@maroonedsoftware/koa 1.15.4 → 1.15.6

package/README.md

@@ -104,6 +104,20 @@ router.get('/api/me', async ctx => {
 });
 ```
 
+### Authorization
+
+`requireSecurity` is router middleware that runs after `authenticationMiddleware`. It throws 401 when the request is unauthenticated and, if `roles` is provided, throws 403 unless the authenticated context has at least one of the listed roles.
+
+```typescript
+import { requireSecurity } from '@maroonedsoftware/koa';
+
+// Require any authenticated user
+router.get('/api/profile', requireSecurity(), handler);
+
+// Require at least one of the given roles
+router.delete('/api/users/:id', requireSecurity({ roles: ['admin'] }), handler);
+```
+
 ### CORS
 
 ```typescript
@@ -188,27 +202,36 @@ router.post(
 `defaultParserMappings` is the built-in MIME-type-to-parser map used by `bodyParserMiddleware`. You can extend or replace it to register additional parsers:
 
 ```typescript
-import { defaultParserMappings, BinaryParser } from '@maroonedsoftware/koa';
-import { ServerKitBodyParser } from '@maroonedsoftware/koa';
+import {
+  defaultParserMappings,
+  BinaryParser,
+  ServerKitParserMappings,
+} from '@maroonedsoftware/koa';
 
 const customMappings = {
   ...defaultParserMappings,
   pdf: BinaryParser,
 };
 
-// Pass to bodyParserMiddleware via a custom ServerKitBodyParser instance
+// Register the mappings in the DI container; ServerKitBodyParser will resolve them.
+const builder = diRegistry.register(ServerKitParserMappings).useMap();
+for (const [mimeType, parser] of Object.entries(customMappings)) {
+  builder.add(mimeType, parser);
+}
 ```
 
 The default mappings are:
 
-| MIME subtype         | Parser          |
-| -------------------- | --------------- |
-| `json`               | `JsonParser`    |
-| `application/*+json` | `JsonParser`    |
-| `urlencoded`         | `FormParser`    |
-| `text`               | `TextParser`    |
+| MIME subtype         | Parser            |
+| -------------------- | ----------------- |
+| `json`               | `JsonParser`      |
+| `application/*+json` | `JsonParser`      |
+| `urlencoded`         | `FormParser`      |
+| `text`               | `TextParser`      |
 | `multipart`          | `MultipartParser` |
 
+`BinaryParser` is exported but not registered in `defaultParserMappings`; add it explicitly to handle raw payloads such as PDFs or images.
+
 ## API
 
 ### ServerKitContext
@@ -236,7 +259,7 @@ The default mappings are:
 | `authenticationMiddleware()`           | Resolves `Authorization` header via `AuthenticationSchemeHandler`; populates `ctx.authenticationContext` |
 | `bodyParserMiddleware(contentTypes)`    | Parses body by allowed MIME types; throws 400/411/415/422 on invalid input                         |
 | `requireSignature(optionsKey)`          | Verifies HMAC of `ctx.rawBody` against a request header; throws 401 on mismatch                   |
-| `requireSecurity(options?)`             | Throws 401 when unauthenticated; throws 403 when required role is missing                          |
+| `requireSecurity(options?)`             | Throws 401 when unauthenticated; throws 403 when none of the `options.roles` are present           |
 
 ### Parser options
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@maroonedsoftware/koa",
-  "version": "1.15.4",
+  "version": "1.15.6",
   "description": "Koa middleware, body parsing, and utilities for ServerKit",
   "author": {
     "name": "Marooned Software",
@@ -37,12 +37,12 @@
     "qs": "^6.15.1",
     "rate-limiter-flexible": "^11.0.1",
     "raw-body": "^3.0.2",
+    "@maroonedsoftware/authentication": "0.14.1",
+    "@maroonedsoftware/multipart": "1.1.1",
     "@maroonedsoftware/appconfig": "1.4.0",
-    "@maroonedsoftware/errors": "1.5.0",
-    "@maroonedsoftware/authentication": "0.13.0",
-    "@maroonedsoftware/logger": "1.1.0",
     "@maroonedsoftware/utilities": "1.7.0",
-    "@maroonedsoftware/multipart": "1.1.1"
+    "@maroonedsoftware/errors": "1.5.0",
+    "@maroonedsoftware/logger": "1.1.0"
   },
   "peerDependencies": {
     "@koa/cors": "^5.0.0",