@meridianjs/meridian 0.1.6 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/api/admin/events/route.d.ts +9 -5
  2. package/dist/api/admin/events/route.d.ts.map +1 -1
  3. package/dist/api/admin/events/route.js +18 -7
  4. package/dist/api/admin/events/route.js.map +1 -1
  5. package/package.json +1 -1
package/dist/api/admin/events/route.d.ts CHANGED
@@ -1,10 +1,14 @@
1
1
  import type { Response } from "express";
2
2
  /**
3
- * GET /admin/events?token=<jwt>
3
+ * GET /admin/events?token=<jwt>&workspaceId=<id>
4
4
  *
5
- * SSE stream scoped to the authenticated user's workspace.
6
- * Uses a query-param token because EventSource does not support custom headers.
7
- * authenticateJWT middleware accepts ?token= as fallback and populates req.user.
5
+ * SSE stream scoped to the given workspace.
6
+ * Uses query params because EventSource cannot set custom headers.
7
+ * - token: validated by authenticateJWT middleware (sets req.user)
8
+ * - workspaceId: passed explicitly because the JWT always has workspaceId=null
9
+ * (tokens are issued at auth time, not workspace-selection time)
10
+ *
11
+ * Validates that req.user is a member of the requested workspace before subscribing.
8
12
  */
9
- export declare const GET: (req: any, res: Response) => void;
13
+ export declare const GET: (req: any, res: Response) => Promise<void>;
10
14
  //# sourceMappingURL=route.d.ts.map
package/dist/api/admin/events/route.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../src/api/admin/events/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAGvC;;;;;;GAMG;AACH,eAAO,MAAM,GAAG,GAAI,KAAK,GAAG,EAAE,KAAK,QAAQ,SA0B1C,CAAA"}
1
+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../src/api/admin/events/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAGvC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,GAAG,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBAsChD,CAAA"}
package/dist/api/admin/events/route.js CHANGED
@@ -1,15 +1,26 @@
1
1
  import { sseManager } from "@meridianjs/framework";
2
2
  /**
3
- * GET /admin/events?token=<jwt>
3
+ * GET /admin/events?token=<jwt>&workspaceId=<id>
4
4
  *
5
- * SSE stream scoped to the authenticated user's workspace.
6
- * Uses a query-param token because EventSource does not support custom headers.
7
- * authenticateJWT middleware accepts ?token= as fallback and populates req.user.
5
+ * SSE stream scoped to the given workspace.
6
+ * Uses query params because EventSource cannot set custom headers.
7
+ * - token: validated by authenticateJWT middleware (sets req.user)
8
+ * - workspaceId: passed explicitly because the JWT always has workspaceId=null
9
+ * (tokens are issued at auth time, not workspace-selection time)
10
+ *
11
+ * Validates that req.user is a member of the requested workspace before subscribing.
8
12
  */
9
- export const GET = (req, res) => {
10
- const workspaceId = req.user?.workspaceId;
13
+ export const GET = async (req, res) => {
14
+ const workspaceId = req.query.workspaceId;
11
15
  if (!workspaceId) {
12
- res.status(400).json({ error: { message: "No workspace associated with this token" } });
16
+ res.status(400).json({ error: { message: "workspaceId query param required" } });
17
+ return;
18
+ }
19
+ // Validate the user actually belongs to this workspace
20
+ const workspaceMemberService = req.scope.resolve("workspaceMemberModuleService");
21
+ const [members] = await workspaceMemberService.listAndCountWorkspaceMembers({ workspace_id: workspaceId, user_id: req.user.id }, { limit: 1 });
22
+ if (members.length === 0) {
23
+ res.status(403).json({ error: { message: "You are not a member of this workspace" } });
13
24
  return;
14
25
  }
15
26
  res.setHeader("Content-Type", "text/event-stream");
package/dist/api/admin/events/route.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../src/api/admin/events/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAElD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,GAAQ,EAAE,GAAa,EAAE,EAAE;IAC7C,MAAM,WAAW,GAAW,GAAG,CAAC,IAAI,EAAE,WAAW,CAAA;IAEjD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,EAAE,CAAC,CAAA;QACvF,OAAM;IACR,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC,CAAA;IACzC,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA,CAAC,0BAA0B;IAEnE,GAAG,CAAC,YAAY,EAAE,CAAA;IAElB,mEAAmE;IACnE,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;QACjC,IAAI,CAAC;YAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,aAAa,CAAC,SAAS,CAAC,CAAA;QAAC,CAAC;IACzE,CAAC,EAAE,MAAM,CAAC,CAAA;IAEV,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;IAE1D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACnB,aAAa,CAAC,SAAS,CAAC,CAAA;QACxB,WAAW,EAAE,CAAA;IACf,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}
1
+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../src/api/admin/events/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAElD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,GAAG,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACnD,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,WAAiC,CAAA;IAE/D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,EAAE,CAAC,CAAA;QAChF,OAAM;IACR,CAAC;IAED,uDAAuD;IACvD,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,sBAAsB,CAAC,4BAA4B,CACzE,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EACnD,EAAE,KAAK,EAAE,CAAC,EAAE,CACb,CAAA;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,EAAE,CAAC,CAAA;QACtF,OAAM;IACR,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC,CAAA;IACzC,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA,CAAC,0BAA0B;IAEnE,GAAG,CAAC,YAAY,EAAE,CAAA;IAElB,mEAAmE;IACnE,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;QACjC,IAAI,CAAC;YAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,aAAa,CAAC,SAAS,CAAC,CAAA;QAAC,CAAC;IACzE,CAAC,EAAE,MAAM,CAAC,CAAA;IAEV,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;IAE1D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACnB,aAAa,CAAC,SAAS,CAAC,CAAA;QACxB,WAAW,EAAE,CAAA;IACf,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@meridianjs/meridian",
3
- "version": "0.1.6",
3
+ "version": "0.1.7",
4
4
  "description": "Default API routes, workflows, links, and subscribers for Meridian applications",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.js",