@mastra/express 1.3.17-alpha.1 → 1.3.17-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/index.cjs +66 -36
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.js +68 -38
  6. package/dist/index.js.map +1 -1
  7. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Busboy } from '@fastify/busboy';
2
- import { coreAuthMiddleware, isProtectedCustomRoute } from '@mastra/server/auth';
3
- import { MastraServer as MastraServer$1, redactStreamChunk, normalizeQueryParams } from '@mastra/server/server-adapter';
2
+ import { coreAuthMiddleware, findMatchingCustomRoute, isProtectedCustomRoute } from '@mastra/server/auth';
3
+ import { MastraServer as MastraServer$1, redactStreamChunk, normalizeQueryParams, checkRouteFGA } from '@mastra/server/server-adapter';
4
4
  import { RequestContext } from '@mastra/core/request-context';
5
5
 
6
6
  // src/index.ts
@@ -594,13 +594,14 @@ var MastraServer = class extends MastraServer$1 {
594
594
  buildAuthorizeContext: () => toWebRequest2(req)
595
595
  });
596
596
  if (authError) {
597
- if (authError.headers) {
598
- for (const [key, value] of Object.entries(authError.headers)) {
597
+ const authResult = authError;
598
+ if (authResult.headers) {
599
+ for (const [key, value] of Object.entries(authResult.headers)) {
599
600
  res.setHeader(key, value);
600
601
  }
601
602
  }
602
- if (authError.error) {
603
- return res.status(authError.status).json({ error: authError.error });
603
+ if (authResult.error) {
604
+ return res.status(authResult.status).json({ error: authResult.error });
604
605
  }
605
606
  }
606
607
  const params = await this.getParams(route, req);
@@ -686,6 +687,14 @@ var MastraServer = class extends MastraServer$1 {
686
687
  }
687
688
  }
688
689
  }
690
+ const fgaError = await checkRouteFGA(this.mastra, route, res.locals.requestContext, {
691
+ ...params.urlParams,
692
+ ...params.queryParams,
693
+ ...typeof params.body === "object" ? params.body : {}
694
+ });
695
+ if (fgaError) {
696
+ return res.status(fgaError.status).json({ error: fgaError.error, message: fgaError.message });
697
+ }
689
698
  try {
690
699
  const result = await route.handler(handlerParams);
691
700
  await this.sendResponse(route, res, result, req, prefix);
@@ -713,47 +722,68 @@ var MastraServer = class extends MastraServer$1 {
713
722
  this.app.use(async (req, res, next) => {
714
723
  const path = String(req.path || "/");
715
724
  const method = String(req.method || "GET");
716
- if (isProtectedCustomRoute(path, method, this.customRouteAuthConfig)) {
725
+ const matchedRoute = findMatchingCustomRoute(
726
+ path,
727
+ method,
728
+ this.customApiRoutes ?? this.mastra.getServer()?.apiRoutes
729
+ );
730
+ const shouldRunCustomRouteAuth = isProtectedCustomRoute(path, method, this.customRouteAuthConfig);
731
+ const shouldRunCustomRouteFGA = !!matchedRoute?.route.fga;
732
+ if (shouldRunCustomRouteAuth || shouldRunCustomRouteFGA) {
717
733
  const serverRoute = {
718
- method,
719
- path,
734
+ method: matchedRoute?.route.method ?? method,
735
+ path: matchedRoute?.route.path ?? path,
720
736
  responseType: "json",
721
737
  handler: async () => {
722
- }
738
+ },
739
+ requiresAuth: matchedRoute?.route.requiresAuth,
740
+ requiresPermission: matchedRoute?.route.requiresPermission,
741
+ fga: matchedRoute?.route.fga
723
742
  };
724
- const authError = await this.checkRouteAuth(serverRoute, {
725
- path,
726
- method,
727
- getHeader: (name) => req.headers[name.toLowerCase()],
728
- getQuery: (name) => req.query[name],
729
- requestContext: res.locals.requestContext,
730
- request: toWebRequest2(req),
731
- buildAuthorizeContext: () => toWebRequest2(req)
732
- });
733
- if (authError) {
734
- if (authError.headers) {
735
- for (const [key, value] of Object.entries(authError.headers)) {
736
- res.setHeader(key, value);
743
+ if (shouldRunCustomRouteAuth) {
744
+ const authError = await this.checkRouteAuth(serverRoute, {
745
+ path,
746
+ method,
747
+ getHeader: (name) => req.headers[name.toLowerCase()],
748
+ getQuery: (name) => req.query[name],
749
+ requestContext: res.locals.requestContext,
750
+ request: toWebRequest2(req),
751
+ buildAuthorizeContext: () => toWebRequest2(req)
752
+ });
753
+ if (authError) {
754
+ const authResult = authError;
755
+ if (authResult.headers) {
756
+ for (const [key, value] of Object.entries(authResult.headers)) {
757
+ res.setHeader(key, value);
758
+ }
759
+ }
760
+ if (authResult.error) {
761
+ return res.status(authResult.status).json({ error: authResult.error });
737
762
  }
738
763
  }
739
- if (authError.error) {
740
- return res.status(authError.status).json({ error: authError.error });
741
- }
742
- }
743
- const authConfig = this.mastra.getServer()?.auth;
744
- if (authConfig) {
745
- const hasPermission = await loadHasPermission();
746
- if (hasPermission) {
747
- const userPermissions = res.locals.requestContext.get("userPermissions");
748
- const permissionError = this.checkRoutePermission(serverRoute, userPermissions, hasPermission);
749
- if (permissionError) {
750
- return res.status(permissionError.status).json({
751
- error: permissionError.error,
752
- message: permissionError.message
753
- });
764
+ const authConfig = this.mastra.getServer()?.auth;
765
+ if (authConfig) {
766
+ const hasPermission = await loadHasPermission();
767
+ if (hasPermission) {
768
+ const userPermissions = res.locals.requestContext.get("userPermissions");
769
+ const permissionError = this.checkRoutePermission(serverRoute, userPermissions, hasPermission);
770
+ if (permissionError) {
771
+ return res.status(permissionError.status).json({
772
+ error: permissionError.error,
773
+ message: permissionError.message
774
+ });
775
+ }
754
776
  }
755
777
  }
756
778
  }
779
+ const fgaError = await checkRouteFGA(this.mastra, serverRoute, res.locals.requestContext, {
780
+ ...matchedRoute?.params ?? {},
781
+ ...req.query,
782
+ ...typeof req.body === "object" && req.body !== null ? req.body : {}
783
+ });
784
+ if (fgaError) {
785
+ return res.status(fgaError.status).json({ error: fgaError.error, message: fgaError.message });
786
+ }
757
787
  }
758
788
  const response = await this.handleCustomRouteRequest(
759
789
  `${req.protocol}://${req.get("host") || "localhost"}${req.originalUrl}`,