@daltonr/authwrite-fastify 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+import type { FastifyRequest, FastifyReply, preHandlerHookHandler } from 'fastify';
+import type { Action, AuthEvaluator, Decision, Subject, Resource } from '@daltonr/authwrite-core';
+declare module 'fastify' {
+    interface FastifyRequest {
+        authDecision?: Decision;
+    }
+}
+export interface AuthHookConfig<S extends Subject = Subject, R extends Resource = Resource> {
+    engine: AuthEvaluator<S, R>;
+    subject: (req: FastifyRequest) => S | Promise<S>;
+    resource: (req: FastifyRequest) => R | undefined | Promise<R | undefined>;
+    action: Action | ((req: FastifyRequest) => Action);
+    onDeny?: (req: FastifyRequest, reply: FastifyReply, decision: Decision) => void | Promise<void>;
+}
+export declare function createAuthHook<S extends Subject = Subject, R extends Resource = Resource>(config: AuthHookConfig<S, R>): preHandlerHookHandler;

package/dist/index.js

@@ -0,0 +1,18 @@
+// ─── Hook factory ─────────────────────────────────────────────────────────────
+export function createAuthHook(config) {
+    return async (req, reply) => {
+        const subject = await config.subject(req);
+        const resource = await config.resource(req);
+        const action = typeof config.action === 'function' ? config.action(req) : config.action;
+        const decision = await config.engine.evaluate({ subject, resource, action });
+        req.authDecision = decision;
+        if (decision.allowed)
+            return;
+        if (config.onDeny) {
+            await config.onDeny(req, reply, decision);
+            return;
+        }
+        reply.status(403).send({ error: 'forbidden', reason: decision.reason });
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAwBA,iFAAiF;AAEjF,MAAM,UAAU,cAAc,CAG5B,MAA4B;IAC5B,OAAO,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QACxD,MAAM,OAAO,GAAI,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC1C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3C,MAAM,MAAM,GAAK,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAA;QAEzF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAE5E,GAAG,CAAC,YAAY,GAAG,QAAQ,CAAA;QAE3B,IAAI,QAAQ,CAAC,OAAO;YAAE,OAAM;QAE5B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAA;YACzC,OAAM;QACR,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;IACzE,CAAC,CAAA;AACH,CAAC"}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@daltonr/authwrite-fastify",
+  "version": "0.1.0",
+  "type": "module",
+  "license": "MIT",
+  "description": "Fastify hooks and decorators adapter for AuthEngine.",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/richardadalton/authwrite.git",
+    "directory": "packages/fastify"
+  },
+  "keywords": ["authorization", "authz", "fastify", "plugin"],
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": ["dist", "src", "README.md", "LICENSE"],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "prepublishOnly": "test -d dist && echo 'dist already built, skipping' || (npm run clean && npm run build)"
+  },
+  "dependencies": {
+    "@daltonr/authwrite-core": "*"
+  },
+  "peerDependencies": {
+    "fastify": ">=4.0.0"
+  },
+  "devDependencies": {
+    "fastify": "^5.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/src/index.ts

@@ -0,0 +1,49 @@
+import type { FastifyRequest, FastifyReply, preHandlerHookHandler } from 'fastify'
+import type { Action, AuthEvaluator, Decision, Subject, Resource } from '@daltonr/authwrite-core'
+
+// ─── Request augmentation ─────────────────────────────────────────────────────
+
+declare module 'fastify' {
+  interface FastifyRequest {
+    authDecision?: Decision
+  }
+}
+
+// ─── Config ───────────────────────────────────────────────────────────────────
+
+export interface AuthHookConfig<
+  S extends Subject = Subject,
+  R extends Resource = Resource,
+> {
+  engine:   AuthEvaluator<S, R>
+  subject:  (req: FastifyRequest) => S | Promise<S>
+  resource: (req: FastifyRequest) => R | undefined | Promise<R | undefined>
+  action:   Action | ((req: FastifyRequest) => Action)
+  onDeny?:  (req: FastifyRequest, reply: FastifyReply, decision: Decision) => void | Promise<void>
+}
+
+// ─── Hook factory ─────────────────────────────────────────────────────────────
+
+export function createAuthHook<
+  S extends Subject = Subject,
+  R extends Resource = Resource,
+>(config: AuthHookConfig<S, R>): preHandlerHookHandler {
+  return async (req: FastifyRequest, reply: FastifyReply) => {
+    const subject  = await config.subject(req)
+    const resource = await config.resource(req)
+    const action   = typeof config.action === 'function' ? config.action(req) : config.action
+
+    const decision = await config.engine.evaluate({ subject, resource, action })
+
+    req.authDecision = decision
+
+    if (decision.allowed) return
+
+    if (config.onDeny) {
+      await config.onDeny(req, reply, decision)
+      return
+    }
+
+    reply.status(403).send({ error: 'forbidden', reason: decision.reason })
+  }
+}