Routing & State Management¶
Routing¶
Nuxt 2 file-based routing from pages/. Because the directory is flat, every page maps directly to a top-level URL.
| File pattern | Route |
|---|---|
pages/index.vue |
/ |
pages/login.vue |
/login |
pages/dashboard.vue |
/dashboard |
pages/topics.vue |
/topics |
pages/templateEditor.vue |
/templateEditor |
| (... 73 routes total ...) |
No dynamic parameter routes (_id.vue) observed in spot-checks. URLs are likely passed via query-string for record selection.
The _accid segment pattern used by someli-platform (e.g., /<accountId>/contentplanner) is not used here — there's no per-account scoping because the designer FE is for internal staff working across all accounts.
Auth-gated routing¶
nuxt.config.js doesn't register an auth middleware globally. Pages don't seem to declare middleware: 'auth' per spot-checks. So:
- An unauthenticated visit to
/dashboard(or any protected page) does not auto-redirect to/login - The pages themselves rely on
$auth.userbeing populated to render UI; if it's empty, they may show stale state or error
Verify: does some other mechanism (page-level guard, or @nuxtjs/auth's default redirectIfNotLoggedIn) handle the redirect? If not, this is a finding — see security.md.
Role-typed UI gating¶
The Navbar (and presumably some page-level UI) is gated by $auth.user.role_type:
<b-nav-item-dropdown
v-if="($auth.user.role_type == 1 || $auth.user.role_type == 2 || $auth.user.role_type == 6)
&& $auth.user.role_type != 13"
text="Topics" right
>
Patterns observed:
role_type == 1— super adminrole_type == 2— adminrole_type == 6— designer (probably)role_type == 13— restricted role (recent change per commit074b9ec: "Restrict navbar item visibility based on user role type by excluding role type 13")
The role IDs are integer literals scattered throughout Navbar.vue and various page components. There's no central enum. This is a maintainability liability — adding a new role requires touching every v-if. Bonus footgun: $auth.user.role_type == 1 is loose equality; if the BE ever returns "1" (string) instead of 1 (number), JavaScript coerces but tests in code comments would be confused.
State management¶
Single Vuex module in store/index.js. State:
{
user: [], // current user (oddly typed as array)
userdesignlist: [],
alluserdesignlist: [],
userfilterlist: [],
BusinessGroupLists: [],
defaultCategoriess: [] // typo: should be "defaultCategories"
}
Actions are API-call wrappers: each action issues a single backend request, optionally commits to state, and returns the data. Examples: commonPagecount, getUserDesignList, getallUserDesignList, getUserlist, designUpload, getEditDesignList, …
There's no caching layer — every component that calls an action triggers a fresh BE call. Compare to someli-platform/store/api.js (5-minute TTL cache). The lack here means more BE load and slower UX. Recommendation: extract a cache layer.
Cookies¶
Used for auth:
userdetail— the current user's info (set after login, used bymiddleware/guest.js)- Plus whatever
@nuxtjs/authdefaults set
Plus any cookies set by designer-api's express-session middleware (if any) — verify.
Persistence¶
- Cookies (above)
localStorage—polotno-editoruseslocalStorageto persist in-progress designs (per the README's Polotno integration notes; also observed insomeli-platform's polotno editor)
Deep linking¶
Direct visit to a page works because Nuxt's SPA mode serves index.html for all routes. As long as the cookie is present, the page can authenticate. If not, behaviour depends on the un-verified auth-redirect question above.
Code splitting¶
Nuxt 2 auto-splits per page (each pages/*.vue is its own chunk). Initial load fetches the layout + the visited page; subsequent pages are loaded on demand.
Recommendations¶
| ID | Recommendation | Effort |
|---|---|---|
| R-1 | Verify auth redirect on unauthenticated access; add middleware: 'auth' to protected pages if missing |
Small |
| R-2 | Centralise role IDs as a single const ROLE = { SUPER_ADMIN: 1, ADMIN: 2, DESIGNER: 6, ... } import |
Small |
| R-3 | Refactor pages/ into subdirectories by domain (pages/templates/, pages/posts/, etc.) |
Medium |
| R-4 | Split store/index.js into feature-scoped sub-modules |
Medium |
| R-5 | Add a caching layer to action helpers (mirror someli-platform/store/api.js 5-min TTL pattern) |
Medium |
| R-6 | Fix typo: defaultCategoriess → defaultCategories (with corresponding BE handler search) |
Small |
| R-7 | Document role-type taxonomy in a shared place (this repo, admin_console_R, BE all use the same IDs but none enumerate them in one location) |
Small |