@mesob/auth-hono 0.0.5 → 0.0.7

package/dist/{index-BzGjOP5Z.d.ts → index-J2ZbOnZO.d.ts}

@@ -1,3 +1,10 @@
+type UserRole = {
+    id: string;
+    roleId: string;
+    code: string;
+    name: unknown;
+    description: unknown;
+};
 type User = {
     id: string;
     tenantId: string;
@@ -9,6 +16,7 @@ type User = {
     emailVerified: boolean;
     phoneVerified: boolean;
     lastSignInAt: string | null;
+    userRoles?: UserRole[];
 };
 type Session = {
     id: string;

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import { OpenAPIHono } from '@hono/zod-openapi';
-import { A as AuthConfig, S as Session, U as User } from './index-BzGjOP5Z.js';
+import { A as AuthConfig, S as Session, U as User } from './index-J2ZbOnZO.js';
 
 declare const createAuthHandler: (config: AuthConfig) => OpenAPIHono<any, {}, "/">;
 declare const createAuthRoutes: (config: AuthConfig) => OpenAPIHono<any, {}, "/">;

package/dist/index.js

@@ -470,6 +470,24 @@ import { OpenAPIHono as OpenAPIHono2 } from "@hono/zod-openapi";
 import { getCookie as getCookie3 } from "hono/cookie";
 import { HTTPException as HTTPException16 } from "hono/http-exception";
 
+// src/db/orm/iam/users/find-user-roles.ts
+import { and as and3, eq as eq3 } from "drizzle-orm";
+var findUserRoles = (db, tenantId, userId) => {
+  return db.select({
+    id: userRolesInIam.id,
+    roleId: rolesInIam.id,
+    code: rolesInIam.code,
+    name: rolesInIam.name,
+    description: rolesInIam.description
+  }).from(userRolesInIam).innerJoin(rolesInIam, eq3(userRolesInIam.roleId, rolesInIam.id)).where(
+    and3(
+      eq3(userRolesInIam.userId, userId),
+      eq3(userRolesInIam.tenantId, tenantId),
+      eq3(rolesInIam.tenantId, tenantId)
+    )
+  );
+};
+
 // src/lib/crypto.ts
 import { scrypt } from "@noble/hashes/scrypt.js";
 import { randomBytes } from "@noble/hashes/utils.js";
@@ -558,6 +576,13 @@ import { z } from "zod";
 var emailField = z.string().trim().email("Invalid email address").max(255, "Email too long");
 var phoneField = z.string().trim().min(6, "Phone too short").max(30, "Phone too long").regex(/^[+()\d\s-]+$/, "Invalid phone number format");
 var passwordField = z.string().min(8, "Password must be at least 8 characters").max(128, "Password too long");
+var userRoleSchema = z.object({
+  id: z.string().uuid(),
+  roleId: z.string().uuid(),
+  code: z.string(),
+  name: z.string(),
+  description: z.string()
+});
 var userSchema = z.object({
   id: z.string().uuid(),
   tenantId: z.string(),
@@ -568,7 +593,8 @@ var userSchema = z.object({
   image: z.string().nullable(),
   emailVerified: z.boolean(),
   phoneVerified: z.boolean(),
-  lastSignInAt: z.string().datetime().nullable()
+  lastSignInAt: z.string().datetime().nullable(),
+  userRoles: z.array(userRoleSchema).nullable()
 });
 var sessionSchema = z.object({
   id: z.string().uuid(),
@@ -682,24 +708,24 @@ var pendingAccountChangeResponseSchema = z.object({
 import { HTTPException as HTTPException2 } from "hono/http-exception";
 
 // src/db/orm/iam/account-changes/expire-pending-account-changes.ts
-import { and as and3, eq as eq3, lte } from "drizzle-orm";
+import { and as and4, eq as eq4, lte } from "drizzle-orm";
 var expirePendingAccountChanges = (db, tenantId, userId) => {
   const now = (/* @__PURE__ */ new Date()).toISOString();
   return db.update(accountChangesInIam).set({
     status: "expired",
     updatedAt: now
   }).where(
-    and3(
-      eq3(accountChangesInIam.tenantId, tenantId),
-      eq3(accountChangesInIam.userId, userId),
-      eq3(accountChangesInIam.status, "pending"),
+    and4(
+      eq4(accountChangesInIam.tenantId, tenantId),
+      eq4(accountChangesInIam.userId, userId),
+      eq4(accountChangesInIam.status, "pending"),
       lte(accountChangesInIam.expiresAt, now)
     )
   );
 };
 
 // src/db/orm/iam/account-changes/find-pending-account-change.ts
-import { and as and4, desc, eq as eq4, gt as gt2 } from "drizzle-orm";
+import { and as and5, desc, eq as eq5, gt as gt2 } from "drizzle-orm";
 var findPendingAccountChange = async (db, tenantId, userId) => {
   const now = (/* @__PURE__ */ new Date()).toISOString();
   return await db.select({
@@ -708,10 +734,10 @@ var findPendingAccountChange = async (db, tenantId, userId) => {
     newPhone: accountChangesInIam.newPhone,
     expiresAt: accountChangesInIam.expiresAt
   }).from(accountChangesInIam).where(
-    and4(
-      eq4(accountChangesInIam.tenantId, tenantId),
-      eq4(accountChangesInIam.userId, userId),
-      eq4(accountChangesInIam.status, "pending"),
+    and5(
+      eq5(accountChangesInIam.tenantId, tenantId),
+      eq5(accountChangesInIam.userId, userId),
+      eq5(accountChangesInIam.status, "pending"),
       gt2(accountChangesInIam.expiresAt, now)
     )
   ).orderBy(desc(accountChangesInIam.createdAt)).limit(1).then(([row]) => {
@@ -731,18 +757,18 @@ var findPendingAccountChange = async (db, tenantId, userId) => {
 };
 
 // src/db/orm/iam/verifications/find-active-verification-id.ts
-import { and as and5, desc as desc2, eq as eq5, gt as gt3 } from "drizzle-orm";
+import { and as and6, desc as desc2, eq as eq6, gt as gt3 } from "drizzle-orm";
 var findActiveVerificationId = async (db, tenantId, userId, type, to) => {
   const now = (/* @__PURE__ */ new Date()).toISOString();
   return await db.select({
     verificationId: verificationsInIam.id,
     expiresAt: verificationsInIam.expiresAt
   }).from(verificationsInIam).where(
-    and5(
-      eq5(verificationsInIam.tenantId, tenantId),
-      eq5(verificationsInIam.userId, userId),
-      eq5(verificationsInIam.type, type),
-      eq5(verificationsInIam.to, to),
+    and6(
+      eq6(verificationsInIam.tenantId, tenantId),
+      eq6(verificationsInIam.userId, userId),
+      eq6(verificationsInIam.type, type),
+      eq6(verificationsInIam.to, to),
       gt3(verificationsInIam.expiresAt, now)
     )
   ).orderBy(desc2(verificationsInIam.createdAt)).limit(1).then(([row]) => row ? row : null);
@@ -823,7 +849,7 @@ var accountChangePendingHandler = async (c) => {
 };
 
 // src/db/orm/iam/users/find-user-by-email.ts
-import { and as and6, eq as eq6, sql as sql2 } from "drizzle-orm";
+import { and as and7, eq as eq7, sql as sql2 } from "drizzle-orm";
 var findUserByEmail = (db, tenantId, email) => {
   return db.select({
     id: usersInIam.id,
@@ -837,15 +863,15 @@ var findUserByEmail = (db, tenantId, email) => {
     phoneVerified: usersInIam.phoneVerified,
     lastSignInAt: usersInIam.lastSignInAt
   }).from(usersInIam).where(
-    and6(
-      eq6(usersInIam.tenantId, tenantId),
+    and7(
+      eq7(usersInIam.tenantId, tenantId),
       sql2`lower(${usersInIam.email}) = lower(${email})`
     )
   ).limit(1).then(([user]) => user || null);
 };
 
 // src/db/orm/iam/users/find-user-by-phone.ts
-import { and as and7, eq as eq7 } from "drizzle-orm";
+import { and as and8, eq as eq8 } from "drizzle-orm";
 var findUserByPhone = (db, tenantId, phone) => {
   return db.select({
     id: usersInIam.id,
@@ -858,7 +884,7 @@ var findUserByPhone = (db, tenantId, phone) => {
     emailVerified: usersInIam.emailVerified,
     phoneVerified: usersInIam.phoneVerified,
     lastSignInAt: usersInIam.lastSignInAt
-  }).from(usersInIam).where(and7(eq7(usersInIam.tenantId, tenantId), eq7(usersInIam.phone, phone))).limit(1).then(([user]) => user || null);
+  }).from(usersInIam).where(and8(eq8(usersInIam.tenantId, tenantId), eq8(usersInIam.phone, phone))).limit(1).then(([user]) => user || null);
 };
 
 // src/db/orm/iam/users/find-user-by-identifier.ts
@@ -913,22 +939,22 @@ var insertSession = (db, data) => {
 };
 
 // src/db/orm/iam/users/update-user-verified.ts
-import { and as and8, eq as eq8 } from "drizzle-orm";
+import { and as and9, eq as eq9 } from "drizzle-orm";
 var updateUserVerified = (db, tenantId, userId, type) => {
   return db.update(usersInIam).set({
     [type === "email" ? "emailVerified" : "phoneVerified"]: true,
     lastSignInAt: (/* @__PURE__ */ new Date()).toISOString()
-  }).where(and8(eq8(usersInIam.id, userId), eq8(usersInIam.tenantId, tenantId)));
+  }).where(and9(eq9(usersInIam.id, userId), eq9(usersInIam.tenantId, tenantId)));
 };
 
 // src/db/orm/iam/verifications/consume-verification.ts
-import { eq as eq9 } from "drizzle-orm";
+import { eq as eq10 } from "drizzle-orm";
 var consumeVerification = (db, verificationId) => {
-  return db.delete(verificationsInIam).where(eq9(verificationsInIam.id, verificationId));
+  return db.delete(verificationsInIam).where(eq10(verificationsInIam.id, verificationId));
 };
 
 // src/db/orm/iam/verifications/find-verification-by-id.ts
-import { eq as eq10 } from "drizzle-orm";
+import { eq as eq11 } from "drizzle-orm";
 var findVerificationById = (db, verificationId) => {
   return db.select({
     id: verificationsInIam.id,
@@ -940,17 +966,17 @@ var findVerificationById = (db, verificationId) => {
     expiresAt: verificationsInIam.expiresAt,
     createdAt: verificationsInIam.createdAt,
     attempt: verificationsInIam.attempt
-  }).from(verificationsInIam).where(eq10(verificationsInIam.id, verificationId)).limit(1).then(([verification]) => verification || null);
+  }).from(verificationsInIam).where(eq11(verificationsInIam.id, verificationId)).limit(1).then(([verification]) => verification || null);
 };
 
 // src/db/orm/iam/verifications/update-verification-attempt.ts
-import { eq as eq11 } from "drizzle-orm";
+import { eq as eq12 } from "drizzle-orm";
 var updateVerificationAttempt = async (db, verificationId) => {
   const verification = await findVerificationById(db, verificationId);
   if (!verification) {
     return;
   }
-  await db.update(verificationsInIam).set({ attempt: (verification.attempt || 0) + 1 }).where(eq11(verificationsInIam.id, verificationId));
+  await db.update(verificationsInIam).set({ attempt: (verification.attempt || 0) + 1 }).where(eq12(verificationsInIam.id, verificationId));
 };
 
 // src/lib/session.ts
@@ -1063,7 +1089,7 @@ var emailVerificationConfirmHandler = async (c) => {
 import { HTTPException as HTTPException4 } from "hono/http-exception";
 
 // src/db/orm/iam/account-changes/cancel-pending-account-changes.ts
-import { and as and9, eq as eq12 } from "drizzle-orm";
+import { and as and10, eq as eq13 } from "drizzle-orm";
 var cancelPendingAccountChanges = (db, tenantId, userId, changeType) => {
   const now = (/* @__PURE__ */ new Date()).toISOString();
   return db.update(accountChangesInIam).set({
@@ -1072,11 +1098,11 @@ var cancelPendingAccountChanges = (db, tenantId, userId, changeType) => {
     updatedAt: now,
     reason: "replaced"
   }).where(
-    and9(
-      eq12(accountChangesInIam.tenantId, tenantId),
-      eq12(accountChangesInIam.userId, userId),
-      eq12(accountChangesInIam.changeType, changeType),
-      eq12(accountChangesInIam.status, "pending")
+    and10(
+      eq13(accountChangesInIam.tenantId, tenantId),
+      eq13(accountChangesInIam.userId, userId),
+      eq13(accountChangesInIam.changeType, changeType),
+      eq13(accountChangesInIam.status, "pending")
     )
   );
 };
@@ -1099,13 +1125,13 @@ var insertPendingEmailChange = (db, data) => {
 };
 
 // src/db/orm/iam/verifications/delete-verifications-by-user-and-type.ts
-import { and as and10, eq as eq13 } from "drizzle-orm";
+import { and as and11, eq as eq14 } from "drizzle-orm";
 var deleteVerificationsByUserAndType = (db, tenantId, userId, type) => {
   return db.delete(verificationsInIam).where(
-    and10(
-      eq13(verificationsInIam.tenantId, tenantId),
-      eq13(verificationsInIam.userId, userId),
-      eq13(verificationsInIam.type, type)
+    and11(
+      eq14(verificationsInIam.tenantId, tenantId),
+      eq14(verificationsInIam.userId, userId),
+      eq14(verificationsInIam.type, type)
     )
   );
 };
@@ -1326,7 +1352,7 @@ import { getCookie } from "hono/cookie";
 import { HTTPException as HTTPException6 } from "hono/http-exception";
 
 // src/db/orm/iam/accounts/find-account-by-provider.ts
-import { and as and11, eq as eq14 } from "drizzle-orm";
+import { and as and12, eq as eq15 } from "drizzle-orm";
 var findAccountByProvider = (db, tenantId, userId, provider) => {
   return db.select({
     id: accountsInIam.id,
@@ -1336,34 +1362,34 @@ var findAccountByProvider = (db, tenantId, userId, provider) => {
     providerAccountId: accountsInIam.providerAccountId,
     password: accountsInIam.password
   }).from(accountsInIam).where(
-    and11(
-      eq14(accountsInIam.tenantId, tenantId),
-      eq14(accountsInIam.userId, userId),
-      eq14(accountsInIam.provider, provider)
+    and12(
+      eq15(accountsInIam.tenantId, tenantId),
+      eq15(accountsInIam.userId, userId),
+      eq15(accountsInIam.provider, provider)
     )
   ).limit(1).then(([account]) => account || null);
 };
 
 // src/db/orm/iam/accounts/update-account-password.ts
-import { and as and12, eq as eq15 } from "drizzle-orm";
+import { and as and13, eq as eq16 } from "drizzle-orm";
 var updateAccountPassword = (db, tenantId, userId, password) => {
   return db.update(accountsInIam).set({ password }).where(
-    and12(
-      eq15(accountsInIam.tenantId, tenantId),
-      eq15(accountsInIam.userId, userId),
-      eq15(accountsInIam.provider, "credentials")
+    and13(
+      eq16(accountsInIam.tenantId, tenantId),
+      eq16(accountsInIam.userId, userId),
+      eq16(accountsInIam.provider, "credentials")
     )
   );
 };
 
 // src/db/orm/iam/sessions/delete-session-by-id.ts
-import { eq as eq16 } from "drizzle-orm";
+import { eq as eq17 } from "drizzle-orm";
 var deleteSessionById = (db, sessionId) => {
-  return db.delete(sessionsInIam).where(eq16(sessionsInIam.id, sessionId));
+  return db.delete(sessionsInIam).where(eq17(sessionsInIam.id, sessionId));
 };
 
 // src/db/orm/iam/sessions/list-sessions-for-user.ts
-import { and as and13, asc, eq as eq17, gt as gt4 } from "drizzle-orm";
+import { and as and14, asc, eq as eq18, gt as gt4 } from "drizzle-orm";
 var listSessionsForUser = (db, tenantId, userId) => {
   return db.select({
     id: sessionsInIam.id,
@@ -1375,9 +1401,9 @@ var listSessionsForUser = (db, tenantId, userId) => {
     userAgent: sessionsInIam.userAgent,
     ip: sessionsInIam.ip
   }).from(sessionsInIam).where(
-    and13(
-      eq17(sessionsInIam.tenantId, tenantId),
-      eq17(sessionsInIam.userId, userId),
+    and14(
+      eq18(sessionsInIam.tenantId, tenantId),
+      eq18(sessionsInIam.userId, userId),
       gt4(sessionsInIam.expiresAt, (/* @__PURE__ */ new Date()).toISOString())
     )
   ).orderBy(asc(sessionsInIam.createdAt)).then((sessions) => sessions);
@@ -1854,9 +1880,9 @@ var deleteOldestSessions = async (db, tenantId, userId, keepCount) => {
 };
 
 // src/db/orm/iam/users/update-last-sign-in.ts
-import { and as and14, eq as eq18 } from "drizzle-orm";
+import { and as and15, eq as eq19 } from "drizzle-orm";
 var updateLastSignIn = (db, tenantId, userId) => {
-  return db.update(usersInIam).set({ lastSignInAt: (/* @__PURE__ */ new Date()).toISOString(), loginAttempt: 0 }).where(and14(eq18(usersInIam.id, userId), eq18(usersInIam.tenantId, tenantId)));
+  return db.update(usersInIam).set({ lastSignInAt: (/* @__PURE__ */ new Date()).toISOString(), loginAttempt: 0 }).where(and15(eq19(usersInIam.id, userId), eq19(usersInIam.tenantId, tenantId)));
 };
 
 // src/routes/handler/sign-in.ts
@@ -2009,7 +2035,7 @@ var insertCredentialsAccount = (db, data) => {
 };
 
 // src/db/orm/iam/users/find-user-by-handle.ts
-import { and as and15, eq as eq19, sql as sql3 } from "drizzle-orm";
+import { and as and16, eq as eq20, sql as sql3 } from "drizzle-orm";
 var findUserByHandle = (db, tenantId, handle) => {
   return db.select({
     id: usersInIam.id,
@@ -2023,8 +2049,8 @@ var findUserByHandle = (db, tenantId, handle) => {
     phoneVerified: usersInIam.phoneVerified,
     lastSignInAt: usersInIam.lastSignInAt
   }).from(usersInIam).where(
-    and15(
-      eq19(usersInIam.tenantId, tenantId),
+    and16(
+      eq20(usersInIam.tenantId, tenantId),
       sql3`lower(${usersInIam.handle}) = lower(${handle})`
     )
   ).limit(1).then(([user]) => user || null);
@@ -2179,58 +2205,58 @@ var signUpHandler = async (c) => {
 import { HTTPException as HTTPException13 } from "hono/http-exception";
 
 // src/db/orm/iam/account-changes/mark-pending-account-change-applied.ts
-import { and as and16, eq as eq20 } from "drizzle-orm";
+import { and as and17, eq as eq21 } from "drizzle-orm";
 var markPendingAccountChangeApplied = (db, tenantId, userId, changeType, newValue) => {
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  const valueCondition = changeType === "email" ? eq20(accountChangesInIam.newEmail, newValue) : eq20(accountChangesInIam.newPhone, newValue);
+  const valueCondition = changeType === "email" ? eq21(accountChangesInIam.newEmail, newValue) : eq21(accountChangesInIam.newPhone, newValue);
   return db.update(accountChangesInIam).set({
     status: "applied",
     confirmedAt: now,
     updatedAt: now
   }).where(
-    and16(
-      eq20(accountChangesInIam.tenantId, tenantId),
-      eq20(accountChangesInIam.userId, userId),
-      eq20(accountChangesInIam.changeType, changeType),
-      eq20(accountChangesInIam.status, "pending"),
+    and17(
+      eq21(accountChangesInIam.tenantId, tenantId),
+      eq21(accountChangesInIam.userId, userId),
+      eq21(accountChangesInIam.changeType, changeType),
+      eq21(accountChangesInIam.status, "pending"),
       valueCondition
     )
   );
 };
 
 // src/db/orm/iam/accounts/update-credentials-provider-account-id.ts
-import { and as and17, eq as eq21 } from "drizzle-orm";
+import { and as and18, eq as eq22 } from "drizzle-orm";
 var updateCredentialsProviderAccountId = async (db, tenantId, userId, providerAccountId) => {
   const updated = await db.update(accountsInIam).set({ providerAccountId }).where(
-    and17(
-      eq21(accountsInIam.tenantId, tenantId),
-      eq21(accountsInIam.userId, userId),
-      eq21(accountsInIam.provider, "credentials")
+    and18(
+      eq22(accountsInIam.tenantId, tenantId),
+      eq22(accountsInIam.userId, userId),
+      eq22(accountsInIam.provider, "credentials")
     )
   ).returning({ id: accountsInIam.id }).then(([row]) => row?.id);
   return Boolean(updated);
 };
 
 // src/db/orm/iam/sessions/delete-other-sessions.ts
-import { and as and18, eq as eq22, ne } from "drizzle-orm";
+import { and as and19, eq as eq23, ne } from "drizzle-orm";
 var deleteOtherSessions = (db, tenantId, userId, currentSessionId) => {
   return db.delete(sessionsInIam).where(
-    and18(
-      eq22(sessionsInIam.tenantId, tenantId),
-      eq22(sessionsInIam.userId, userId),
+    and19(
+      eq23(sessionsInIam.tenantId, tenantId),
+      eq23(sessionsInIam.userId, userId),
       ne(sessionsInIam.id, currentSessionId)
     )
   );
 };
 
 // src/db/orm/iam/users/update-user-email.ts
-import { and as and19, eq as eq23, sql as sql4 } from "drizzle-orm";
+import { and as and20, eq as eq24, sql as sql4 } from "drizzle-orm";
 var updateUserEmail = (db, tenantId, userId, email) => {
   return db.update(usersInIam).set({
     email,
     emailVerified: true,
     updatedAt: sql4`CURRENT_TIMESTAMP`
-  }).where(and19(eq23(usersInIam.id, userId), eq23(usersInIam.tenantId, tenantId))).returning({
+  }).where(and20(eq24(usersInIam.id, userId), eq24(usersInIam.tenantId, tenantId))).returning({
     id: usersInIam.id,
     tenantId: usersInIam.tenantId,
     fullName: usersInIam.fullName,
@@ -2287,13 +2313,13 @@ var updateEmailHandler = async (c) => {
 import { HTTPException as HTTPException14 } from "hono/http-exception";
 
 // src/db/orm/iam/users/update-user-phone.ts
-import { and as and20, eq as eq24, sql as sql5 } from "drizzle-orm";
+import { and as and21, eq as eq25, sql as sql5 } from "drizzle-orm";
 var updateUserPhone = (db, tenantId, userId, phone) => {
   return db.update(usersInIam).set({
     phone,
     phoneVerified: true,
     updatedAt: sql5`CURRENT_TIMESTAMP`
-  }).where(and20(eq24(usersInIam.id, userId), eq24(usersInIam.tenantId, tenantId))).returning({
+  }).where(and21(eq25(usersInIam.id, userId), eq25(usersInIam.tenantId, tenantId))).returning({
     id: usersInIam.id,
     tenantId: usersInIam.tenantId,
     fullName: usersInIam.fullName,
@@ -2350,7 +2376,7 @@ var updatePhoneHandler = async (c) => {
 import { HTTPException as HTTPException15 } from "hono/http-exception";
 
 // src/db/orm/iam/users/update-user-profile.ts
-import { and as and21, eq as eq25, sql as sql6 } from "drizzle-orm";
+import { and as and22, eq as eq26, sql as sql6 } from "drizzle-orm";
 var updateUserProfile = async (db, tenantId, userId, data) => {
   const updateData = {};
   if (data.fullName !== void 0) {
@@ -2359,7 +2385,7 @@ var updateUserProfile = async (db, tenantId, userId, data) => {
   return await db.update(usersInIam).set({
     ...updateData,
     updatedAt: sql6`CURRENT_TIMESTAMP`
-  }).where(and21(eq25(usersInIam.id, userId), eq25(usersInIam.tenantId, tenantId))).returning({
+  }).where(and22(eq26(usersInIam.id, userId), eq26(usersInIam.tenantId, tenantId))).returning({
     id: usersInIam.id,
     tenantId: usersInIam.tenantId,
     fullName: usersInIam.fullName,
@@ -2926,9 +2952,14 @@ var createAuthMiddleware = (config, database, getTenantId) => {
             session.userId
           );
           if (user) {
+            const userRoles = await findUserRoles(
+              database,
+              session.tenantId,
+              session.userId
+            );
             c.set("tenantId", enableTenant ? session.tenantId : tenantId);
             c.set("userId", user.id);
-            c.set("user", user);
+            c.set("user", { ...user, userRoles: userRoles || [] });
             c.set("session", session);
           }
         }