npm - @mastra/deployer - Versions diffs - 0.10.2-alpha.3 → 0.10.2-alpha.5 - Mend

@mastra/deployer 0.10.2-alpha.3 → 0.10.2-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/_tsup-dts-rollup.d.cts +2 -0
package/dist/_tsup-dts-rollup.d.ts +2 -0
package/dist/server/index.cjs +29 -14
package/dist/server/index.js +29 -14
package/package.json +3 -3

package/dist/_tsup-dts-rollup.d.cts CHANGED Viewed

@@ -589,6 +589,8 @@ export declare const html = "\n<!doctype html>\n<html lang=\"en\">\n  <head>\n
 export declare function isNodeBuiltin(dep: string): boolean;
+export declare const isProtectedPath: (path: string, method: string, authConfig: MastraAuthConfig) => boolean;
 /**
  * Convert speech to text using the agent's voice provider
  */

package/dist/_tsup-dts-rollup.d.ts CHANGED Viewed

@@ -589,6 +589,8 @@ export declare const html = "\n<!doctype html>\n<html lang=\"en\">\n  <head>\n
 export declare function isNodeBuiltin(dep: string): boolean;
+export declare const isProtectedPath: (path: string, method: string, authConfig: MastraAuthConfig) => boolean;
 /**
  * Convert speech to text using the agent's voice provider
  */

package/dist/server/index.cjs CHANGED Viewed

@@ -1046,17 +1046,7 @@ async function setAgentInstructionsHandler(c2) {
 // src/server/handlers/auth/defaults.ts
 var defaultAuthConfig = {
-  public: [
-    "/",
-    "/refresh-events",
-    "/__refresh",
-    "/assets/*",
-    "/auth/*",
-    "/openapi.json",
-    "/swagger-ui",
-    ["/api/agents", "GET"],
-    ["/a2a/*", ["GET"]]
-  ],
+  protected: ["/api/*"],
   // Simple rule system
   rules: [
     // Admin users can do anything
@@ -1078,9 +1068,19 @@ var defaultAuthConfig = {
 };
 // src/server/handlers/auth/helpers.ts
+var isProtectedPath = (path, method, authConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return isAnyMatch(path, method, protectedAccess);
+};
 var canAccessPublicly = (path, method, authConfig) => {
   const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
-  for (const patternPathOrMethod of publicAccess) {
+  return isAnyMatch(path, method, publicAccess);
+};
+var isAnyMatch = (path, method, patterns) => {
+  if (!patterns) {
+    return false;
+  }
+  for (const patternPathOrMethod of patterns) {
     if (patternPathOrMethod instanceof RegExp) {
       if (patternPathOrMethod.test(path)) {
         return true;
@@ -1157,6 +1157,9 @@ var authenticationMiddleware = async (c2, next) => {
   if (!authConfig) {
     return next();
   }
+  if (!isProtectedPath(c2.req.path, c2.req.method, authConfig)) {
+    return next();
+  }
   if (canAccessPublicly(c2.req.path, c2.req.method, authConfig)) {
     return next();
   }
@@ -1197,7 +1200,19 @@ var authorizationMiddleware = async (c2, next) => {
     return next();
   }
   const user = c2.get("runtimeContext").get("user");
-  if (typeof authConfig.authorize === "function") {
+  if ("authorizeUser" in authConfig && typeof authConfig.authorizeUser === "function") {
+    try {
+      const isAuthorized = await authConfig.authorizeUser(user, c2.req);
+      if (isAuthorized) {
+        return next();
+      }
+      return c2.json({ error: "Access denied" }, 403);
+    } catch (err) {
+      console.error(err);
+      return c2.json({ error: "Authorization error" }, 500);
+    }
+  }
+  if ("authorize" in authConfig && typeof authConfig.authorize === "function") {
     try {
       const isAuthorized = await authConfig.authorize(path, method, user, c2);
       if (isAuthorized) {
@@ -1209,7 +1224,7 @@ var authorizationMiddleware = async (c2, next) => {
       return c2.json({ error: "Authorization error" }, 500);
     }
   }
-  if (authConfig.rules && authConfig.rules.length > 0) {
+  if ("rules" in authConfig && authConfig.rules && authConfig.rules.length > 0) {
     const isAuthorized = await checkRules(authConfig.rules, path, method, user);
     if (isAuthorized) {
       return next();

package/dist/server/index.js CHANGED Viewed

@@ -1040,17 +1040,7 @@ async function setAgentInstructionsHandler(c2) {
 // src/server/handlers/auth/defaults.ts
 var defaultAuthConfig = {
-  public: [
-    "/",
-    "/refresh-events",
-    "/__refresh",
-    "/assets/*",
-    "/auth/*",
-    "/openapi.json",
-    "/swagger-ui",
-    ["/api/agents", "GET"],
-    ["/a2a/*", ["GET"]]
-  ],
+  protected: ["/api/*"],
   // Simple rule system
   rules: [
     // Admin users can do anything
@@ -1072,9 +1062,19 @@ var defaultAuthConfig = {
 };
 // src/server/handlers/auth/helpers.ts
+var isProtectedPath = (path, method, authConfig) => {
+  const protectedAccess = [...defaultAuthConfig.protected || [], ...authConfig.protected || []];
+  return isAnyMatch(path, method, protectedAccess);
+};
 var canAccessPublicly = (path, method, authConfig) => {
   const publicAccess = [...defaultAuthConfig.public || [], ...authConfig.public || []];
-  for (const patternPathOrMethod of publicAccess) {
+  return isAnyMatch(path, method, publicAccess);
+};
+var isAnyMatch = (path, method, patterns) => {
+  if (!patterns) {
+    return false;
+  }
+  for (const patternPathOrMethod of patterns) {
     if (patternPathOrMethod instanceof RegExp) {
       if (patternPathOrMethod.test(path)) {
         return true;
@@ -1151,6 +1151,9 @@ var authenticationMiddleware = async (c2, next) => {
   if (!authConfig) {
     return next();
   }
+  if (!isProtectedPath(c2.req.path, c2.req.method, authConfig)) {
+    return next();
+  }
   if (canAccessPublicly(c2.req.path, c2.req.method, authConfig)) {
     return next();
   }
@@ -1191,7 +1194,19 @@ var authorizationMiddleware = async (c2, next) => {
     return next();
   }
   const user = c2.get("runtimeContext").get("user");
-  if (typeof authConfig.authorize === "function") {
+  if ("authorizeUser" in authConfig && typeof authConfig.authorizeUser === "function") {
+    try {
+      const isAuthorized = await authConfig.authorizeUser(user, c2.req);
+      if (isAuthorized) {
+        return next();
+      }
+      return c2.json({ error: "Access denied" }, 403);
+    } catch (err) {
+      console.error(err);
+      return c2.json({ error: "Authorization error" }, 500);
+    }
+  }
+  if ("authorize" in authConfig && typeof authConfig.authorize === "function") {
     try {
       const isAuthorized = await authConfig.authorize(path, method, user, c2);
       if (isAuthorized) {
@@ -1203,7 +1218,7 @@ var authorizationMiddleware = async (c2, next) => {
       return c2.json({ error: "Authorization error" }, 500);
     }
   }
-  if (authConfig.rules && authConfig.rules.length > 0) {
+  if ("rules" in authConfig && authConfig.rules && authConfig.rules.length > 0) {
     const isAuthorized = await checkRules(authConfig.rules, path, method, user);
     if (isAuthorized) {
       return next();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mastra/deployer",
-  "version": "0.10.2-alpha.3",
+  "version": "0.10.2-alpha.5",
   "description": "",
   "type": "module",
   "files": [
@@ -108,7 +108,7 @@
     "rollup-plugin-node-externals": "^8.0.0",
     "typescript-paths": "^1.5.1",
     "zod": "^3.24.3",
-    "@mastra/server": "^0.10.2-alpha.3"
+    "@mastra/server": "^0.10.2-alpha.5"
   },
   "devDependencies": {
     "@hono/node-server": "^1.13.8",
@@ -128,7 +128,7 @@
     "typescript": "^5.8.2",
     "vitest": "^2.1.9",
     "@internal/lint": "0.0.7",
-    "@mastra/core": "0.10.2-alpha.3",
+    "@mastra/core": "0.10.2-alpha.5",
     "@mastra/mcp": "^0.10.2-alpha.1"
   },
   "peerDependencies": {