npm - @flink-app/flink - Versions diffs - 2.0.0-alpha.97 → 2.0.0-alpha.98 - Mend

@flink-app/flink 2.0.0-alpha.97 → 2.0.0-alpha.98

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md +26 -0
package/dist/src/FlinkHttpHandler.d.ts +7 -0
package/package.json +1 -1
package/src/FlinkHttpHandler.ts +7 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,31 @@
 # @flink-app/flink
+## 2.0.0-alpha.98
+### Minor Changes
+-   2f4a132: feat: expose verified token on the request
+    The JWT auth plugin now populates `req.token` (the decoded, signature-verified
+    payload) and `req.rawToken` (the original token string) after successful
+    authentication. Handlers can read token claims such as `jti` directly instead of
+    re-extracting and re-decoding the bearer token with an unverified decode.
+    ```ts
+    // Before
+    const authHeader = req.headers.authorization;
+    const bearer = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : undefined;
+    const decoded = bearer ? (jsonwebtoken.decode(bearer) as { jti?: string }) : null;
+    const sessionId = decoded?.jti ?? legacySessionId(req.user._id);
+    // After
+    const { jti } = (req.token as { jti?: string }) ?? {};
+    const sessionId = jti ?? legacySessionId(req.user._id);
+    ```
+    `token` / `rawToken` are added as optional fields on the core `FlinkRequest`
+    type, populated by auth plugins that have a token concept.
 ## 2.0.0-alpha.97
 ### Minor Changes

package/dist/src/FlinkHttpHandler.d.ts CHANGED Viewed

@@ -93,11 +93,18 @@ export interface StreamWriter<T = any> {
  * userPermissions is populated by auth plugins during authentication and contains
  * the resolved permissions array based on the plugin's configuration (roles, dynamic
  * roles, custom permissions, etc.)
+ *
+ * token / rawToken are populated by auth plugins that have a token concept (e.g. JWT).
+ * `token` is the decoded, signature-verified payload; `rawToken` is the original token
+ * string that authenticated the request (Bearer header or custom tokenExtractor output).
+ * Both are optional and only set once authentication succeeds.
  */
 export type FlinkRequest<T = any, P = Params, Q = Query> = Request<P, any, T, Q> & {
     reqId: string;
     user?: any;
     userPermissions?: string[];
+    token?: any;
+    rawToken?: string;
 };
 /**
  * Route props to control routing.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@flink-app/flink",
-  "version": "2.0.0-alpha.97",
+  "version": "2.0.0-alpha.98",
   "description": "Typescript only framework for creating REST-like APIs on top of Express and mongodb",
   "types": "dist/src/index.d.ts",
   "main": "dist/src/index.js",

package/src/FlinkHttpHandler.ts CHANGED Viewed

@@ -104,11 +104,18 @@ export interface StreamWriter<T = any> {
  * userPermissions is populated by auth plugins during authentication and contains
  * the resolved permissions array based on the plugin's configuration (roles, dynamic
  * roles, custom permissions, etc.)
+ *
+ * token / rawToken are populated by auth plugins that have a token concept (e.g. JWT).
+ * `token` is the decoded, signature-verified payload; `rawToken` is the original token
+ * string that authenticated the request (Bearer header or custom tokenExtractor output).
+ * Both are optional and only set once authentication succeeds.
  */
 export type FlinkRequest<T = any, P = Params, Q = Query> = Request<P, any, T, Q> & {
     reqId: string;
     user?: any;
     userPermissions?: string[]; // Resolved permissions from auth plugin
+    token?: any; // Decoded, verified token payload (set by auth plugin)
+    rawToken?: string; // Raw token string that authenticated the request
 };
 /**