@mastra/hono 1.4.12-alpha.1 → 1.4.12-alpha.2

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @mastra/hono
 
+## 1.4.12-alpha.2
+
+### Patch Changes
+
+- Added FGA enforcement to server adapter middleware, ensuring authorization checks are applied consistently across all built-in adapters. ([#15410](https://github.com/mastra-ai/mastra/pull/15410))
+
+- Updated dependencies [[`86c0298`](https://github.com/mastra-ai/mastra/commit/86c0298e647306423c842f9d5ac827bd616bd13d), [`7fce309`](https://github.com/mastra-ai/mastra/commit/7fce30912b14170bfc41f0ac736cca0f39fe0cd4), [`cd96779`](https://github.com/mastra-ai/mastra/commit/cd9677937f113b2856dc8b9f3d4bdabcee58bb2e), [`7997c2e`](https://github.com/mastra-ai/mastra/commit/7997c2e55ddd121562a4098cd8d2b89c68433bf1), [`e97ccb9`](https://github.com/mastra-ai/mastra/commit/e97ccb900f8b7a390ce82c9f8eb8d6eb2c5e3777), [`f5afe62`](https://github.com/mastra-ai/mastra/commit/f5afe62beff3ae69148a35e55fe5375168897829), [`c5daf48`](https://github.com/mastra-ai/mastra/commit/c5daf48556e98c46ae06caf00f92c249912007e9), [`cd96779`](https://github.com/mastra-ai/mastra/commit/cd9677937f113b2856dc8b9f3d4bdabcee58bb2e), [`86c0298`](https://github.com/mastra-ai/mastra/commit/86c0298e647306423c842f9d5ac827bd616bd13d)]:
+  - @mastra/core@1.32.0-alpha.2
+  - @mastra/server@1.32.0-alpha.2
+
 ## 1.4.12-alpha.1
 
 ### Patch Changes

package/dist/index.cjs

@@ -920,6 +920,14 @@ var MastraServer = class extends serverAdapter.MastraServer {
             }
           }
         }
+        const fgaError = await serverAdapter.checkRouteFGA(this.mastra, route, c.get("requestContext"), {
+          ...params.urlParams,
+          ...params.queryParams,
+          ...typeof params.body === "object" ? params.body : {}
+        });
+        if (fgaError) {
+          return c.json({ error: fgaError.error, message: fgaError.message }, fgaError.status);
+        }
         try {
           const result = await route.handler(handlerParams);
           return this.sendResponse(route, c, result, prefix);
@@ -968,7 +976,9 @@ var MastraServer = class extends serverAdapter.MastraServer {
         responseType: "json",
         handler: async () => {
         },
-        requiresAuth: route.requiresAuth
+        requiresAuth: route.requiresAuth,
+        requiresPermission: route.requiresPermission,
+        fga: route.fga
       };
       const routeHandler = async (c) => {
         const authError = await this.checkRouteAuth(serverRoute, {
@@ -1004,6 +1014,32 @@ var MastraServer = class extends serverAdapter.MastraServer {
             }
           }
         }
+        let bodyParams = {};
+        const contentType = c.req.header("content-type");
+        if (contentType?.includes("application/json")) {
+          try {
+            const body = await c.req.raw.clone().json();
+            if (body && typeof body === "object" && !Array.isArray(body)) {
+              bodyParams = body;
+            }
+          } catch {
+            bodyParams = {};
+          }
+        } else if (contentType?.includes("application/x-www-form-urlencoded") || contentType?.includes("multipart/form-data")) {
+          try {
+            bodyParams = Object.fromEntries(await c.req.raw.clone().formData());
+          } catch {
+            bodyParams = {};
+          }
+        }
+        const fgaError = await serverAdapter.checkRouteFGA(this.mastra, serverRoute, c.get("requestContext"), {
+          ...c.req.param(),
+          ...Object.fromEntries(new URL(c.req.url).searchParams.entries()),
+          ...bodyParams
+        });
+        if (fgaError) {
+          return c.json({ error: fgaError.error, message: fgaError.message }, fgaError.status);
+        }
         const reqHeaders = {};
         c.req.raw.headers.forEach((v, k) => {
           reqHeaders[k] = v;