entorno de desarrollo listo

nuxt4-app/server/api/auth/user.get.ts

@@ -0,0 +1,15 @@
+export default defineEventHandler((event) => {
+  const headers = getHeaders(event)
+
+  // Authentik envía información del usuario en headers específicos
+  const user = {
+    username: headers['x-authentik-username'] || null,
+    email: headers['x-authentik-email'] || null,
+    name: headers['x-authentik-name'] || null,
+    uid: headers['x-authentik-uid'] || null,
+    groups: headers['x-authentik-groups'] ? headers['x-authentik-groups'].split(',') : [],
+    authenticated: !!headers['x-authentik-username']
+  }
+
+  return user
+})

nuxt4-app/server/middleware/cors.ts

@@ -0,0 +1,32 @@
+export default defineEventHandler((event) => {
+  const origin = getHeader(event, 'origin')
+  const path = event.path || ''
+
+  // Rutas públicas que siempre permiten CORS desde cualquier origen
+  const publicRoutes = ['/manifest.webmanifest', '/sw.js', '/workbox-', '/_nuxt/', '/icons/', '/screenshots/']
+  const isPublicRoute = publicRoutes.some(route => path.startsWith(route))
+
+  if (isPublicRoute) {
+    setHeaders(event, {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Methods': 'GET, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type',
+      'Access-Control-Max-Age': '86400'
+    })
+  } else if (origin && (origin.endsWith('.nucleoriofrio.com') || origin === 'https://nucleoriofrio.com')) {
+    // Permitir CORS desde cualquier subdominio de .nucleoriofrio.com para otras rutas
+    setHeaders(event, {
+      'Access-Control-Allow-Origin': origin,
+      'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type, Authorization, X-Requested-With',
+      'Access-Control-Allow-Credentials': 'true',
+      'Access-Control-Max-Age': '86400'
+    })
+  }
+
+  // Manejar preflight requests
+  if (getMethod(event) === 'OPTIONS') {
+    event.node.res.statusCode = 204
+    event.node.res.end()
+  }
+})