npm - @arcote.tech/arc - Versions diffs - 0.5.2 → 0.5.5 - Mend

@arcote.tech/arc 0.5.2 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/adapters/auth-adapter.d.ts +11 -0
package/dist/adapters/event-publisher.d.ts +5 -0
package/dist/adapters/event-wire.d.ts +3 -0
package/dist/context-element/aggregate/index.d.ts +1 -1
package/dist/context-element/event/index.d.ts +1 -1
package/dist/context-element/event/instance.d.ts +19 -0
package/dist/context-element/listener/listener.d.ts +10 -4
package/dist/index.js +30 -29
package/package.json +1 -1

package/dist/adapters/auth-adapter.d.ts CHANGED Viewed

@@ -19,6 +19,17 @@ export declare class AuthAdapter {
      * Auto-persists to localStorage when available.
      */
     setToken(token: string | null, scope?: string): void;
+    /**
+     * Set an already-decoded token for a scope, bypassing JWT parsing.
+     *
+     * Used by listener auth reconstruction: events carry decoded auth context
+     * (tokenName + params) which has been validated at emit time. This method
+     * restores that context into a fresh AuthAdapter without requiring the
+     * original raw JWT.
+     *
+     * Does NOT touch localStorage — purely in-memory restoration.
+     */
+    setDecoded(decoded: DecodedToken, scope?: string): void;
     /**
      * Load all persisted scope tokens from localStorage.
      * Call once on app init before any queries.

package/dist/adapters/event-publisher.d.ts CHANGED Viewed

@@ -27,6 +27,11 @@ export interface StoredEvent {
     type: string;
     payload: string;
     createdAt: string;
+    /**
+     * JSON-serialized EventAuthContext snapshot from the mutation that emitted
+     * this event. Null for system events / cron / seed (no active auth scope).
+     */
+    authContext: string | null;
 }
 /** Event tag record in the event_tags table */
 export interface StoredEventTag {

package/dist/adapters/event-wire.d.ts CHANGED Viewed

@@ -7,11 +7,13 @@
  * - Handles reconnection and sync state
  * - Manages per-scope token caching
  */
+import type { EventAuthContext } from "../context-element/event/instance";
 export interface SyncableEvent {
     localId: string;
     type: string;
     payload: any;
     createdAt: string;
+    authContext: EventAuthContext | null;
 }
 export interface ReceivedEvent {
     localId: string;
@@ -20,6 +22,7 @@ export interface ReceivedEvent {
     payload: any;
     createdAt: string;
     clientId: string;
+    authContext: EventAuthContext | null;
 }
 import type { ContextDescriptor } from "../model/context-accessor";
 type EventWireState = "disconnected" | "connecting" | "connected";

package/dist/context-element/aggregate/index.d.ts CHANGED Viewed

@@ -11,5 +11,5 @@ export { aggregate } from "./aggregate-builder";
 export { ArcAggregateElement, type AggregateConstructor, type AggregateConstructorAny, type AggregateData, type AggregateInstanceCtx, type AggregateRow, } from "./aggregate-element";
 export { AggregateBase } from "./aggregate-base";
 export type { AggregateCronMethodEntry, AggregateEventEntry, AggregateEventHandler, AggregateMutateMethodContext, AggregateMutateMethodEntry, AggregateQueryContext, AggregateQueryMethodEntry, AggregateStaticConfig, } from "./aggregate-data";
-export type { ArcEventPayload } from "../event/instance";
+export type { ArcEventPayload, EventAuthContext, EventMetadata } from "../event/instance";
 //# sourceMappingURL=index.d.ts.map

package/dist/context-element/event/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 export { ArcEvent, event, type ArcEventAny } from "./event";
 export type { ArcEventData } from "./event-data";
-export type { ArcEventInstance, ArcEventPayload, EventMetadata, } from "./instance";
+export type { ArcEventInstance, ArcEventPayload, EventAuthContext, EventMetadata, } from "./instance";
 export type { ArcObjectAny, ArcRawShape } from "../../elements/object";
 //# sourceMappingURL=index.d.ts.map

package/dist/context-element/event/instance.d.ts CHANGED Viewed

@@ -1,11 +1,30 @@
 import type { $type } from "../../utils/types/get-type";
 import type { ArcEventAny } from "./event";
+/**
+ * Auth context captured at event emission time.
+ * Stored alongside the event in the event store so async listeners can
+ * reconstruct the original protection scope without losing security guarantees.
+ *
+ * Trust model: the event store is trusted (same threat surface as the
+ * aggregate state DB). No cryptographic re-verification — payload is
+ * authoritative because only authorized mutations could have written it.
+ */
+export type EventAuthContext = {
+    tokenName: string;
+    params: Record<string, any>;
+};
 /**
  * Event metadata attached to every event instance
  */
 export type EventMetadata = {
     id: string;
     createdAt: Date;
+    /**
+     * Auth context that authorized the mutation which emitted this event.
+     * `null` for system events emitted without an active auth scope —
+     * listeners with `protectBy()` will deny access for null-auth events.
+     */
+    authContext: EventAuthContext | null;
 };
 /**
  * Event instance type - represents an actual event occurrence

package/dist/context-element/listener/listener.d.ts CHANGED Viewed

@@ -77,11 +77,17 @@ export declare class ArcListener<const Data extends ArcListenerData> extends Arc
     init(environment: ArcEnvironment, adapters: ModelAdapters): Promise<void>;
     private handleEvent;
     /**
-     * Build scoped adapters from event payload.
+     * Build scoped adapters for the listener handler.
      *
-     * Looks at declared query/mutate elements — if any have protections,
-     * extracts the token name and creates an AuthAdapter with event payload
-     * as decoded params. This allows aggregate restrictions to apply.
+     * Sync listeners run inline with the originating mutation and inherit the
+     * caller's auth context directly. Async listeners run after the mutation
+     * completes and lose request scope — they reconstruct auth from the
+     * `authContext` snapshotted into the event at emit time
+     * (see aggregate-element.ts emit handler).
+     *
+     * Events with `authContext: null` (system events / cron / seed) leave the
+     * adapters without auth — listeners with `protectBy()` will deny access
+     * downstream at the protection layer.
      */
     private buildScopedAdapters;
     destroy(): void;

package/dist/index.js CHANGED Viewed

@@ -50,6 +50,9 @@ class AuthAdapter {
         localStorage.removeItem(TOKEN_PREFIX + scope);
     }
   }
+  setDecoded(decoded, scope = "default") {
+    this.scopes.set(scope, { raw: "", decoded });
+  }
   loadPersisted() {
     if (!hasLocalStorage())
       return;
@@ -325,7 +328,8 @@ class EventWire {
           localId: e.localId,
           type: e.type,
           payload: e.payload,
-          createdAt: e.createdAt
+          createdAt: e.createdAt,
+          authContext: e.authContext
         }))
       }));
     }
@@ -541,11 +545,13 @@ class LocalEventPublisher {
   }
   async publish(event) {
     const allChanges = [];
+    const eventAuthContext = event.authContext ?? null;
     const storedEvent = {
       _id: event.id,
       type: event.type,
       payload: JSON.stringify(event.payload),
-      createdAt: event.createdAt.toISOString()
+      createdAt: event.createdAt.toISOString(),
+      authContext: eventAuthContext ? JSON.stringify(eventAuthContext) : null
     };
     allChanges.push({
       store: EVENT_TABLES.events,
@@ -1775,11 +1781,14 @@ class ArcEvent extends ArcContextElement {
         if (!adapters.eventPublisher) {
           throw new Error(`Event "${this.data.name}" cannot be emitted: no eventPublisher adapter available`);
         }
+        const decoded = adapters.authAdapter?.getDecoded() ?? null;
+        const authContext = decoded ? { tokenName: decoded.tokenName, params: decoded.params } : null;
         const event = {
           type: this.data.name,
           payload,
           id: this.eventId.generate(),
-          createdAt: new Date
+          createdAt: new Date,
+          authContext
         };
         await adapters.eventPublisher.publish(event);
       }
@@ -1997,11 +2006,14 @@ class AggregateBase {
           if (!adapters.eventPublisher) {
             throw new Error(`Cannot emit event "${arcEvent.name}": no eventPublisher adapter available`);
           }
+          const decoded = adapters.authAdapter?.getDecoded() ?? null;
+          const authContext = decoded ? { tokenName: decoded.tokenName, params: decoded.params } : null;
           const eventInstance = {
             type: arcEvent.name,
             payload,
             id: `${Date.now()}_${Math.random().toString(36).slice(2)}`,
-            createdAt: new Date
+            createdAt: new Date,
+            authContext
           };
           await adapters.eventPublisher.publish(eventInstance);
         }
@@ -2314,11 +2326,14 @@ class ArcAggregateElement extends ArcContextElement {
                 }
               }
             }
+            const decoded = adapters.authAdapter?.getDecoded() ?? null;
+            const authContext = decoded ? { tokenName: decoded.tokenName, params: decoded.params } : null;
             const eventInstance = {
               type: `${aggregateName}.${arcEvent.name}`,
               payload,
               id: `${Date.now()}_${Math.random().toString(36).slice(2)}`,
-              createdAt: new Date
+              createdAt: new Date,
+              authContext
             };
             await adapters.eventPublisher.publish(eventInstance);
           }
@@ -2597,31 +2612,15 @@ class ArcListener extends ArcContextElement {
     if (adapters.authAdapter?.isAuthenticated()) {
       return adapters;
     }
-    const allElements = [
-      ...this.data.queryElements,
-      ...this.data.mutationElements
-    ];
-    let tokenName = null;
-    for (const element of allElements) {
-      const protections = element.__aggregateProtections ?? element.data?.protections;
-      if (protections?.length > 0) {
-        tokenName = protections[0].token.name;
-        break;
-      }
-    }
-    if (!tokenName || !event2.payload) {
+    const authContext = event2.authContext;
+    if (!authContext) {
       return adapters;
     }
     const scopedAuth = new AuthAdapter;
-    scopedAuth.scopes = new Map([
-      ["default", {
-        raw: "",
-        decoded: {
-          tokenName,
-          params: event2.payload
-        }
-      }]
-    ]);
+    scopedAuth.setDecoded({
+      tokenName: authContext.tokenName,
+      params: authContext.params
+    });
     return { ...adapters, authAdapter: scopedAuth };
   }
   destroy() {
@@ -3059,7 +3058,8 @@ class ArcView extends ArcContextElement {
             type: storedEvent.type,
             payload,
             id: storedEvent._id,
-            createdAt: new Date(storedEvent.createdAt)
+            createdAt: new Date(storedEvent.createdAt),
+            authContext: storedEvent.authContext ? typeof storedEvent.authContext === "string" ? JSON.parse(storedEvent.authContext) : storedEvent.authContext : null
           };
           await handler(ctx, eventInstance);
         }
@@ -4770,7 +4770,8 @@ class StreamingEventPublisher {
         localId: event3.id,
         type: event3.type,
         payload: event3.payload,
-        createdAt: event3.createdAt.toISOString()
+        createdAt: event3.createdAt.toISOString(),
+        authContext: event3.authContext ?? null
       }
     ]);
   }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@arcote.tech/arc",
   "type": "module",
-  "version": "0.5.2",
+  "version": "0.5.5",
   "private": false,
   "author": "Przemysław Krasiński [arcote.tech]",
   "description": "Arc framework core rewrite with improved event emission and type safety",