security-code signup→verify→dashboard flow using the existing security constants, hashing/verification, rate limiting, and session middleware in vue-ssr-auth.