@arcote.tech/arc-auth 0.4.6 → 0.4.7

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@arcote.tech/arc-auth",
   "type": "module",
-  "version": "0.4.6",
+  "version": "0.4.7",
   "private": false,
   "description": "Reusable authentication module for Arc framework — aggregate-based auth with factory pattern",
   "main": "./src/index.ts",
@@ -10,7 +10,7 @@
     "type-check": "tsc --noEmit"
   },
   "peerDependencies": {
-    "@arcote.tech/arc": "^0.4.6",
+    "@arcote.tech/arc": "^0.4.7",
     "react": "^18.0.0 || ^19.0.0",
     "typescript": "^5.0.0"
   },

package/src/aggregates/account.ts

@@ -29,6 +29,7 @@ export type AccountAggregateData<CustomFields extends ArcRawShape> = {
   accountId: AccountId;
   token: Token;
   customFields: CustomFields;
+  tokenFields?: string[];
 };
 
 export const createAccountAggregate = <
@@ -38,6 +39,16 @@ export const createAccountAggregate = <
   data: Data,
 ) => {
   const { accountId, token, customFields } = data;
+  const tokenFields = data.tokenFields ?? [];
+
+  /** Build JWT params from account — includes accountId + tokenFields */
+  const buildTokenParams = (account: any) => {
+    const params: any = { accountId: account._id };
+    for (const field of tokenFields) {
+      params[field] = account[field];
+    }
+    return params;
+  };
 
   return (
     aggregate(`${data.name}Accounts`, accountId, {
@@ -199,7 +210,7 @@ export const createAccountAggregate = <
               };
             }
 
-            const jwtToken = token.generateJWT({ accountId: account._id });
+            const jwtToken = token.generateJWT(buildTokenParams(account));
 
             await ctx.signedIn.emit({
               accountId: account._id,
@@ -223,10 +234,11 @@ export const createAccountAggregate = <
             ...customFields,
           },
           result: {} as
-            | { accountId: $type<typeof accountId> }
+            | { accountId: $type<typeof accountId>; token: string }
             | {
                 error: "EMAIL_ALREADY_TAKEN";
                 accountId: $type<typeof accountId>;
+                token: string;
               },
         },
         ONLY_SERVER &&
@@ -236,6 +248,7 @@ export const createAccountAggregate = <
               return {
                 error: "EMAIL_ALREADY_TAKEN" as const,
                 accountId: existing._id,
+                token: token.generateJWT(buildTokenParams(existing)),
               };
             }
 
@@ -250,7 +263,12 @@ export const createAccountAggregate = <
               ...custom,
             });
 
-            return { accountId: id };
+            // Fetch newly created account to get defaults (e.g. role)
+            const newAccount = await ctx.$query.findOne({ _id: id });
+            return {
+              accountId: id,
+              token: token.generateJWT(buildTokenParams(newAccount ?? { _id: id })),
+            };
           }),
       )
 
@@ -276,7 +294,7 @@ export const createAccountAggregate = <
               return { error: "ACCOUNT_NOT_FOUND" as const };
             }
 
-            const jwtToken = token.generateJWT({ accountId: account._id });
+            const jwtToken = token.generateJWT(buildTokenParams(account));
 
             await ctx.signedIn.emit({
               accountId: account._id,
@@ -290,7 +308,6 @@ export const createAccountAggregate = <
       .protectBy(token, (params: any) => ({ _id: params.accountId }))
       .clientQuery("getAll", async (ctx) => ctx.$query.find({}))
       .clientQuery("getMe", async (ctx) => ctx.$query.findOne({}))
-      .build()
   );
 };
 

package/src/aggregates/oauth-identity.ts

@@ -123,7 +123,7 @@ export const createOAuthIdentityAggregate = <
           providerUserId: params.providerUserId,
         }),
     )
-    .build();
+;
 };
 
 export type OAuthIdentityAggregate<

package/src/auth-builder.ts

@@ -1,11 +1,9 @@
 import {
-  aggregateContextElement,
   context,
   route,
   type ArcAggregateElement,
   type ArcContextElement,
   type ArcRawShape,
-  type AggregateConstructorAny,
 } from "@arcote.tech/arc";
 import { createAccountAggregate } from "./aggregates/account";
 import { createOAuthIdentityAggregate } from "./aggregates/oauth-identity";
@@ -18,9 +16,8 @@ import type { OAuthProvidersConfig } from "./providers/types";
 export class AuthBuilder<
   AccId,
   Tok,
-  Account extends AggregateConstructorAny,
-  AccountEl extends ArcAggregateElement<Account>,
-  OAuthIdentity extends AggregateConstructorAny | undefined,
+  Account extends ArcAggregateElement<any, any, any, any, any, any>,
+  OAuthIdentity extends ArcAggregateElement<any, any, any, any, any, any> | undefined,
   EnabledProviders extends string[],
   Elements extends ArcContextElement<any>[],
 > {
@@ -29,7 +26,6 @@ export class AuthBuilder<
     readonly accountId: AccId,
     readonly token: Tok,
     readonly Account: Account,
-    readonly accountElement: AccountEl,
     readonly OAuthIdentity: OAuthIdentity,
     readonly enabledProviders: EnabledProviders,
     readonly elements: Elements,
@@ -45,7 +41,6 @@ export class AuthBuilder<
       oauthIdentityId,
       accountId: this.accountId as any,
     });
-    const oauthIdentityElement = aggregateContextElement(OAuthIdentity);
 
     const hasProviders = config.providers && config.baseUrl;
     const routes = hasProviders
@@ -53,8 +48,8 @@ export class AuthBuilder<
           providers: config.providers!,
           baseUrl: config.baseUrl!,
           token: this.token as any,
-          accountElement: this.accountElement,
-          oauthIdentityElement,
+          accountElement: this.Account,
+          oauthIdentityElement: OAuthIdentity,
         })
       : null;
 
@@ -76,12 +71,11 @@ export class AuthBuilder<
       this.accountId,
       this.token,
       this.Account,
-      this.accountElement,
       OAuthIdentity,
       routes?.enabledProviders ?? ([] as string[]),
       [
-        this.accountElement,
-        oauthIdentityElement,
+        this.Account,
+        OAuthIdentity,
         oauthStart,
         oauthCallback,
       ] as const,
@@ -104,29 +98,43 @@ export function auth<
   const Name extends string,
   const CustomFields extends ArcRawShape,
   const Secret extends string | undefined,
+  const TokenFields extends readonly (keyof CustomFields & string)[] = [],
 >(config: {
   name: Name;
   customFields: CustomFields;
   secret: Secret;
+  tokenFields?: TokenFields;
 }) {
   const accountId = createAccountId({ name: config.name });
-  const token = createToken({ name: config.name, secret: config.secret });
+
+  // Extract token field schemas from customFields
+  const extraParams: Record<string, any> = {};
+  const tokenFieldsList = (config.tokenFields ?? []) as string[];
+  for (const field of tokenFieldsList) {
+    extraParams[field] = config.customFields[field];
+  }
+
+  const token = createToken({
+    name: config.name,
+    secret: config.secret,
+    extraParams: Object.keys(extraParams).length > 0 ? extraParams : undefined,
+  });
+
   const Account = createAccountAggregate({
     name: config.name,
     accountId,
     token,
     customFields: config.customFields,
+    tokenFields: tokenFieldsList,
   });
-  const accountElement = aggregateContextElement(Account);
 
   return new AuthBuilder(
     config.name,
     accountId,
     token,
     Account,
-    accountElement,
     undefined,
     [] as string[],
-    [accountElement] as const,
+    [Account] as const,
   );
 }

package/src/index.ts

@@ -1,96 +1,6 @@
-import {
-  aggregateContextElement,
-  context,
-  type ArcRawShape,
-} from "@arcote.tech/arc";
-import { createAccountAggregate } from "./aggregates/account";
-import { createOAuthIdentityAggregate } from "./aggregates/oauth-identity";
-import { createAccountId } from "./ids/account";
-import { createOAuthIdentityId } from "./ids/oauth-identity";
-import { createToken } from "./tokens/token";
-import { createOAuthRoutes } from "./routes/oauth-routes";
-import type { OAuthProvidersConfig } from "./providers/types";
-
-// --- New typed builder API ---
+// --- Auth builder API ---
 export { auth, AuthBuilder } from "./auth-builder";
 
-// --- Deprecated: use auth().useOAuth().build() instead ---
-
-export type AuthMode = "email" | "oauth" | "both";
-
-export type AuthContextData = {
-  name: string;
-  customFields: ArcRawShape;
-  secret: string | undefined;
-  mode?: AuthMode;
-  providers?: OAuthProvidersConfig;
-  baseUrl?: string;
-};
-
-/** @deprecated Use `auth({...}).useOAuth({...}).build()` instead */
-export const createAuthContext = <const Data extends AuthContextData>(
-  data: Data,
-) => {
-  const mode = data.mode ?? "both";
-  const accountId = createAccountId({ name: data.name });
-  const token = createToken({ name: data.name, secret: data.secret });
-
-  const Account = createAccountAggregate({
-    name: data.name,
-    accountId,
-    token,
-    customFields: data.customFields,
-  });
-
-  const accountElement = aggregateContextElement(Account);
-
-  const elements: any[] = [accountElement];
-
-  let OAuthIdentity: ReturnType<typeof createOAuthIdentityAggregate> | undefined;
-  let enabledProviders: string[] = [];
-
-  if (mode !== "email" && data.providers) {
-    const oauthIdentityId = createOAuthIdentityId({ name: data.name });
-
-    OAuthIdentity = createOAuthIdentityAggregate({
-      name: data.name,
-      oauthIdentityId,
-      accountId,
-    });
-
-    const oauthIdentityElement = aggregateContextElement(OAuthIdentity);
-    elements.push(oauthIdentityElement);
-
-    if (data.baseUrl) {
-      const oauthRoutes = createOAuthRoutes({
-        providers: data.providers,
-        baseUrl: data.baseUrl,
-        token,
-        accountElement,
-        oauthIdentityElement,
-      });
-      elements.push(oauthRoutes.oauthStart);
-      elements.push(oauthRoutes.oauthCallback);
-      enabledProviders = oauthRoutes.enabledProviders;
-    }
-  }
-
-  const authContext = context(elements);
-
-  return {
-    context: authContext,
-    accountId,
-    token,
-    Account,
-    OAuthIdentity,
-    mode,
-    enabledProviders,
-  };
-};
-
-export type AuthContext<Data extends AuthContextData = AuthContextData> =
-  ReturnType<typeof createAuthContext<Data>>;
-
 // Re-exports
 export { createAccountAggregate } from "./aggregates/account";
 export type { AccountAggregate } from "./aggregates/account";

package/src/routes/oauth-routes.ts

@@ -16,8 +16,8 @@ export type OAuthRoutesData = {
   providers: OAuthProvidersConfig;
   baseUrl: string;
   token: Token;
-  accountElement: ArcAggregateElement<AccountAggregate>;
-  oauthIdentityElement: ArcAggregateElement<OAuthIdentityAggregate>;
+  accountElement: AccountAggregate;
+  oauthIdentityElement: OAuthIdentityAggregate;
 };
 
 const providerAdapters: Record<string, OAuthProviderAdapter> = {
@@ -230,8 +230,9 @@ export function createOAuthRoutes(data: OAuthRoutesData) {
               : {}),
           });
 
-          // Both branches return accountId — extract it directly
+          // Both branches return accountId + token (JWT with tokenFields)
           const accountId = registerResult.accountId;
+          jwtToken = registerResult.token;
 
           // Link the OAuth identity
           await oauthIdentities.linkIdentity({
@@ -240,9 +241,6 @@ export function createOAuthRoutes(data: OAuthRoutesData) {
             providerUserId: profile.providerUserId,
             providerEmail: profile.email,
           });
-
-          // Generate JWT
-          jwtToken = token.generateJWT({ accountId });
         }
 
         // --- Redirect with token ---

package/src/tokens/token.ts

@@ -1,14 +1,16 @@
-import { string, token } from "@arcote.tech/arc";
+import { string, token, type ArcRawShape } from "@arcote.tech/arc";
 
 export type TokenData = {
   name: string;
   secret: string | undefined;
+  extraParams?: ArcRawShape;
 };
 
 export const createToken = <const Data extends TokenData>(data: Data) =>
   token(`${data.name}Account`, {
     accountId: string(),
-  }).secret(data.secret);
+    ...(data.extraParams ?? {}),
+  } as any).secret(data.secret);
 
 export type Token<Data extends TokenData = TokenData> = ReturnType<
   typeof createToken<Data>