From c1ad6b4cfe46fb366d340fe34b155b639feff409 Mon Sep 17 00:00:00 2001
From: Antonio Andre <antonioandre1008@gmail.com>
Date: Mon, 18 May 2026 19:28:14 -0500
Subject: [PATCH 1/3] refac: gera url de reset de senha com base no .env

---
 .env.example                         |  1 +
 nuxt.config.ts                       | 21 +++++++++++----------
 server/utils/auth-config.ts          |  5 ++++-
 server/utils/auth-service.ts         |  5 +++--
 server/utils/password-reset-token.ts |  6 +++---
 5 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/.env.example b/.env.example
index c26d80e..a65bf0c 100644
--- a/.env.example
+++ b/.env.example
@@ -15,3 +15,4 @@ JWT_PUBLIC_KEY_PEM="<replace-with-escaped-pem>"
 REFRESH_TOKEN_PEPPER="change-me"
 PASSWORD_RESET_TTL_SEC="900"
 PASSWORD_RESET_TOKEN_PEPPER="change-me"
+PASSWORD_RESET_BASE_URL="http://localhost:3000"
diff --git a/nuxt.config.ts b/nuxt.config.ts
index 1aa2711..2eda62f 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -2,7 +2,13 @@
 export default defineNuxtConfig({
   compatibilityDate: '2025-07-15',
   devtools: { enabled: true },
-  modules: ['@nuxtjs/tailwindcss', '@pinia/nuxt', '@vee-validate/nuxt', 'vue-sonner/nuxt', '@nuxt/icon'],
+  modules: [
+    '@nuxtjs/tailwindcss',
+    '@pinia/nuxt',
+    '@vee-validate/nuxt',
+    'vue-sonner/nuxt',
+    '@nuxt/icon'
+  ],
   runtimeConfig: {
     databaseUrl: process.env.DATABASE_URL,
     jwtIssuer: process.env.JWT_ISSUER ?? 'https://auth.local',
@@ -14,17 +20,12 @@ export default defineNuxtConfig({
     jwtKid: process.env.JWT_KID ?? 'auth-key-1',
     refreshTokenPepper: process.env.REFRESH_TOKEN_PEPPER ?? '',
     passwordResetTtlSec: process.env.PASSWORD_RESET_TTL_SEC ?? '900',
-    passwordResetTokenPepper: process.env.PASSWORD_RESET_TOKEN_PEPPER ?? ''
+    passwordResetTokenPepper: process.env.PASSWORD_RESET_TOKEN_PEPPER ?? '',
+    passwordResetBaseUrl: process.env.PASSWORD_RESET_BASE_URL ?? ''
   },
   vite: {
     optimizeDeps: {
-      include: [
-        '@vue/devtools-core',
-        '@vue/devtools-kit',
-        'zod',
-        '@vee-validate/zod',
-        'vue-sonner',
-      ]
+      include: ['@vue/devtools-core', '@vue/devtools-kit', 'zod', '@vee-validate/zod', 'vue-sonner']
     }
   }
-})
\ No newline at end of file
+})
diff --git a/server/utils/auth-config.ts b/server/utils/auth-config.ts
index 3741415..366e4d6 100644
--- a/server/utils/auth-config.ts
+++ b/server/utils/auth-config.ts
@@ -11,6 +11,7 @@ export interface AuthRuntimeConfig {
   kid: string
   refreshTokenPepper: string
   passwordResetTokenPepper: string
+  passwordResetBaseUrl: string
 }
 
 /**
@@ -85,6 +86,7 @@ export function getAuthRuntimeConfig(event?: H3Event): AuthRuntimeConfig {
   const refreshTokenPepper = String(runtimeConfig.refreshTokenPepper ?? '').trim()
   const passwordResetTokenPepper =
     String(runtimeConfig.passwordResetTokenPepper ?? '').trim() || refreshTokenPepper
+  const passwordResetBaseUrl = String(runtimeConfig.passwordResetBaseUrl ?? '').trim()
 
   return {
     issuer,
@@ -99,6 +101,7 @@ export function getAuthRuntimeConfig(event?: H3Event): AuthRuntimeConfig {
     privateKeyPem: normalizePem(String(runtimeConfig.jwtPrivateKeyPem ?? ''), 'JWT private key'),
     publicKeyPem: normalizePem(String(runtimeConfig.jwtPublicKeyPem ?? ''), 'JWT public key'),
     refreshTokenPepper,
-    passwordResetTokenPepper
+    passwordResetTokenPepper,
+    passwordResetBaseUrl
   }
 }
diff --git a/server/utils/auth-service.ts b/server/utils/auth-service.ts
index f4b6ed4..5a2c601 100644
--- a/server/utils/auth-service.ts
+++ b/server/utils/auth-service.ts
@@ -1,5 +1,5 @@
 import { Prisma } from '@prisma/client'
-import { createError, readBody, setResponseStatus, type H3Event } from 'h3'
+import { createError, getRequestURL, readBody, setResponseStatus, type H3Event } from 'h3'
 
 import { signAccessToken } from './jwt'
 import { getAuthRuntimeConfig } from './auth-config'
@@ -202,6 +202,7 @@ export async function handleForgotPassword(event: H3Event) {
   const expiresAt = new Date(now.getTime() + config.passwordResetTtlSec * 1000)
   const rawResetToken = generateRawPasswordResetToken()
   const tokenHash = hashPasswordResetToken(rawResetToken, config.passwordResetTokenPepper)
+  const resetBaseUrl = config.passwordResetBaseUrl || getRequestURL(event).origin
 
   const user = await prisma.user.findUnique({
     where: { email },
@@ -233,7 +234,7 @@ export async function handleForgotPassword(event: H3Event) {
     message: 'If the email exists, recovery instructions were generated',
     recovery: {
       reset_token: rawResetToken,
-      reset_url: buildPasswordResetPreviewUrl(config.issuer, rawResetToken),
+      reset_url: buildPasswordResetPreviewUrl(resetBaseUrl, rawResetToken),
       expires_in: config.passwordResetTtlSec
     }
   }
diff --git a/server/utils/password-reset-token.ts b/server/utils/password-reset-token.ts
index 460f1af..95756c9 100644
--- a/server/utils/password-reset-token.ts
+++ b/server/utils/password-reset-token.ts
@@ -23,13 +23,13 @@ export function generateRawPasswordResetToken(): string {
 /**
  * Monta uma URL de preview para facilitar testes locais sem SMTP.
  *
- * @param issuer Base do serviço de auth.
+ * @param baseUrl URL pública usada para abrir a tela de redefinição.
  * @param token Token bruto de recuperação.
  * @returns URL completa (ou fallback relativo) com o token.
  */
-export function buildPasswordResetPreviewUrl(issuer: string, token: string): string {
+export function buildPasswordResetPreviewUrl(baseUrl: string, token: string): string {
   try {
-    const url = new URL('/auth/reset-password', issuer)
+    const url = new URL('/auth/reset-password', baseUrl)
     url.searchParams.set('token', token)
 
     return url.toString()

From 5fb43e0087067abcfc90a9a7d5356026425662d3 Mon Sep 17 00:00:00 2001
From: Antonio Andre <antonioandre1008@gmail.com>
Date: Mon, 18 May 2026 19:33:10 -0500
Subject: [PATCH 2/3] feat: implementa recuperacao de senha a partir do email

---
 .../(auth)/auth/reset-password/index.vue      | 146 +++++++++++++
 app/pages/(auth)/login/index.vue              | 202 +++++++++---------
 app/pages/(auth)/recuperar-senha/index.vue    | 113 ++++++++++
 3 files changed, 361 insertions(+), 100 deletions(-)
 create mode 100644 app/pages/(auth)/auth/reset-password/index.vue
 create mode 100644 app/pages/(auth)/recuperar-senha/index.vue

diff --git a/app/pages/(auth)/auth/reset-password/index.vue b/app/pages/(auth)/auth/reset-password/index.vue
new file mode 100644
index 0000000..2ee9be3
--- /dev/null
+++ b/app/pages/(auth)/auth/reset-password/index.vue
@@ -0,0 +1,146 @@
+<template>
+  <div
+    class="relative grid min-h-screen place-items-center overflow-hidden bg-[#f5f5f5] px-4 py-12 font-sans text-[#0c0a09] md:py-24">
+    <div
+      class="pointer-events-none absolute left-1/2 top-10 h-[420px] w-[min(92vw,760px)] -translate-x-1/2 rounded-[48px] bg-[radial-gradient(circle_at_20%_30%,rgba(232,184,196,0.58),transparent_28%),radial-gradient(circle_at_72%_24%,rgba(167,229,211,0.56),transparent_30%),radial-gradient(circle_at_52%_78%,rgba(244,197,168,0.5),transparent_34%)] blur-2xl"
+      aria-hidden="true"></div>
+
+    <main
+      class="relative grid w-full max-w-[1120px] grid-cols-1 items-center gap-8 md:grid-cols-[minmax(0,1fr)_minmax(340px,440px)] md:gap-16"
+      aria-labelledby="reset-password-title">
+      <section class="relative pt-2 md:py-8">
+        <p
+          class="m-0 inline-flex rounded-full bg-[rgba(232,184,196,0.58)] px-3 py-1 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#0c0a09]">
+          Nova senha
+        </p>
+        <h1 id="reset-password-title"
+          class="my-5 max-w-[640px] font-serif text-[40px] font-light leading-[1.05] tracking-[-1.2px] text-[#0c0a09] md:text-[64px] md:tracking-[-1.92px]">
+          Redefina sua senha
+        </h1>
+        <p class="m-0 max-w-[520px] text-base font-normal leading-6 tracking-[0.16px] text-[#4e4e4e]">
+          Use o token gerado na recuperação para definir uma nova senha de acesso.
+        </p>
+      </section>
+
+      <section
+        class="grid gap-5 rounded-2xl border border-[#e7e5e4] bg-white p-6 shadow-[0_4px_16px_rgba(0,0,0,0.04)] md:p-8"
+        aria-label="Formulario de redefinicao de senha">
+        <div class="mb-1">
+          <span
+            class="inline-flex min-h-6 items-center rounded-full bg-[rgba(232,184,196,0.58)] px-2.5 py-1 text-xs font-semibold uppercase leading-none tracking-[0.96px] text-[#0c0a09]">
+            Reset
+          </span>
+          <h2 class="mt-4 font-serif text-3xl font-light leading-[1.13] tracking-[-0.32px] text-[#0c0a09]">
+            Dados da nova senha
+          </h2>
+        </div>
+
+        <Form :validation-schema="schema" :initial-values="initialValues" @submit="redefinirSenha" class="grid gap-5">
+          <div class="grid gap-2">
+            <label class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
+              for="new-password">
+              Nova senha
+            </label>
+            <Field name="newPassword" v-slot="{ field, meta }">
+              <input v-bind="field" :disabled="isLoading"
+                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
+                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'" type="password"
+                id="new-password" />
+            </Field>
+            <ErrorMessage name="newPassword" class="text-xs text-red-500" />
+          </div>
+
+          <div class="grid gap-2">
+            <label class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
+              for="confirm-password">
+              Confirmar senha
+            </label>
+            <Field name="confirmPassword" v-slot="{ field, meta }">
+              <input v-bind="field" :disabled="isLoading"
+                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
+                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'" type="password"
+                id="confirm-password" />
+            </Field>
+            <ErrorMessage name="confirmPassword" class="text-xs text-red-500" />
+          </div>
+
+          <p v-if="!resetToken"
+            class="rounded-lg border border-red-200 bg-red-50 px-3 py-2 text-sm leading-[1.47] text-red-600">
+            Link de recuperação inválido. Gere uma nova recuperação de senha.
+          </p>
+
+          <button type="submit" :disabled="isLoading || !resetToken"
+            class="mt-1 inline-flex h-10 items-center justify-center gap-2 rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-70">
+            <Icon v-if="isLoading" name="mdi:loading" class="animate-spin text-base" />
+            <span v-else>Redefinir senha</span>
+          </button>
+
+          <p class="text-center text-[15px] leading-[1.47] tracking-[0.15px] text-[#777169]">
+            Lembrou a sua senha?
+            <NuxtLink to="/login" class="font-medium text-[#0c0a09] underline-offset-2 hover:underline">
+              Entrar agora
+            </NuxtLink>
+          </p>
+        </Form>
+      </section>
+    </main>
+  </div>
+</template>
+
+<script setup>
+import { toTypedSchema } from '@vee-validate/zod'
+import { z } from 'zod'
+
+definePageMeta({ middleware: 'guest' })
+
+const route = useRoute()
+const { $toast } = useNuxtApp()
+
+const isLoading = ref(false)
+
+const toStr = (val) => (val == null ? '' : String(val))
+const resetToken = computed(() => (typeof route.query.token === 'string' ? route.query.token : ''))
+
+const initialValues = {
+  newPassword: '',
+  confirmPassword: ''
+}
+
+const schema = toTypedSchema(
+  z
+    .object({
+      newPassword: z.preprocess(
+        toStr,
+        z.string().min(8, 'A senha deve ter no mínimo 8 caracteres')
+      ),
+      confirmPassword: z.preprocess(toStr, z.string().min(1, 'Confirme a nova senha'))
+    })
+    .refine((data) => data.newPassword === data.confirmPassword, {
+      message: 'As senhas não conferem',
+      path: ['confirmPassword']
+    })
+)
+
+async function redefinirSenha({ newPassword }) {
+  isLoading.value = true
+  try {
+    await $fetch('/auth/reset-password', {
+      method: 'POST',
+      body: {
+        token: resetToken.value,
+        new_password: newPassword
+      }
+    })
+
+    $toast.success('Senha redefinida com sucesso!', { duration: 8000 })
+    await navigateTo('/login')
+  } catch (error) {
+    const message = error?.data?.statusMessage
+    $toast.error(message ?? 'Erro ao redefinir senha. Gere um novo token e tente novamente.', {
+      duration: 8000
+    })
+  } finally {
+    isLoading.value = false
+  }
+}
+</script>
diff --git a/app/pages/(auth)/login/index.vue b/app/pages/(auth)/login/index.vue
index 53435a4..25339cc 100644
--- a/app/pages/(auth)/login/index.vue
+++ b/app/pages/(auth)/login/index.vue
@@ -1,86 +1,88 @@
 <template>
+  <div
+    class="relative grid min-h-screen place-items-center overflow-hidden bg-[#f5f5f5] px-4 py-12 font-sans text-[#0c0a09] md:py-24">
     <div
-        class="relative grid min-h-screen place-items-center overflow-hidden bg-[#f5f5f5] px-4 py-12 font-sans text-[#0c0a09] md:py-24">
-        <div class="pointer-events-none absolute left-1/2 top-10 h-[420px] w-[min(92vw,760px)] -translate-x-1/2 rounded-[48px] bg-[radial-gradient(circle_at_20%_30%,rgba(167,229,211,0.62),transparent_28%),radial-gradient(circle_at_72%_24%,rgba(244,197,168,0.56),transparent_30%),radial-gradient(circle_at_52%_78%,rgba(200,184,224,0.5),transparent_34%)] blur-2xl"
-            aria-hidden="true"></div>
-        <main
-            class="relative grid w-full max-w-[1120px] grid-cols-1 items-center gap-8 md:grid-cols-[minmax(0,1fr)_minmax(340px,420px)] md:gap-16"
-            aria-labelledby="create-account-title">
-            <section class="relative pt-2 md:py-8">
-                <p
-                    class="m-0 inline-flex rounded-full bg-[rgba(200,184,224,0.5)] px-3 py-1 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#0c0a09]">
-                    Login
-                </p>
-                <h1 id="create-account-title"
-                    class="my-5 max-w-[640px] font-serif text-[40px] font-light leading-[1.05] tracking-[-1.2px] text-[#0c0a09] md:text-[64px] md:tracking-[-1.92px]">
-                    Faça seu login
-                </h1>
-                <p class="m-0 max-w-[520px] text-base font-normal leading-6 tracking-[0.16px] text-[#4e4e4e]">
-                    Faça seu login com email e senha.
-                </p>
-            </section>
+      class="pointer-events-none absolute left-1/2 top-10 h-[420px] w-[min(92vw,760px)] -translate-x-1/2 rounded-[48px] bg-[radial-gradient(circle_at_20%_30%,rgba(167,229,211,0.62),transparent_28%),radial-gradient(circle_at_72%_24%,rgba(244,197,168,0.56),transparent_30%),radial-gradient(circle_at_52%_78%,rgba(200,184,224,0.5),transparent_34%)] blur-2xl"
+      aria-hidden="true"></div>
+    <main
+      class="relative grid w-full max-w-[1120px] grid-cols-1 items-center gap-8 md:grid-cols-[minmax(0,1fr)_minmax(340px,420px)] md:gap-16"
+      aria-labelledby="create-account-title">
+      <section class="relative pt-2 md:py-8">
+        <p
+          class="m-0 inline-flex rounded-full bg-[rgba(200,184,224,0.5)] px-3 py-1 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#0c0a09]">
+          Login
+        </p>
+        <h1 id="create-account-title"
+          class="my-5 max-w-[640px] font-serif text-[40px] font-light leading-[1.05] tracking-[-1.2px] text-[#0c0a09] md:text-[64px] md:tracking-[-1.92px]">
+          Faça seu login
+        </h1>
+        <p class="m-0 max-w-[520px] text-base font-normal leading-6 tracking-[0.16px] text-[#4e4e4e]">
+          Faça seu login com email e senha.
+        </p>
+      </section>
 
-            <section
-                class="grid gap-5 rounded-2xl border border-[#e7e5e4] bg-white p-6 shadow-[0_4px_16px_rgba(0,0,0,0.04)] md:p-8"
-                aria-label="Formulario de criacao de conta">
-                <div class="mb-1">
-                    <span
-                        class="inline-flex min-h-6 items-center rounded-full bg-[rgba(200,184,224,0.5)] px-2.5 py-1 text-xs font-semibold uppercase leading-none tracking-[0.96px] text-[#0c0a09]">
-                        Login
-                    </span>
-                    <h2 class="mt-4 font-serif text-3xl font-light leading-[1.13] tracking-[-0.32px] text-[#0c0a09]">
-                        Dados de entrada
-                    </h2>
-                </div>
+      <section
+        class="grid gap-5 rounded-2xl border border-[#e7e5e4] bg-white p-6 shadow-[0_4px_16px_rgba(0,0,0,0.04)] md:p-8"
+        aria-label="Formulario de criacao de conta">
+        <div class="mb-1">
+          <span
+            class="inline-flex min-h-6 items-center rounded-full bg-[rgba(200,184,224,0.5)] px-2.5 py-1 text-xs font-semibold uppercase leading-none tracking-[0.96px] text-[#0c0a09]">
+            Login
+          </span>
+          <h2 class="mt-4 font-serif text-3xl font-light leading-[1.13] tracking-[-0.32px] text-[#0c0a09]">
+            Dados de entrada
+          </h2>
+        </div>
 
-                <Form :validation-schema="schema" @submit="entrarConta" class="grid gap-5">
-                    <div class="grid gap-2">
-                        <label
-                            class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
-                            for="email">
-                            Email
-                        </label>
-                        <Field name="email" v-slot="{ field, meta }">
-                            <input v-bind="field" :disabled="isLoading"
-                                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
-                                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'"
-                                type="email" id="email" />
-                        </Field>
-                        <ErrorMessage name="email" class="text-xs text-red-500" />
-                    </div>
+        <Form :validation-schema="schema" @submit="entrarConta" class="grid gap-5">
+          <div class="grid gap-2">
+            <label class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
+              for="email">
+              Email
+            </label>
+            <Field name="email" v-slot="{ field, meta }">
+              <input v-bind="field" :disabled="isLoading"
+                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
+                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'" type="email" id="email" />
+            </Field>
+            <ErrorMessage name="email" class="text-xs text-red-500" />
+          </div>
 
-                    <div class="grid gap-2">
-                        <label
-                            class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
-                            for="senha">
-                            Senha
-                        </label>
-                        <Field name="password" v-slot="{ field, meta }">
-                            <input v-bind="field" :disabled="isLoading"
-                                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
-                                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'"
-                                type="password" id="senha" />
-                        </Field>
-                        <ErrorMessage name="password" class="text-xs text-red-500" />
-                    </div>
+          <div class="grid gap-2">
+            <label class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
+              for="senha">
+              Senha
+            </label>
+            <Field name="password" v-slot="{ field, meta }">
+              <input v-bind="field" :disabled="isLoading"
+                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
+                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'" type="password"
+                id="senha" />
+            </Field>
+            <ErrorMessage name="password" class="text-xs text-red-500" />
+          </div>
 
-                    <button type="submit" :disabled="isLoading"
-                        class="mt-1 inline-flex h-10 items-center justify-center gap-2 rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-70">
-                        <Icon v-if="isLoading" name="mdi:loading" class="animate-spin text-base" />
-                        <span v-else>Entrar</span>
-                    </button>
+          <NuxtLink to="/recuperar-senha"
+            class="-mt-2 justify-self-end text-sm font-medium text-[#0c0a09] underline-offset-2 hover:underline">
+            Esqueci minha senha
+          </NuxtLink>
 
-                    <p class="text-center text-[15px] leading-[1.47] tracking-[0.15px] text-[#777169]">
-                        Não tem uma conta?
-                        <NuxtLink to="/criar-conta"
-                            class="font-medium text-[#0c0a09] underline-offset-2 hover:underline">
-                            Criar conta
-                        </NuxtLink>
-                    </p>
-                </Form>
-            </section>
-        </main>
-    </div>
+          <button type="submit" :disabled="isLoading"
+            class="mt-1 inline-flex h-10 items-center justify-center gap-2 rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-70">
+            <Icon v-if="isLoading" name="mdi:loading" class="animate-spin text-base" />
+            <span v-else>Entrar</span>
+          </button>
+
+          <p class="text-center text-[15px] leading-[1.47] tracking-[0.15px] text-[#777169]">
+            Não tem uma conta?
+            <NuxtLink to="/criar-conta" class="font-medium text-[#0c0a09] underline-offset-2 hover:underline">
+              Criar conta
+            </NuxtLink>
+          </p>
+        </Form>
+      </section>
+    </main>
+  </div>
 </template>
 
 <script setup>
@@ -92,9 +94,9 @@ definePageMeta({ middleware: 'guest' })
 const { $toast } = useNuxtApp()
 
 const token = useCookie('token', {
-    secure: true,
-    sameSite: 'lax',
-    maxAge: 900
+  secure: true,
+  sameSite: 'lax',
+  maxAge: 900
 })
 
 const isLoading = ref(false)
@@ -102,32 +104,32 @@ const isLoading = ref(false)
 const toStr = (val) => (val == null ? '' : String(val))
 
 const schema = toTypedSchema(
-    z.object({
-        email: z.preprocess(toStr, z.string().min(1, 'Email é obrigatório').email('Email inválido')),
-        password: z.preprocess(toStr, z.string().min(1, 'A senha é obrigatória')),
-    }),
+  z.object({
+    email: z.preprocess(toStr, z.string().min(1, 'Email é obrigatório').email('Email inválido')),
+    password: z.preprocess(toStr, z.string().min(1, 'A senha é obrigatória'))
+  })
 )
 
 async function entrarConta({ email, password }) {
-    isLoading.value = true
-    try {
-        const data = await $fetch('/auth/login', {
-            method: 'POST',
-            body: { email, password },
-        })
+  isLoading.value = true
+  try {
+    const data = await $fetch('/auth/login', {
+      method: 'POST',
+      body: { email, password }
+    })
 
-        token.value = data.access_token
+    token.value = data.access_token
 
-        $toast.success('Login realizado com sucesso!', { duration: 8000 })
+    $toast.success('Login realizado com sucesso!', { duration: 8000 })
 
-        await navigateTo('/home')
-    } catch (error) {
-        const message = error?.data?.statusMessage
-        $toast.error(message ?? 'Erro para efetuar o login. Tente novamente.', {
-            duration: 8000,
-        })
-    } finally {
-        isLoading.value = false
-    }
+    await navigateTo('/home')
+  } catch (error) {
+    const message = error?.data?.statusMessage
+    $toast.error(message ?? 'Erro para efetuar o login. Tente novamente.', {
+      duration: 8000
+    })
+  } finally {
+    isLoading.value = false
+  }
 }
 </script>
diff --git a/app/pages/(auth)/recuperar-senha/index.vue b/app/pages/(auth)/recuperar-senha/index.vue
new file mode 100644
index 0000000..a2a4875
--- /dev/null
+++ b/app/pages/(auth)/recuperar-senha/index.vue
@@ -0,0 +1,113 @@
+<template>
+  <div
+    class="relative grid min-h-screen place-items-center overflow-hidden bg-[#f5f5f5] px-4 py-12 font-sans text-[#0c0a09] md:py-24">
+    <div
+      class="pointer-events-none absolute left-1/2 top-10 h-[420px] w-[min(92vw,760px)] -translate-x-1/2 rounded-[48px] bg-[radial-gradient(circle_at_20%_30%,rgba(167,229,211,0.62),transparent_28%),radial-gradient(circle_at_72%_24%,rgba(168,200,232,0.56),transparent_30%),radial-gradient(circle_at_52%_78%,rgba(232,184,196,0.5),transparent_34%)] blur-2xl"
+      aria-hidden="true"></div>
+
+    <main
+      class="relative grid w-full max-w-[1120px] grid-cols-1 items-center gap-8 md:grid-cols-[minmax(0,1fr)_minmax(340px,440px)] md:gap-16"
+      aria-labelledby="recover-password-title">
+      <section class="relative pt-2 md:py-8">
+        <p
+          class="m-0 inline-flex rounded-full bg-[rgba(168,200,232,0.56)] px-3 py-1 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#0c0a09]">
+          Recuperação
+        </p>
+        <h1 id="recover-password-title"
+          class="my-5 max-w-[640px] font-serif text-[40px] font-light leading-[1.05] tracking-[-1.2px] text-[#0c0a09] md:text-[64px] md:tracking-[-1.92px]">
+          Recupere sua senha
+        </h1>
+        <p class="m-0 max-w-[520px] text-base font-normal leading-6 tracking-[0.16px] text-[#4e4e4e]">
+          Informe seu email para recuperar a sua senha.
+        </p>
+      </section>
+
+      <section
+        class="grid gap-5 rounded-2xl border border-[#e7e5e4] bg-white p-6 shadow-[0_4px_16px_rgba(0,0,0,0.04)] md:p-8"
+        aria-label="Formulario de recuperacao de senha">
+        <div class="mb-1">
+          <span
+            class="inline-flex min-h-6 items-center rounded-full bg-[rgba(168,200,232,0.56)] px-2.5 py-1 text-xs font-semibold uppercase leading-none tracking-[0.96px] text-[#0c0a09]">
+            Senha
+          </span>
+          <h2 class="mt-4 font-serif text-3xl font-light leading-[1.13] tracking-[-0.32px] text-[#0c0a09]">
+            Email da conta
+          </h2>
+        </div>
+
+        <Form :validation-schema="schema" @submit="solicitarRecuperacao" class="grid gap-5">
+          <div class="grid gap-2">
+            <label class="m-0 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
+              for="email">
+              Email
+            </label>
+            <Field name="email" v-slot="{ field, meta }">
+              <input v-bind="field" :disabled="isLoading"
+                class="h-11 w-full rounded-lg border bg-white px-4 py-3 text-base leading-6 tracking-[0.16px] text-[#0c0a09] outline-none transition focus:border-2 focus:border-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-50"
+                :class="meta.touched && !meta.valid ? 'border-red-400' : 'border-[#d6d3d1]'" type="email" id="email" />
+            </Field>
+            <ErrorMessage name="email" class="text-xs text-red-500" />
+          </div>
+
+          <button type="submit" :disabled="isLoading"
+            class="mt-1 inline-flex h-10 items-center justify-center gap-2 rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-70">
+            <Icon v-if="isLoading" name="mdi:loading" class="animate-spin text-base" />
+            <span v-else>Gerar recuperação</span>
+          </button>
+
+          <p class="text-center text-[15px] leading-[1.47] tracking-[0.15px] text-[#777169]">
+            Lembrou a senha?
+            <NuxtLink to="/login" class="font-medium text-[#0c0a09] underline-offset-2 hover:underline">
+              Fazer login
+            </NuxtLink>
+          </p>
+        </Form>
+      </section>
+    </main>
+  </div>
+</template>
+
+<script setup>
+import { toTypedSchema } from '@vee-validate/zod'
+import { z } from 'zod'
+
+definePageMeta({ middleware: 'guest' })
+
+const { $toast } = useNuxtApp()
+
+const isLoading = ref(false)
+
+const toStr = (val) => (val == null ? '' : String(val))
+
+const schema = toTypedSchema(
+  z.object({
+    email: z.preprocess(toStr, z.string().min(1, 'Email é obrigatório').email('Email inválido'))
+  })
+)
+
+async function solicitarRecuperacao({ email }) {
+  isLoading.value = true
+  try {
+    const data = await $fetch('/auth/forgot-password', {
+      method: 'POST',
+      body: { email }
+    })
+
+    const resetUrl = data?.recovery?.reset_url
+
+    if (!resetUrl) {
+      throw new Error('Reset URL was not returned')
+    }
+
+    $toast.success('Recuperação gerada com sucesso!', { duration: 8000 })
+    await navigateTo(resetUrl, { external: true })
+  } catch (error) {
+    const message = error?.data?.statusMessage
+    $toast.error(message ?? 'Erro ao gerar recuperação de senha. Tente novamente.', {
+      duration: 8000
+    })
+  } finally {
+    isLoading.value = false
+  }
+}
+</script>

From ef9fef66b8e1c76fb6a934f82df9f6e004dde120 Mon Sep 17 00:00:00 2001
From: Antonio Andre <antonioandre1008@gmail.com>
Date: Mon, 18 May 2026 19:41:33 -0500
Subject: [PATCH 3/3] feat: renderiza conteudos nas rotas / e /home

---
 app/pages/(protected)/home/index.vue | 139 ++++++++++++++++++++++++++-
 app/pages/index.vue                  |  62 +++++++++++-
 2 files changed, 195 insertions(+), 6 deletions(-)

diff --git a/app/pages/(protected)/home/index.vue b/app/pages/(protected)/home/index.vue
index fc4cd8a..00bdaf8 100644
--- a/app/pages/(protected)/home/index.vue
+++ b/app/pages/(protected)/home/index.vue
@@ -1,11 +1,142 @@
 <template>
-    <div>
-        <h1>OOOIII SOU A HOMEEE</h1>
-    </div>
+  <div
+    class="relative min-h-screen overflow-hidden bg-[#f5f5f5] px-4 py-10 font-sans text-[#0c0a09] md:px-8 md:py-16"
+  >
+    <div
+      class="pointer-events-none absolute left-1/2 top-8 h-[420px] w-[min(92vw,760px)] -translate-x-1/2 rounded-[48px] bg-[radial-gradient(circle_at_20%_30%,rgba(167,229,211,0.62),transparent_28%),radial-gradient(circle_at_72%_24%,rgba(168,200,232,0.56),transparent_30%),radial-gradient(circle_at_52%_78%,rgba(232,184,196,0.5),transparent_34%)] blur-2xl"
+      aria-hidden="true"
+    ></div>
+
+    <main class="relative mx-auto grid w-full max-w-[960px] gap-8" aria-labelledby="home-title">
+      <header class="flex flex-col gap-5 sm:flex-row sm:items-end sm:justify-between">
+        <div>
+          <p
+            class="m-0 inline-flex rounded-full bg-[rgba(168,200,232,0.56)] px-3 py-1 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#0c0a09]"
+          >
+            Conta
+          </p>
+          <h1
+            id="home-title"
+            class="my-5 max-w-[680px] font-serif text-[40px] font-light leading-[1.08] tracking-[-0.96px] text-[#0c0a09] md:text-[48px]"
+          >
+            Olá, você está autenticado!
+          </h1>
+          <p
+            class="m-0 max-w-[540px] text-base font-normal leading-6 tracking-[0.16px] text-[#4e4e4e]"
+          >
+            Estes são os dados retornados pelo perfil da sua sessão atual.
+          </p>
+        </div>
+
+        <button
+          type="button"
+          :disabled="isLeaving"
+          @click="sair"
+          class="inline-flex h-10 items-center justify-center gap-2 rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09] disabled:cursor-not-allowed disabled:opacity-70"
+        >
+          <Icon v-if="isLeaving" name="mdi:loading" class="animate-spin text-base" />
+          <span v-else>Sair</span>
+        </button>
+      </header>
+
+      <section
+        class="grid gap-5 rounded-2xl border border-[#e7e5e4] bg-white p-6 shadow-[0_4px_16px_rgba(0,0,0,0.04)] md:p-8"
+        aria-label="Dados do perfil autenticado"
+      >
+        <div>
+          <span
+            class="inline-flex min-h-6 items-center rounded-full bg-[rgba(167,229,211,0.62)] px-2.5 py-1 text-xs font-semibold uppercase leading-none tracking-[0.96px] text-[#0c0a09]"
+          >
+            Perfil
+          </span>
+          <h2
+            class="mt-4 font-serif text-3xl font-light leading-[1.13] tracking-[-0.32px] text-[#0c0a09]"
+          >
+            Dados da conta
+          </h2>
+        </div>
+
+        <dl class="grid gap-4">
+          <div
+            v-for="item in profileRows"
+            :key="item.label"
+            class="grid gap-1 border-t border-[#e7e5e4] pt-4 sm:grid-cols-[160px_minmax(0,1fr)] sm:gap-5"
+          >
+            <dt
+              class="text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#777169]"
+            >
+              {{ item.label }}
+            </dt>
+            <dd class="m-0 break-words text-base leading-6 tracking-[0.16px] text-[#0c0a09]">
+              {{ item.value }}
+            </dd>
+          </div>
+        </dl>
+      </section>
+    </main>
+  </div>
 </template>
 
 <script setup>
 definePageMeta({
-    middleware: 'auth'
+  middleware: 'auth'
 })
+
+const { $toast } = useNuxtApp()
+
+const token = useCookie('token', {
+  secure: true,
+  sameSite: 'lax',
+  maxAge: 900
+})
+
+const isLeaving = ref(false)
+
+const clearToken = () => {
+  token.value = null
+}
+
+const { data: profile, error } = await useAsyncData('profile-me', () =>
+  $fetch('/profile/me', {
+    headers: {
+      Authorization: `Bearer ${token.value}`
+    }
+  })
+)
+
+if (error.value) {
+  clearToken()
+
+  if (import.meta.client) {
+    $toast.error('Sua sessão expirou. Faça login novamente.', { duration: 8000 })
+  }
+
+  await navigateTo('/login')
+}
+
+const profileRows = computed(() => [
+  {
+    label: 'user_id',
+    value: profile.value?.user_id ?? profile.value?.id ?? '-'
+  },
+  {
+    label: 'email',
+    value: profile.value?.email ?? '-'
+  },
+  {
+    label: 'created_at',
+    value: profile.value?.created_at ?? '-'
+  },
+  {
+    label: 'updated_at',
+    value: profile.value?.updated_at ?? '-'
+  }
+])
+
+async function sair() {
+  isLeaving.value = true
+  clearToken()
+  $toast.success('Sessão encerrada com sucesso.', { duration: 8000 })
+  await navigateTo('/login')
+}
 </script>
diff --git a/app/pages/index.vue b/app/pages/index.vue
index 97ec497..b9f8395 100644
--- a/app/pages/index.vue
+++ b/app/pages/index.vue
@@ -1,5 +1,63 @@
 <template>
-  <div>
-    <h1>Welcome to the Home Page</h1>
+  <div
+    class="relative grid min-h-screen place-items-center overflow-hidden bg-[#f5f5f5] px-4 py-12 font-sans text-[#0c0a09] md:py-24"
+  >
+    <div
+      class="pointer-events-none absolute left-1/2 top-10 h-[420px] w-[min(92vw,760px)] -translate-x-1/2 rounded-[48px] bg-[radial-gradient(circle_at_20%_30%,rgba(167,229,211,0.62),transparent_28%),radial-gradient(circle_at_72%_24%,rgba(244,197,168,0.56),transparent_30%),radial-gradient(circle_at_52%_78%,rgba(200,184,224,0.5),transparent_34%)] blur-2xl"
+      aria-hidden="true"
+    ></div>
+
+    <main
+      class="relative grid w-full max-w-[960px] gap-8 rounded-2xl border border-[#e7e5e4] bg-white p-6 shadow-[0_4px_16px_rgba(0,0,0,0.04)] md:grid-cols-[minmax(0,1fr)_auto] md:items-end md:p-8"
+      aria-labelledby="landing-title"
+    >
+      <section>
+        <p
+          class="m-0 inline-flex rounded-full bg-[rgba(167,229,211,0.62)] px-3 py-1 text-xs font-semibold uppercase leading-[1.4] tracking-[0.96px] text-[#0c0a09]"
+        >
+          Autenticação
+        </p>
+        <h1
+          id="landing-title"
+          class="my-5 max-w-[640px] font-serif text-[40px] font-light leading-[1.05] tracking-[-1.2px] text-[#0c0a09] md:text-[64px] md:tracking-[-1.92px]"
+        >
+          Acesse sua conta
+        </h1>
+        <p
+          class="m-0 max-w-[520px] text-base font-normal leading-6 tracking-[0.16px] text-[#4e4e4e]"
+        >
+          Entre para ver sua área autenticada ou crie uma conta nova com email e senha.
+        </p>
+      </section>
+
+      <nav class="flex flex-col gap-3 sm:flex-row md:flex-col" aria-label="Acesso a conta">
+        <NuxtLink
+          v-if="hasToken"
+          to="/home"
+          class="inline-flex h-10 items-center justify-center rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09]"
+        >
+          Ir para home
+        </NuxtLink>
+        <NuxtLink
+          v-else
+          to="/login"
+          class="inline-flex h-10 items-center justify-center rounded-full bg-[#292524] px-5 text-[15px] font-medium leading-none text-white transition hover:bg-[#0c0a09] active:bg-[#0c0a09]"
+        >
+          Entrar na conta
+        </NuxtLink>
+        <NuxtLink
+          to="/criar-conta"
+          class="inline-flex h-10 items-center justify-center rounded-full border border-[#d6d3d1] bg-transparent px-5 text-[15px] font-medium leading-none text-[#0c0a09] transition hover:border-[#0c0a09]"
+        >
+          Criar conta
+        </NuxtLink>
+      </nav>
+    </main>
   </div>
 </template>
+
+<script setup>
+const token = useCookie('token')
+
+const hasToken = computed(() => Boolean(token.value))
+</script>