@cobaltcore-dev/aurora 0.6.0 → 0.7.0

package/README.md

@@ -52,19 +52,65 @@ export function App() {
 
 ### `createServer(config)`
 
-| Option                            | Type      | Required | Default                    | Description                                                      |
-| --------------------------------- | --------- | -------- | -------------------------- | ---------------------------------------------------------------- |
-| `identityEndpoint`                | `string`  | yes      | —                          | OpenStack Keystone v3 URL                                        |
-| `policyDir`                       | `string`  | yes      | —                          | Absolute path to a directory of OpenStack policy YAML files      |
-| `bffEndpoint`                     | `string`  | no       | `"/polaris-bff"`           | URL prefix for all tRPC routes                                   |
-| `viteRoot`                        | `string`  | no       | —                          | Directory that contains `dist/client/` in production             |
-| `defaultEndpointInterface`        | `string`  | no       | `"public"`                 | OpenStack service catalog interface                              |
-| `proxyUrl`                        | `string`  | no       | —                          | HTTP proxy for OpenStack calls (dev only, ignored in production) |
-| `cephRegion`                      | `string`  | no       | —                          | Ceph RGW region for S3 operations                                |
-| `imageMetadataExcludedProperties` | `string`  | no       | —                          | Comma-separated image metadata keys to hide in the UI            |
-| `cookieName`                      | `string`  | no       | `"dashboard-session-auth"` | Override the session cookie name                                 |
-| `crossDomainCookie`               | `boolean` | no       | `true`                     | Share cookie across subdomains                                   |
-| `insecureCookies`                 | `boolean` | no       | `false`                    | Disable `Secure` flag — only for HTTP-only local dev             |
+| Option                            | Type          | Required | Default                    | Description                                                      |
+| --------------------------------- | ------------- | -------- | -------------------------- | ---------------------------------------------------------------- |
+| `identityEndpoint`                | `string`      | yes      | —                          | OpenStack Keystone v3 URL                                        |
+| `policyDir`                       | `string`      | yes      | —                          | Absolute path to a directory of OpenStack policy YAML files      |
+| `bffEndpoint`                     | `string`      | no       | `"/polaris-bff"`           | URL prefix for all tRPC routes                                   |
+| `viteRoot`                        | `string`      | no       | —                          | Directory that contains `dist/client/` in production             |
+| `defaultEndpointInterface`        | `string`      | no       | `"public"`                 | OpenStack service catalog interface                              |
+| `proxyUrl`                        | `string`      | no       | —                          | HTTP proxy for OpenStack calls (dev only, ignored in production) |
+| `cephRegion`                      | `string`      | no       | —                          | Ceph RGW region for S3 operations                                |
+| `imageMetadataExcludedProperties` | `string`      | no       | —                          | Comma-separated image metadata keys to hide in the UI            |
+| `cookieName`                      | `string`      | no       | `"dashboard-session-auth"` | Override the session cookie name                                 |
+| `crossDomainCookie`               | `boolean`     | no       | `true`                     | Share cookie across subdomains                                   |
+| `insecureCookies`                 | `boolean`     | no       | `false`                    | Disable `Secure` flag — only for HTTP-only local dev             |
+| `routers`                         | `AnyRouter[]` | no       | `[]`                       | Additional tRPC routers — see [Custom routers](#custom-routers)  |
+
+## Custom routers
+
+`createServer` accepts a `routers` option so consumers can add their own tRPC procedures that run alongside the built-in Aurora routes, sharing the same Fastify request context (session, cookies, OpenStack client).
+
+### Requirements
+
+Routers passed via `routers` **must** be created with the `auroraRouter` function exported from `@cobaltcore-dev/aurora/server`. Using a different `initTRPC` instance produces an incompatible context type and will cause runtime failures when procedures access `ctx.openstack`, `ctx.validateSession`, etc.
+
+For the full list of exported procedure builders and router utilities, see [`src/server/index.ts`](./src/server/index.ts).
+
+### Example
+
+```ts
+import { z } from "zod"
+import { auroraRouter, protectedProcedure, createServer } from "@cobaltcore-dev/aurora/server"
+
+const customRouter = auroraRouter({
+  feedback: protectedProcedure.input(z.object({ message: z.string() })).mutation(async ({ input }) => {
+    // ctx.validateSession(), ctx.openstack — all available here
+    return { status: "received" }
+  }),
+})
+
+const server = await createServer({
+  identityEndpoint: "https://keystone.example.com/v3/",
+  policyDir: path.resolve(__dirname, "../policies"),
+  routers: [customRouter],
+})
+```
+
+The procedure above is reachable at `POST <bffEndpoint>/feedback` via the tRPC client.
+
+### Registering additional Fastify plugins
+
+`createServer` returns the `FastifyInstance` before `.listen()` is called. You can register any Fastify plugin — metrics, tracing, custom middleware — on the returned instance before starting the server:
+
+```ts
+const server = await createServer({ ... })
+
+server.register(MyPlugin, { ... })
+server.get("/healthz", async () => ({ ok: true }))
+
+await server.listen({ host: "0.0.0.0", port: 4000 })
+```
 
 ### `<AuroraApp />`
 

package/dist/client/_auth-DXJkv9QO.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"_auth-DXJkv9QO.mjs","names":["Outlet","useAuth","RouteComponent","component"],"sources":["../../src/client/routes/_auth.tsx?tsr-split=component"],"sourcesContent":["import { createFileRoute, Outlet, redirect } from \"@tanstack/react-router\"\nimport { useAuth } from \"../store/AuthProvider\"\n\nexport const Route = createFileRoute(\"/_auth\")({\n  component: RouteComponent,\n  beforeLoad: async ({ context, location }) => {\n    if (!context.auth?.isAuthenticated) {\n      const token = await context.trpcClient?.auth.getCurrentUserSession.query()\n      if (!token) {\n        const redirectPath = location.pathname ? location.pathname : \"\"\n\n        throw redirect({\n          to: \"/\",\n          search: { redirect: redirectPath },\n        })\n      }\n      context.auth?.login(token.user, token.expires_at)\n    }\n  },\n})\n\nfunction RouteComponent() {\n  useAuth()\n\n  return <Outlet />\n}\n"],"mappings":";;;;AAqBA,SAASE,IAAAA;CAGP,OAFAD,EAAAA,GAEO,gBAAC,GAAA,CAAA,CAAA;AACV"}
+{"version":3,"file":"_auth-DXJkv9QO.mjs","names":["Outlet","useAuth","RouteComponent","component"],"sources":["../../src/client/routes/_auth.tsx?tsr-split=component"],"sourcesContent":["import { createFileRoute, Outlet, redirect } from \"@tanstack/react-router\"\nimport { useAuth } from \"../store/AuthProvider\"\n\nexport const Route = createFileRoute(\"/_auth\")({\n  component: RouteComponent,\n  beforeLoad: async ({ context, location }) => {\n    // Always validate cookie first, even if client state says authenticated\n    // This prevents race condition where cookie exists (e.g., from legacy dashboard)\n    // but client state hasn't been initialized yet\n    if (!context.auth?.isAuthenticated) {\n      const token = await context.trpcClient?.auth.getCurrentUserSession.query()\n      if (token) {\n        // Update client state immediately when cookie is valid\n        context.auth?.login(token.user, token.expires_at)\n        return // Continue to route\n      }\n    }\n\n    // Only redirect if still not authenticated after cookie validation\n    if (!context.auth?.isAuthenticated) {\n      const redirectPath = location.pathname ? location.pathname : \"\"\n\n      throw redirect({\n        to: \"/\",\n        search: { redirect: redirectPath },\n      })\n    }\n  },\n})\n\nfunction RouteComponent() {\n  useAuth()\n\n  return <Outlet />\n}\n"],"mappings":";;;;AA8BA,SAASE,IAAAA;CAGP,OAFAD,EAAAA,GAEO,gBAAC,GAAA,CAAA,CAAA;AACV"}

package/dist/client/index.js

@@ -290,13 +290,16 @@ var Ue = j("/about")({ component: M(() => import("./about-Bo9vxGHy.mjs"), "compo
 	component: M(() => import("./_auth-DXJkv9QO.mjs"), "component"),
 	beforeLoad: async ({ context: e, location: t }) => {
 		if (!e.auth?.isAuthenticated) {
-			let n = await e.trpcClient?.auth.getCurrentUserSession.query();
-			if (!n) throw N({
-				to: "/",
-				search: { redirect: t.pathname ? t.pathname : "" }
-			});
-			e.auth?.login(n.user, n.expires_at);
+			let t = await e.trpcClient?.auth.getCurrentUserSession.query();
+			if (t) {
+				e.auth?.login(t.user, t.expires_at);
+				return;
+			}
 		}
+		if (!e.auth?.isAuthenticated) throw N({
+			to: "/",
+			search: { redirect: t.pathname ? t.pathname : "" }
+		});
 	}
 });
 //#endregion