@flowerforce/flowerbase 1.6.2-beta.0 → 1.6.2

package/CHANGELOG.md

@@ -1,3 +1,14 @@
+## 1.6.2 (2026-01-30)
+
+
+### 🩹 Fixes
+
+- trigger auth check providers ([636809e](https://github.com/flowerforce/flowerbase/commit/636809e))
+
+- check providers auth disabled ([85f3988](https://github.com/flowerforce/flowerbase/commit/85f3988))
+
+- add env swagger enable ([0ca2a5a](https://github.com/flowerforce/flowerbase/commit/0ca2a5a))
+
 ## 1.6.1 (2026-01-30)
 
 

package/README.md

@@ -92,8 +92,8 @@ Ensure the following environment variables are set in your .env file or deployme
 | ---------------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
 | `PROJECT_ID`           | A unique ID to identify your project. This value can be freely invented — it's preserved mainly for compatibility with the old Realm-style project structure.                     | `my-flowerbase-app`                                |
 | `PORT`                 | The port on which the server will run.                                      | `3000`                                             |
-| `DB_CONNECTION_STRING` | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
-| `APP_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
+| `MONGODB_URL`          | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
+| `JWT_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
 | `HOST`                 | The host address the server binds to (usually `0.0.0.0` for public access). | `0.0.0.0`                                          |
 | `HTTPS_SCHEMA`         | The schema for your server requests (usually `https` or `http`).            | `http`                                             |
 | `RESET_PASSWORD_TTL_SECONDS` | Time-to-live for password reset tokens (in seconds).                  | `3600`                                             |
@@ -101,6 +101,7 @@ Ensure the following environment variables are set in your .env file or deployme
 | `AUTH_LOGIN_MAX_ATTEMPTS`    | Max login attempts per window.                                         | `10`                                               |
 | `AUTH_RESET_MAX_ATTEMPTS`    | Max reset requests per window.                                         | `5`                                                |
 | `REFRESH_TOKEN_TTL_DAYS`     | Refresh token time-to-live (in days).                                  | `60`                                               |
+| `SWAGGER_ENABLED`      | Enable Swagger UI and spec routes (disabled by default).                    | `true`                                             |
 | `SWAGGER_UI_USER`      | Basic Auth username for Swagger UI (optional).                            | `admin`                                            |
 | `SWAGGER_UI_PASSWORD`  | Basic Auth password for Swagger UI (optional).                            | `change-me`                                        |
 
@@ -109,8 +110,8 @@ Example:
 ```env
 PROJECT_ID=your-project-id
 PORT=3000
-DB_CONNECTION_STRING=mongodb+srv://username:password@cluster.mongodb.net/dbname
-APP_SECRET=your-jwt-secret
+MONGODB_URL=mongodb+srv://username:password@cluster.mongodb.net/dbname
+JWT_SECRET=your-jwt-secret
 HOST=0.0.0.0
 HTTPS_SCHEMA=http
 RESET_PASSWORD_TTL_SECONDS=3600
@@ -118,6 +119,7 @@ AUTH_RATE_LIMIT_WINDOW_MS=900000
 AUTH_LOGIN_MAX_ATTEMPTS=10
 AUTH_RESET_MAX_ATTEMPTS=5
 REFRESH_TOKEN_TTL_DAYS=60
+SWAGGER_ENABLED=true
 SWAGGER_UI_USER=admin
 SWAGGER_UI_PASSWORD=change-me
 ```
@@ -134,8 +136,8 @@ import { initialize } from '@flowerforce/flowerbase';
 
 const projectId = process.env.PROJECT_ID ?? "my-project-id"
 const port = process.env.PORT ? Number(process.env.PORT) : undefined
-const mongodbUrl = process.env.DB_CONNECTION_STRING
-const jwtSecret = process.env.APP_SECRET
+const mongodbUrl = process.env.MONGODB_URL
+const jwtSecret = process.env.JWT_SECRET
 const host = process.env.HOST
 
 initialize({
@@ -401,8 +403,8 @@ import { initialize } from '@flowerforce/flowerbase';
 
 const projectId = process.env.PROJECT_ID ?? "my-project-id"
 const port = process.env.PORT ? Number(process.env.PORT) : undefined
-const mongodbUrl = process.env.DB_CONNECTION_STRING
-const jwtSecret = process.env.APP_SECRET
+const mongodbUrl = process.env.MONGODB_URL
+const jwtSecret = process.env.JWT_SECRET
 const host = process.env.HOST
 
 initialize({
@@ -422,8 +424,8 @@ Ensure the following environment variables are set in your .env file or deployme
 | ---------------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
 | `PROJECT_ID`           | A unique ID to identify your project. This value can be freely invented — it's preserved mainly for compatibility with the old Realm-style project structure.                     | `my-flowerbase-app`                                |
 | `PORT`                 | The port on which the server will run.                                      | `3000`                                             |
-| `DB_CONNECTION_STRING` | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
-| `APP_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
+| `MONGODB_URL`          | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
+| `JWT_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
 | `HOST`                 | The host address the server binds to (usually `0.0.0.0` for public access). | `0.0.0.0`                                          |
 | `HTTPS_SCHEMA`         | The schema for your server requests (usually `https` or `http`).            | `http`                                             |
 | `RESET_PASSWORD_TTL_SECONDS` | Time-to-live for password reset tokens (in seconds).                  | `3600`                                             |
@@ -431,6 +433,7 @@ Ensure the following environment variables are set in your .env file or deployme
 | `AUTH_LOGIN_MAX_ATTEMPTS`    | Max login attempts per window.                                         | `10`                                               |
 | `AUTH_RESET_MAX_ATTEMPTS`    | Max reset requests per window.                                         | `5`                                                |
 | `REFRESH_TOKEN_TTL_DAYS`     | Refresh token time-to-live (in days).                                  | `60`                                               |
+| `SWAGGER_ENABLED`      | Enable Swagger UI and spec routes (disabled by default).                    | `true`                                             |
 | `SWAGGER_UI_USER`      | Basic Auth username for Swagger UI (optional).                            | `admin`                                            |
 | `SWAGGER_UI_PASSWORD`  | Basic Auth password for Swagger UI (optional).                            | `change-me`                                        |
 
@@ -439,8 +442,8 @@ Example:
 ```env
 PROJECT_ID=your-project-id
 PORT=3000
-DB_CONNECTION_STRING=mongodb+srv://username:password@cluster.mongodb.net/dbname
-APP_SECRET=your-jwt-secret
+MONGODB_URL=mongodb+srv://username:password@cluster.mongodb.net/dbname
+JWT_SECRET=your-jwt-secret
 HOST=0.0.0.0
 HTTPS_SCHEMA=http
 RESET_PASSWORD_TTL_SECONDS=3600
@@ -448,6 +451,7 @@ AUTH_RATE_LIMIT_WINDOW_MS=900000
 AUTH_LOGIN_MAX_ATTEMPTS=10
 AUTH_RESET_MAX_ATTEMPTS=5
 REFRESH_TOKEN_TTL_DAYS=60
+SWAGGER_ENABLED=true
 SWAGGER_UI_USER=admin
 SWAGGER_UI_PASSWORD=change-me
 ```

package/dist/constants.d.ts

@@ -14,6 +14,7 @@ export declare const DEFAULT_CONFIG: {
     AUTH_RESET_MAX_ATTEMPTS: number;
     REFRESH_TOKEN_TTL_DAYS: number;
     ANON_USER_TTL_SECONDS: number;
+    SWAGGER_ENABLED: boolean;
     SWAGGER_UI_USER: string;
     SWAGGER_UI_PASSWORD: string;
     CORS_OPTIONS: {

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAUpC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;iBAmBsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAAA;AAE7E,eAAO,MAAM,WAAW;;;;;;;mBAOqB,aAAa;;;;;;;;;CAOzD,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAepC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;iBAoBsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAAA;AAE7E,eAAO,MAAM,WAAW;;;;;;;mBAOqB,aAAa;;;;;;;;;CAOzD,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}

package/dist/constants.js

@@ -14,6 +14,11 @@ var _a, _b, _c;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.S3_CONFIG = exports.AUTH_CONFIG = exports.DB_NAME = exports.HTTPS_SCHEMA = exports.API_VERSION = exports.DEFAULT_CONFIG = void 0;
 const utils_1 = require("./auth/utils");
+const parseBoolean = (value) => {
+    if (!value)
+        return false;
+    return ['1', 'true', 'yes', 'on'].includes(value.toLowerCase());
+};
 const { database_name, collection_name = 'users', user_id_field = 'id', on_user_creation_function_name } = (0, utils_1.loadCustomUserData)();
 const _d = (0, utils_1.loadAuthConfig)(), { auth_collection = 'auth_users' } = _d, configuration = __rest(_d, ["auth_collection"]);
 exports.DEFAULT_CONFIG = {
@@ -31,6 +36,7 @@ exports.DEFAULT_CONFIG = {
     AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
     REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
     ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
+    SWAGGER_ENABLED: parseBoolean(process.env.SWAGGER_ENABLED),
     SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
     SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
     CORS_OPTIONS: {

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AActB,cAAc,SAAS,CAAA;AAGvB,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;AAE/D,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,eAAe,EAAE,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,EAC/B,SAAS,EACT,IAA0B,EAC1B,SAAqC,EACrC,IAA0B,EAC1B,UAAuC,EACvC,UAAwC,EACxC,QAAQ,EACT,EAAE,gBAAgB,iBA6GlB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AActB,cAAc,SAAS,CAAA;AAGvB,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;AAE/D,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,eAAe,EAAE,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,EAC/B,SAAS,EACT,IAA0B,EAC1B,SAAqC,EACrC,IAA0B,EAC1B,UAAuC,EACvC,UAAwC,EACxC,QAAQ,EACT,EAAE,gBAAgB,iBA+GlB"}

package/dist/index.js

@@ -108,48 +108,50 @@ function initialize(_a) {
             services: services_1.services
         };
         Object.entries(stateConfig).forEach(([key, value]) => state_1.StateManager.setData(key, value));
-        yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger'))));
-        yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger-ui'))), {
-            routePrefix: '/documentation',
-            uiConfig: {
-                docExpansion: 'full',
-                deepLinking: false
-            },
-            uiHooks: {
-                onRequest: function (request, reply, next) {
-                    const swaggerUser = constants_1.DEFAULT_CONFIG.SWAGGER_UI_USER;
-                    const swaggerPassword = constants_1.DEFAULT_CONFIG.SWAGGER_UI_PASSWORD;
-                    if (!swaggerUser && !swaggerPassword) {
+        if (constants_1.DEFAULT_CONFIG.SWAGGER_ENABLED) {
+            yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger'))));
+            yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger-ui'))), {
+                routePrefix: '/documentation',
+                uiConfig: {
+                    docExpansion: 'full',
+                    deepLinking: false
+                },
+                uiHooks: {
+                    onRequest: function (request, reply, next) {
+                        const swaggerUser = constants_1.DEFAULT_CONFIG.SWAGGER_UI_USER;
+                        const swaggerPassword = constants_1.DEFAULT_CONFIG.SWAGGER_UI_PASSWORD;
+                        if (!swaggerUser && !swaggerPassword) {
+                            next();
+                            return;
+                        }
+                        const authHeader = request.headers.authorization;
+                        if (!authHeader || !authHeader.startsWith('Basic ')) {
+                            reply
+                                .code(401)
+                                .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+                                .send({ message: 'Unauthorized' });
+                            return;
+                        }
+                        const encoded = authHeader.slice('Basic '.length);
+                        const decoded = Buffer.from(encoded, 'base64').toString('utf8');
+                        const [user, pass] = decoded.split(':');
+                        if (user !== swaggerUser || pass !== swaggerPassword) {
+                            reply
+                                .code(401)
+                                .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+                                .send({ message: 'Unauthorized' });
+                            return;
+                        }
                         next();
-                        return;
-                    }
-                    const authHeader = request.headers.authorization;
-                    if (!authHeader || !authHeader.startsWith('Basic ')) {
-                        reply
-                            .code(401)
-                            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-                            .send({ message: 'Unauthorized' });
-                        return;
-                    }
-                    const encoded = authHeader.slice('Basic '.length);
-                    const decoded = Buffer.from(encoded, 'base64').toString('utf8');
-                    const [user, pass] = decoded.split(':');
-                    if (user !== swaggerUser || pass !== swaggerPassword) {
-                        reply
-                            .code(401)
-                            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-                            .send({ message: 'Unauthorized' });
-                        return;
-                    }
-                    next();
+                    },
+                    preHandler: function (request, reply, next) { next(); }
                 },
-                preHandler: function (request, reply, next) { next(); }
-            },
-            staticCSP: true,
-            transformStaticCSP: (header) => header,
-            transformSpecification: (swaggerObject) => { return swaggerObject; },
-            transformSpecificationClone: true
-        });
+                staticCSP: true,
+                transformStaticCSP: (header) => header,
+                transformSpecification: (swaggerObject) => { return swaggerObject; },
+                transformSpecificationClone: true
+            });
+        }
         yield (0, registerPlugins_1.registerPlugins)({
             register: fastify.register,
             mongodbUrl,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.6.2-beta.0",
+  "version": "1.6.2",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/constants.ts

@@ -1,6 +1,11 @@
 import { loadAuthConfig, loadCustomUserData } from './auth/utils'
 import { ALLOWED_METHODS } from './'
 
+const parseBoolean = (value?: string) => {
+  if (!value) return false
+  return ['1', 'true', 'yes', 'on'].includes(value.toLowerCase())
+}
+
 const {
   database_name,
   collection_name = 'users',
@@ -24,6 +29,7 @@ export const DEFAULT_CONFIG = {
   AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
   REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
   ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
+  SWAGGER_ENABLED: parseBoolean(process.env.SWAGGER_ENABLED),
   SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
   SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
   CORS_OPTIONS: {

package/src/index.ts

@@ -91,49 +91,51 @@ export async function initialize({
     StateManager.setData(key as Parameters<typeof StateManager.setData>[0], value)
   )
 
-  await fastify.register(import('@fastify/swagger'))
-
-  await fastify.register(import('@fastify/swagger-ui'), {
-    routePrefix: '/documentation',
-    uiConfig: {
-      docExpansion: 'full',
-      deepLinking: false
-    },
-    uiHooks: {
-      onRequest: function (request, reply, next) {
-        const swaggerUser = DEFAULT_CONFIG.SWAGGER_UI_USER
-        const swaggerPassword = DEFAULT_CONFIG.SWAGGER_UI_PASSWORD
-        if (!swaggerUser && !swaggerPassword) {
+  if (DEFAULT_CONFIG.SWAGGER_ENABLED) {
+    await fastify.register(import('@fastify/swagger'))
+
+    await fastify.register(import('@fastify/swagger-ui'), {
+      routePrefix: '/documentation',
+      uiConfig: {
+        docExpansion: 'full',
+        deepLinking: false
+      },
+      uiHooks: {
+        onRequest: function (request, reply, next) {
+          const swaggerUser = DEFAULT_CONFIG.SWAGGER_UI_USER
+          const swaggerPassword = DEFAULT_CONFIG.SWAGGER_UI_PASSWORD
+          if (!swaggerUser && !swaggerPassword) {
+            next()
+            return
+          }
+          const authHeader = request.headers.authorization
+          if (!authHeader || !authHeader.startsWith('Basic ')) {
+            reply
+              .code(401)
+              .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+              .send({ message: 'Unauthorized' })
+            return
+          }
+          const encoded = authHeader.slice('Basic '.length)
+          const decoded = Buffer.from(encoded, 'base64').toString('utf8')
+          const [user, pass] = decoded.split(':')
+          if (user !== swaggerUser || pass !== swaggerPassword) {
+            reply
+              .code(401)
+              .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+              .send({ message: 'Unauthorized' })
+            return
+          }
           next()
-          return
-        }
-        const authHeader = request.headers.authorization
-        if (!authHeader || !authHeader.startsWith('Basic ')) {
-          reply
-            .code(401)
-            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-            .send({ message: 'Unauthorized' })
-          return
-        }
-        const encoded = authHeader.slice('Basic '.length)
-        const decoded = Buffer.from(encoded, 'base64').toString('utf8')
-        const [user, pass] = decoded.split(':')
-        if (user !== swaggerUser || pass !== swaggerPassword) {
-          reply
-            .code(401)
-            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-            .send({ message: 'Unauthorized' })
-          return
-        }
-        next()
+        },
+        preHandler: function (request, reply, next) { next() }
       },
-      preHandler: function (request, reply, next) { next() }
-    },
-    staticCSP: true,
-    transformStaticCSP: (header) => header,
-    transformSpecification: (swaggerObject,) => { return swaggerObject },
-    transformSpecificationClone: true
-  })
+      staticCSP: true,
+      transformStaticCSP: (header) => header,
+      transformSpecification: (swaggerObject,) => { return swaggerObject },
+      transformSpecificationClone: true
+    })
+  }
 
   await registerPlugins({
     register: fastify.register,