@meridianjs/auth 1.4.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.mts +2 -2
  2. package/dist/index.d.ts +2 -2
  3. package/dist/index.js +1 -1
  4. package/dist/index.mjs +1 -1
  5. package/package.json +3 -3
package/dist/index.d.mts CHANGED
@@ -114,8 +114,8 @@ declare function authenticateJWT(req: any, res: Response, next: NextFunction): v
114
114
  declare function requireRoles(...roles: string[]): (req: any, res: Response, next: NextFunction) => void;
115
115
  /**
116
116
  * Permission guard — allows the request if `req.user.roles` includes "super-admin"
117
- * (full bypass) or if `req.user.permissions` contains at least one of the listed
118
- * permissions.
117
+ * or "admin" (full bypass), or if `req.user.permissions` contains at least one of
118
+ * the listed permissions.
119
119
  *
120
120
  * Must be used after `authenticateJWT` so that `req.user` is populated.
121
121
  *
package/dist/index.d.ts CHANGED
@@ -114,8 +114,8 @@ declare function authenticateJWT(req: any, res: Response, next: NextFunction): v
114
114
  declare function requireRoles(...roles: string[]): (req: any, res: Response, next: NextFunction) => void;
115
115
  /**
116
116
  * Permission guard — allows the request if `req.user.roles` includes "super-admin"
117
- * (full bypass) or if `req.user.permissions` contains at least one of the listed
118
- * permissions.
117
+ * or "admin" (full bypass), or if `req.user.permissions` contains at least one of
118
+ * the listed permissions.
119
119
  *
120
120
  * Must be used after `authenticateJWT` so that `req.user` is populated.
121
121
  *
package/dist/index.js CHANGED
@@ -381,7 +381,7 @@ function requireRoles(...roles) {
381
381
  function requirePermission(...permissions) {
382
382
  return (req, res, next) => {
383
383
  const userRoles = req.user?.roles ?? [];
384
- if (userRoles.includes("super-admin")) return next();
384
+ if (userRoles.includes("super-admin") || userRoles.includes("admin")) return next();
385
385
  const userPermissions = req.user?.permissions ?? [];
386
386
  if (permissions.some((p) => userPermissions.includes(p))) return next();
387
387
  res.status(403).json({ error: { message: "Forbidden \u2014 insufficient permissions" } });
package/dist/index.mjs CHANGED
@@ -341,7 +341,7 @@ function requireRoles(...roles) {
341
341
  function requirePermission(...permissions) {
342
342
  return (req, res, next) => {
343
343
  const userRoles = req.user?.roles ?? [];
344
- if (userRoles.includes("super-admin")) return next();
344
+ if (userRoles.includes("super-admin") || userRoles.includes("admin")) return next();
345
345
  const userPermissions = req.user?.permissions ?? [];
346
346
  if (permissions.some((p) => userPermissions.includes(p))) return next();
347
347
  res.status(403).json({ error: { message: "Forbidden \u2014 insufficient permissions" } });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@meridianjs/auth",
3
- "version": "1.4.0",
3
+ "version": "1.6.0",
4
4
  "description": "Meridian auth module — JWT authentication and middleware",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",
@@ -26,8 +26,8 @@
26
26
  "prepublishOnly": "npm run build"
27
27
  },
28
28
  "dependencies": {
29
- "@meridianjs/types": "^1.4.0",
30
- "@meridianjs/framework-utils": "^1.4.0",
29
+ "@meridianjs/types": "^1.6.0",
30
+ "@meridianjs/framework-utils": "^1.6.0",
31
31
  "jsonwebtoken": "^9.0.2",
32
32
  "bcrypt": "^5.1.1"
33
33
  },