feat: common changes for site protection

[amk-dev]

Fixs HFE-410

Changes

1. make router beforeEach guard wait for the modules returning promises to resolve before going to the target route
2. allow guest only access for enter.vue, this is a requirement to prevent getting redirected to login-required page if site protection is enabled, because we use enter for verifying the magic link
3. add i18n entries for site protection related texts

[shipko]

Hi @amk-dev
I agree with you changes. I also want to suggest switch off stacktrace in /graphql method

For example

curl 'https://api.hoppscotch.io/graphql' \
  -H 'authority: api.hoppscotch.io' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
  -H 'cache-control: no-cache' \
  --compressed

{
    "errors": [
        {
            "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
            "extensions": {
                "code": "BAD_REQUEST",
                "stacktrace": [
                    "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
                    "",
                    "    at new GraphQLErrorWithCode (/usr/src/app/node_modules/@apollo/server/src/internalErrorClasses.ts:15:5)",
                    "    at new BadRequestError (/usr/src/app/node_modules/@apollo/server/src/internalErrorClasses.ts:116:5)",
                    "    at preventCsrf (/usr/src/app/node_modules/@apollo/server/src/preventCsrf.ts:91:9)",
                    "    at ApolloServer.executeHTTPGraphQLRequest (/usr/src/app/node_modules/@apollo/server/src/ApolloServer.ts:1048:20)",
                    "    at processTicksAndRejections (node:internal/process/task_queues:95:5)"
                ]
            }
        }
    ]
}

[amk-dev]

Hi @amk-dev I agree with you changes. I also want to suggest switch off stacktrace in /graphql method

For example

curl 'https://api.hoppscotch.io/graphql' \
  -H 'authority: api.hoppscotch.io' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
  -H 'cache-control: no-cache' \
  --compressed

{
    "errors": [
        {
            "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
            "extensions": {
                "code": "BAD_REQUEST",
                "stacktrace": [
                    "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
                    "",
                    "    at new GraphQLErrorWithCode (/usr/src/app/node_modules/@apollo/server/src/internalErrorClasses.ts:15:5)",
                    "    at new BadRequestError (/usr/src/app/node_modules/@apollo/server/src/internalErrorClasses.ts:116:5)",
                    "    at preventCsrf (/usr/src/app/node_modules/@apollo/server/src/preventCsrf.ts:91:9)",
                    "    at ApolloServer.executeHTTPGraphQLRequest (/usr/src/app/node_modules/@apollo/server/src/ApolloServer.ts:1048:20)",
                    "    at processTicksAndRejections (node:internal/process/task_queues:95:5)"
                ]
            }
        }
    ]
}

Hey, thank you for your suggestion. at the moment we are keeping the stacktraces to help with some frontend logging. since our code is opensource, most issues arising from leaked stack traces are not a concern for us. people have access to our entire codebase.

also if you think this warrants more discussion, you can open another issue or discussion, since this PR is about some frontend changes for a different feature.