@invect/user-auth 0.0.1 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/README.md +81 -72
  2. package/dist/backend/index.cjs +410 -54
  3. package/dist/backend/index.cjs.map +1 -1
  4. package/dist/backend/index.d.cts +456 -0
  5. package/dist/backend/index.d.cts.map +1 -0
  6. package/dist/backend/index.d.mts +456 -0
  7. package/dist/backend/index.d.mts.map +1 -0
  8. package/dist/backend/index.d.ts +28 -18
  9. package/dist/backend/index.d.ts.map +1 -1
  10. package/dist/backend/index.mjs +408 -53
  11. package/dist/backend/index.mjs.map +1 -1
  12. package/dist/backend/plugin.d.ts +15 -15
  13. package/dist/backend/plugin.d.ts.map +1 -1
  14. package/dist/backend/types.d.ts +85 -9
  15. package/dist/backend/types.d.ts.map +1 -1
  16. package/dist/frontend/components/ApiKeysDialog.d.ts +17 -0
  17. package/dist/frontend/components/ApiKeysDialog.d.ts.map +1 -0
  18. package/dist/frontend/components/AuthenticatedInvect.d.ts +10 -10
  19. package/dist/frontend/components/SignInForm.d.ts.map +1 -1
  20. package/dist/frontend/components/SignInPage.d.ts.map +1 -1
  21. package/dist/frontend/components/UserManagement.d.ts.map +1 -1
  22. package/dist/frontend/index.cjs +434 -58
  23. package/dist/frontend/index.cjs.map +1 -1
  24. package/dist/frontend/index.d.cts +317 -0
  25. package/dist/frontend/index.d.cts.map +1 -0
  26. package/dist/frontend/index.d.mts +317 -0
  27. package/dist/frontend/index.d.mts.map +1 -0
  28. package/dist/frontend/index.d.ts +3 -1
  29. package/dist/frontend/index.d.ts.map +1 -1
  30. package/dist/frontend/index.mjs +418 -43
  31. package/dist/frontend/index.mjs.map +1 -1
  32. package/dist/frontend/plugins/authFrontendPlugin.d.ts +2 -2
  33. package/dist/frontend/plugins/authFrontendPlugin.d.ts.map +1 -1
  34. package/dist/shared/types.d.cts +49 -0
  35. package/dist/shared/types.d.cts.map +1 -0
  36. package/dist/shared/types.d.mts +49 -0
  37. package/dist/shared/types.d.mts.map +1 -0
  38. package/package.json +68 -66
package/README.md CHANGED
@@ -1,6 +1,21 @@
1
- # @invect/user-auth
1
+ <p align="center">
2
+ <picture>
3
+ <source media="(prefers-color-scheme: dark)" srcset="../../../.github/assets/logo-light.svg">
4
+ <img alt="Invect" src="../../../.github/assets/logo-dark.svg" width="50">
5
+ </picture>
6
+ </p>
2
7
 
3
- Better Auth integration for [Invect](https://github.com/invect/invect). Adds user authentication, session management, identity resolution, and auth UI components.
8
+ <h1 align="center">@invect/user-auth</h1>
9
+
10
+ <p align="center">
11
+ Authentication plugin for Invect, powered by Better Auth.
12
+ <br />
13
+ <a href="https://invect.dev/docs/plugins"><strong>Docs</strong></a>
14
+ </p>
15
+
16
+ ---
17
+
18
+ Adds user authentication, session management, and auth UI components to Invect. Built on [Better Auth](https://www.better-auth.com/).
4
19
 
5
20
  ## Install
6
21
 
@@ -8,99 +23,93 @@ Better Auth integration for [Invect](https://github.com/invect/invect). Adds use
8
23
  pnpm add @invect/user-auth better-auth
9
24
  ```
10
25
 
11
- ## Usage
26
+ ## Backend
12
27
 
13
- ### Backend
28
+ The simplest setup — the plugin manages Better Auth internally using Invect's database:
14
29
 
15
30
  ```ts
16
- import { betterAuth } from 'better-auth';
17
- import { betterAuthPlugin } from '@invect/user-auth';
18
31
  import { createInvectRouter } from '@invect/express';
32
+ import { authentication } from '@invect/user-auth';
19
33
 
20
- // 1. Configure better-auth
21
- const auth = betterAuth({
22
- database: { url: 'file:./auth.db', type: 'sqlite' },
23
- emailAndPassword: { enabled: true },
24
- });
25
-
26
- // 2. Add the plugin
27
- app.use('/invect', createInvectRouter({
28
- databaseUrl: 'file:./dev.db',
34
+ const invectRouter = await createInvectRouter({
35
+ database: { type: 'sqlite', connectionString: 'file:./dev.db' },
36
+ encryptionKey: process.env.INVECT_ENCRYPTION_KEY!,
29
37
  plugins: [
30
- betterAuthPlugin({
31
- auth,
38
+ authentication({
32
39
  globalAdmins: [
33
- {
34
- email: process.env.INVECT_ADMIN_EMAIL,
35
- pw: process.env.INVECT_ADMIN_PASSWORD,
36
- name: 'Admin',
37
- },
40
+ { email: process.env.INVECT_ADMIN_EMAIL!, pw: process.env.INVECT_ADMIN_PASSWORD! },
38
41
  ],
39
42
  }),
40
43
  ],
41
- }));
44
+ });
45
+
46
+ app.use('/invect', invectRouter);
42
47
  ```
43
48
 
44
- `globalAdmins` is the explicit source of truth for seeded admin accounts. If you
45
- want to use environment variables, wire them into that array yourself.
49
+ For full control, provide your own Better Auth instance:
46
50
 
47
- ### Frontend
51
+ ```ts
52
+ import { betterAuth } from 'better-auth';
53
+ import { authentication } from '@invect/user-auth';
54
+
55
+ const auth = betterAuth({
56
+ database: { url: 'file:./auth.db', type: 'sqlite' },
57
+ emailAndPassword: { enabled: true },
58
+ });
59
+
60
+ const invectRouter = await createInvectRouter({
61
+ database: { type: 'sqlite', connectionString: 'file:./dev.db' },
62
+ encryptionKey: process.env.INVECT_ENCRYPTION_KEY!,
63
+ plugins: [authentication({ auth })],
64
+ });
65
+
66
+ app.use('/invect', invectRouter);
67
+ ```
68
+
69
+ Sign-up is disabled in the UI. The initial admin is seeded from `globalAdmins`. Subsequent users are created by admins through the user management UI or API.
70
+
71
+ ## Frontend
48
72
 
49
73
  ```tsx
50
- import { AuthProvider, useAuth, SignInForm, UserButton, AuthGate } from '@invect/user-auth/ui';
51
-
52
- function App() {
53
- return (
54
- <AuthProvider baseUrl="http://localhost:3000/invect">
55
- <AuthGate fallback={<SignInPage />}>
56
- <Header />
57
- <MainApp />
58
- </AuthGate>
59
- </AuthProvider>
60
- );
61
- }
62
-
63
- function Header() {
64
- return (
65
- <header>
66
- <UserButton />
67
- </header>
68
- );
69
- }
70
-
71
- function SignInPage() {
72
- return <SignInForm onSuccess={() => window.location.reload()} />;
73
- }
74
+ import { Invect, InvectShell } from '@invect/ui';
75
+ import { AuthenticatedInvect } from '@invect/user-auth/ui';
76
+ import '@invect/ui/styles';
77
+
78
+ <AuthenticatedInvect
79
+ apiBaseUrl="/api/invect"
80
+ basePath="/invect"
81
+ InvectComponent={Invect}
82
+ ShellComponent={InvectShell}
83
+ theme="light"
84
+ />;
74
85
  ```
75
86
 
76
- ## Package Exports
87
+ Or compose manually:
77
88
 
78
- | Entry Point | Import | Content |
79
- |-------------|--------|---------|
80
- | `@invect/user-auth` | `import { betterAuthPlugin } from '@invect/user-auth'` | Backend plugin (Node.js) |
81
- | `@invect/user-auth/ui` | `import { AuthProvider, useAuth } from '@invect/user-auth/ui'` | Frontend components (Browser) |
82
- | `@invect/user-auth/types` | `import type { AuthUser } from '@invect/user-auth/types'` | Shared types |
89
+ ```tsx
90
+ import { AuthProvider, AuthGate, SignInPage, UserButton } from '@invect/user-auth/ui';
83
91
 
84
- ## What It Does
92
+ <AuthProvider baseUrl="http://localhost:3000/invect">
93
+ <AuthGate fallback={<SignInPage />}>
94
+ <Invect apiBaseUrl="http://localhost:3000/invect" />
95
+ </AuthGate>
96
+ </AuthProvider>;
97
+ ```
98
+
99
+ ## Exports
85
100
 
86
- ### Backend (`@invect/user-auth`)
87
- - **Proxies auth routes** — Sign-in, sign-up, OAuth, session endpoints at `/plugins/auth/*`
88
- - **Resolves sessions** — Every Invect API request calls `auth.api.getSession()` to populate `InvectIdentity`
89
- - **Maps roles** — better-auth user roles align with Invect RBAC (`owner`, `editor`, `operator`, `viewer`), preserve `admin`, and fall back to `default` for no global access
90
- - **Middleware helper** — `createSessionResolver()` for use as `auth.resolveUser` callback
101
+ | Entry Point | Content |
102
+ | ------------------------- | --------------------------------------------------------------------------------------------------- |
103
+ | `@invect/user-auth` | Backend plugin (Node.js) |
104
+ | `@invect/user-auth/ui` | Frontend components `AuthProvider`, `AuthGate`, `SignInForm`, `UserButton`, `AuthenticatedInvect` |
105
+ | `@invect/user-auth/types` | Shared types |
91
106
 
92
- ### Frontend (`@invect/user-auth/ui`)
93
- - **AuthProvider** — Context provider that fetches session state and provides sign-in/sign-up/sign-out actions
94
- - **useAuth()** — Hook for accessing current user, auth state, and actions
95
- - **SignInForm** — Email/password sign-in form
96
- - **SignUpForm** — Email/password sign-up form
97
- - **UserButton** — User avatar with dropdown (name, email, role, sign-out)
98
- - **AuthGate** — Conditionally renders children based on auth state
107
+ ## What It Does
99
108
 
100
- ## Docs
109
+ **Backend** — Proxies auth routes (sign-in, session, OAuth) at `/plugins/auth/*`. Resolves sessions on every Invect API request. Maps Better Auth roles to Invect RBAC roles.
101
110
 
102
- Full documentation: [invect.dev/docs/authentication](https://invect.dev/docs/authentication)
111
+ **Frontend** `AuthProvider` for session state, `AuthGate` for conditional rendering, `SignInForm` / `UserButton` for auth UI.
103
112
 
104
113
  ## License
105
114
 
106
- MIT
115
+ [MIT](../../../LICENSE)