@mastra/hono 1.4.8-alpha.4 → 1.4.8-alpha.5

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @mastra/hono
 
+## 1.4.8-alpha.5
+
+### Patch Changes
+
+- Authentication now refreshes expired server-side sessions transparently, so recoverable token expiry no longer causes unexpected user sign-outs. Only truly expired sessions (e.g. refresh token dead) return a 401. ([#15819](https://github.com/mastra-ai/mastra/pull/15819))
+
+  Server adapters now forward refreshed session cookies consistently, and auth-studio logs session validation and refresh failures to improve diagnostics.
+
+- Updated dependencies [[`28caa5b`](https://github.com/mastra-ai/mastra/commit/28caa5b032358545af2589ed90636eccb4dd9d2f), [`a535ff2`](https://github.com/mastra-ai/mastra/commit/a535ff267cf525306de01c70bae95221ef66612b), [`7d056b6`](https://github.com/mastra-ai/mastra/commit/7d056b6ecf603cacaa0f663ff1df025ed885b6c1), [`26f1f94`](https://github.com/mastra-ai/mastra/commit/26f1f9490574b864ba1ecedf2c9632e0767a23bd)]:
+  - @mastra/core@1.29.0-alpha.5
+  - @mastra/server@1.29.0-alpha.5
+
 ## 1.4.8-alpha.4
 
 ### Patch Changes

package/dist/index.cjs

@@ -725,6 +725,13 @@ var MastraServer = class extends serverAdapter.MastraServer {
   }
   async sendResponse(route, response, result, prefix) {
     const resolvedPrefix = prefix ?? this.prefix ?? "";
+    if (result && typeof result === "object" && "__refreshHeaders" in result) {
+      const refreshHeaders = result.__refreshHeaders;
+      for (const [key, value] of Object.entries(refreshHeaders)) {
+        response.header(key, value);
+      }
+      delete result.__refreshHeaders;
+    }
     if (route.responseType === "json") {
       return response.json(result, 200);
     } else if (route.responseType === "stream") {
@@ -794,7 +801,7 @@ var MastraServer = class extends serverAdapter.MastraServer {
       `${prefix}${route.path}`,
       ...middlewares,
       async (c) => {
-        const authError = await this.checkRouteAuth(route, {
+        const authResult = await this.checkRouteAuth(route, {
           path: c.req.path,
           method: c.req.method,
           getHeader: (name) => c.req.header(name),
@@ -803,8 +810,15 @@ var MastraServer = class extends serverAdapter.MastraServer {
           request: c.req.raw,
           buildAuthorizeContext: () => c
         });
-        if (authError) {
-          return c.json({ error: authError.error }, authError.status);
+        if (authResult) {
+          if (authResult.headers) {
+            for (const [key, value] of Object.entries(authResult.headers)) {
+              c.header(key, value);
+            }
+          }
+          if (authResult.error) {
+            return c.json({ error: authResult.error }, authResult.status);
+          }
         }
         const params = await this.getParams(route, c.req);
         if (params.bodyParseError) {
@@ -967,7 +981,14 @@ var MastraServer = class extends serverAdapter.MastraServer {
           buildAuthorizeContext: () => c
         });
         if (authError) {
-          return c.json({ error: authError.error }, authError.status);
+          if (authError.headers) {
+            for (const [key, value] of Object.entries(authError.headers)) {
+              c.header(key, value);
+            }
+          }
+          if (authError.error) {
+            return c.json({ error: authError.error }, authError.status);
+          }
         }
         const authConfig = this.mastra.getServer()?.auth;
         if (authConfig) {