@mastra/koa 1.3.7-alpha.0 → 1.4.0-alpha.1

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @mastra/koa
 
+## 1.4.0-alpha.1
+
+### Minor Changes
+
+- Added adapter auth middleware helpers for raw framework routes. ([#14458](https://github.com/mastra-ai/mastra/pull/14458))
+
+  Use `createAuthMiddleware({ mastra })` when you mount routes directly on a Hono, Express, Fastify, or Koa app and still want Mastra auth to run. Set `requiresAuth: false` when you need to reuse the same helper chain on a public route.
+
+  ```ts
+  app.get('/custom/protected', createAuthMiddleware({ mastra }), handler);
+  ```
+
+### Patch Changes
+
+- Updated dependencies [[`7dbd611`](https://github.com/mastra-ai/mastra/commit/7dbd611a85cb1e0c0a1581c57564268cb183d86e), [`8a738d8`](https://github.com/mastra-ai/mastra/commit/8a738d844772e14be381d54b22fd5d548ee4af42), [`41aee84`](https://github.com/mastra-ai/mastra/commit/41aee84561ceebe28bad1ecba8702d92838f67f0)]:
+  - @mastra/core@1.16.0-alpha.1
+  - @mastra/server@1.16.0-alpha.1
+
 ## 1.3.7-alpha.0
 
 ### Patch Changes

package/dist/auth-middleware.d.ts

@@ -0,0 +1,8 @@
+import type { Mastra } from '@mastra/core/mastra';
+import type { Middleware } from 'koa';
+export interface KoaAuthMiddlewareOptions {
+    mastra: Mastra;
+    requiresAuth?: boolean;
+}
+export declare function createAuthMiddleware({ mastra, requiresAuth }: KoaAuthMiddlewareOptions): Middleware;
+//# sourceMappingURL=auth-middleware.d.ts.map

package/dist/auth-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../src/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,KAAK,EAAW,UAAU,EAAQ,MAAM,KAAK,CAAC;AAErD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAuBD,wBAAgB,oBAAoB,CAAC,EAAE,MAAM,EAAE,YAAmB,EAAE,EAAE,wBAAwB,GAAG,UAAU,CAgD1G"}

package/dist/index.cjs

@@ -3,6 +3,7 @@
 var busboy = require('@fastify/busboy');
 var auth = require('@mastra/server/auth');
 var serverAdapter = require('@mastra/server/server-adapter');
+var requestContext = require('@mastra/core/request-context');
 
 // src/index.ts
 // @__NO_SIDE_EFFECTS__
@@ -213,6 +214,66 @@ var initializer2 = (inst, issues) => {
   });
 };
 var ZodError = $constructor("ZodError", initializer2);
+function toWebRequest(ctx) {
+  const protocol = ctx.protocol || "http";
+  const host = ctx.host || "localhost";
+  const url = `${protocol}://${host}${ctx.url}`;
+  const headers = new Headers();
+  for (const [key, value] of Object.entries(ctx.headers)) {
+    if (!value) continue;
+    if (Array.isArray(value)) {
+      value.forEach((v) => headers.append(key, v));
+    } else {
+      headers.set(key, value);
+    }
+  }
+  return new globalThis.Request(url, {
+    method: ctx.method,
+    headers
+  });
+}
+function createAuthMiddleware({ mastra, requiresAuth = true }) {
+  return async (ctx, next) => {
+    if (!requiresAuth) {
+      await next();
+      return;
+    }
+    const authConfig = mastra.getServer()?.auth;
+    if (!authConfig) {
+      await next();
+      return;
+    }
+    ctx.state.requestContext ??= new requestContext.RequestContext();
+    ctx.state.mastra ??= mastra;
+    const path = String(ctx.path || "/");
+    const method = String(ctx.method || "GET");
+    const customRouteAuthConfig = new Map(ctx.state.customRouteAuthConfig ?? []);
+    customRouteAuthConfig.set(`${method}:${path}`, true);
+    const authHeader = ctx.headers.authorization;
+    let token = authHeader ? authHeader.replace("Bearer ", "") : null;
+    if (!token) {
+      token = ctx.query.apiKey || null;
+    }
+    const result = await auth.coreAuthMiddleware({
+      path,
+      method,
+      getHeader: (name) => ctx.headers[name.toLowerCase()],
+      mastra,
+      authConfig,
+      customRouteAuthConfig,
+      requestContext: ctx.state.requestContext,
+      rawRequest: toWebRequest(ctx),
+      token,
+      buildAuthorizeContext: () => toWebRequest(ctx)
+    });
+    if (result.action === "next") {
+      await next();
+      return;
+    }
+    ctx.status = result.status;
+    ctx.body = result.body;
+  };
+}
 
 // src/index.ts
 var _hasPermissionPromise;
@@ -227,7 +288,7 @@ function loadHasPermission() {
   }
   return _hasPermissionPromise;
 }
-function toWebRequest(ctx) {
+function toWebRequest2(ctx) {
   const protocol = ctx.protocol || "http";
   const host = ctx.host || "localhost";
   const url = `${protocol}://${host}${ctx.url}`;
@@ -608,8 +669,8 @@ var MastraServer = class extends serverAdapter.MastraServer {
         getHeader: (name) => ctx.headers[name.toLowerCase()],
         getQuery: (name) => ctx.query[name],
         requestContext: ctx.state.requestContext,
-        request: toWebRequest(ctx),
-        buildAuthorizeContext: () => toWebRequest(ctx)
+        request: toWebRequest2(ctx),
+        buildAuthorizeContext: () => toWebRequest2(ctx)
       });
       if (authError) {
         ctx.status = authError.status;
@@ -775,8 +836,8 @@ var MastraServer = class extends serverAdapter.MastraServer {
           getHeader: (name) => ctx.headers[name.toLowerCase()],
           getQuery: (name) => ctx.query[name],
           requestContext: ctx.state.requestContext,
-          request: toWebRequest(ctx),
-          buildAuthorizeContext: () => toWebRequest(ctx)
+          request: toWebRequest2(ctx),
+          buildAuthorizeContext: () => toWebRequest2(ctx)
         });
         if (authError) {
           ctx.status = authError.status;
@@ -865,5 +926,6 @@ var MastraServer = class extends serverAdapter.MastraServer {
 };
 
 exports.MastraServer = MastraServer;
+exports.createAuthMiddleware = createAuthMiddleware;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map