@mastra/koa 1.5.0-alpha.1 → 1.5.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/index.cjs +68 -43
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.js +70 -45
  6. package/dist/index.js.map +1 -1
  7. package/package.json +6 -6
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Busboy } from '@fastify/busboy';
2
- import { coreAuthMiddleware, isProtectedCustomRoute } from '@mastra/server/auth';
3
- import { MastraServer as MastraServer$1, redactStreamChunk, normalizeQueryParams } from '@mastra/server/server-adapter';
2
+ import { coreAuthMiddleware, findMatchingCustomRoute, isProtectedCustomRoute } from '@mastra/server/auth';
3
+ import { MastraServer as MastraServer$1, checkRouteFGA, redactStreamChunk, normalizeQueryParams } from '@mastra/server/server-adapter';
4
4
  import { RequestContext } from '@mastra/core/request-context';
5
5
 
6
6
  // src/index.ts
@@ -607,6 +607,16 @@ var MastraServer = class extends MastraServer$1 {
607
607
  }
608
608
  }
609
609
  }
610
+ const fgaError = await checkRouteFGA(this.mastra, route, ctx.state.requestContext, {
611
+ ...params.urlParams,
612
+ ...params.queryParams,
613
+ ...typeof params.body === "object" ? params.body : {}
614
+ });
615
+ if (fgaError) {
616
+ ctx.status = fgaError.status;
617
+ ctx.body = { error: fgaError.error, message: fgaError.message };
618
+ return;
619
+ }
610
620
  try {
611
621
  const result = await route.handler(handlerParams);
612
622
  await this.sendResponse(route, ctx, result, prefix);
@@ -886,57 +896,72 @@ var MastraServer = class extends MastraServer$1 {
886
896
  this.app.use(async function mastraCustomRouteDispatcher(ctx, next) {
887
897
  const path = String(ctx.path || "/");
888
898
  const method = String(ctx.method || "GET");
889
- if (isProtectedCustomRoute(path, method, server.customRouteAuthConfig)) {
899
+ const matchedRoute = findMatchingCustomRoute(
900
+ path,
901
+ method,
902
+ server.customApiRoutes ?? server.mastra.getServer()?.apiRoutes
903
+ );
904
+ const shouldRunCustomRouteAuth = isProtectedCustomRoute(path, method, server.customRouteAuthConfig);
905
+ const shouldRunCustomRouteFGA = !!matchedRoute?.route.fga;
906
+ if (shouldRunCustomRouteAuth || shouldRunCustomRouteFGA) {
890
907
  const serverRoute = {
891
- method,
892
- path,
908
+ method: matchedRoute?.route.method ?? method,
909
+ path: matchedRoute?.route.path ?? path,
893
910
  responseType: "json",
894
911
  handler: async () => {
895
- }
912
+ },
913
+ requiresAuth: matchedRoute?.route.requiresAuth,
914
+ requiresPermission: matchedRoute?.route.requiresPermission,
915
+ fga: matchedRoute?.route.fga
896
916
  };
897
- const authError = await server.checkRouteAuth(serverRoute, {
898
- path,
899
- method,
900
- getHeader: (name) => ctx.headers[name.toLowerCase()],
901
- getQuery: (name) => ctx.query[name],
902
- requestContext: ctx.state.requestContext,
903
- request: toWebRequest2(ctx),
904
- buildAuthorizeContext: () => toWebRequest2(ctx)
905
- });
906
- if (authError) {
907
- if (authError.headers) {
908
- for (const [key, value] of Object.entries(authError.headers)) {
909
- ctx.set(key, value);
917
+ if (shouldRunCustomRouteAuth) {
918
+ const authError = await server.checkRouteAuth(serverRoute, {
919
+ path,
920
+ method,
921
+ getHeader: (name) => ctx.headers[name.toLowerCase()],
922
+ getQuery: (name) => ctx.query[name],
923
+ requestContext: ctx.state.requestContext,
924
+ request: toWebRequest2(ctx),
925
+ buildAuthorizeContext: () => toWebRequest2(ctx)
926
+ });
927
+ if (authError) {
928
+ if (authError.headers) {
929
+ for (const [key, value] of Object.entries(authError.headers)) {
930
+ ctx.set(key, value);
931
+ }
910
932
  }
911
- }
912
- if (authError.error) {
913
- ctx.status = authError.status;
914
- ctx.body = { error: authError.error };
915
- return;
916
- }
917
- }
918
- const authConfig = server.mastra.getServer()?.auth;
919
- if (authConfig) {
920
- let hasPermission;
921
- try {
922
- ({ hasPermission } = await import('@mastra/core/auth/ee'));
923
- } catch {
924
- console.error(
925
- "[@mastra/koa] Auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest"
926
- );
927
- }
928
- if (hasPermission) {
929
- const userPermissions = ctx.state.requestContext.get("userPermissions");
930
- const permissionError = server.checkRoutePermission(serverRoute, userPermissions, hasPermission);
931
- if (permissionError) {
932
- ctx.status = permissionError.status;
933
- ctx.body = {
934
- error: permissionError.error,
935
- message: permissionError.message
936
- };
933
+ if (authError.error) {
934
+ ctx.status = authError.status;
935
+ ctx.body = { error: authError.error };
937
936
  return;
938
937
  }
939
938
  }
939
+ const authConfig = server.mastra.getServer()?.auth;
940
+ if (authConfig) {
941
+ const hasPermission = await loadHasPermission();
942
+ if (hasPermission) {
943
+ const userPermissions = ctx.state.requestContext.get("userPermissions");
944
+ const permissionError = server.checkRoutePermission(serverRoute, userPermissions, hasPermission);
945
+ if (permissionError) {
946
+ ctx.status = permissionError.status;
947
+ ctx.body = {
948
+ error: permissionError.error,
949
+ message: permissionError.message
950
+ };
951
+ return;
952
+ }
953
+ }
954
+ }
955
+ }
956
+ const fgaError = await checkRouteFGA(server.mastra, serverRoute, ctx.state.requestContext, {
957
+ ...matchedRoute?.params ?? {},
958
+ ...ctx.query,
959
+ ...typeof ctx.request.body === "object" && ctx.request.body !== null ? ctx.request.body : {}
960
+ });
961
+ if (fgaError) {
962
+ ctx.status = fgaError.status;
963
+ ctx.body = { error: fgaError.error, message: fgaError.message };
964
+ return;
940
965
  }
941
966
  }
942
967
  const response = await server.handleCustomRouteRequest(