@pylonsync/next 0.3.7 → 0.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/server.ts +33 -15
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "0.3.7",
6
+ "version": "0.3.9",
7
7
  "type": "module",
8
8
  "description": "Next.js helpers for Pylon — cookie-based auth gate, server-side session helpers, and reusable client hooks.",
9
9
  "exports": {
package/src/server.ts CHANGED
@@ -206,21 +206,39 @@ export function createPylonServer(config: PylonServerConfig): PylonServer {
206
206
  auth: PylonAuth;
207
207
  user: U;
208
208
  } | null> {
209
- const auth = await getAuth();
210
- if (!auth) return null;
211
- try {
212
- const user = await pylonJsonBound<U>(`/api/fn/${getMeFn}`, {
213
- method: "POST",
214
- headers: { "Content-Type": "application/json" },
215
- body: "{}",
216
- });
217
- if (user == null) return null;
218
- return { auth, user };
219
- } catch {
220
- // Function may not be registered yet, or the row was
221
- // deleted while logged in — treat as anonymous.
222
- return null;
223
- }
209
+ // Single round-trip to /api/auth/session pylon returns
210
+ // `{ session, user }` where `user` is the User row projected
211
+ // to safe fields (passwordHash + framework-internal columns
212
+ // stripped). This replaces the older two-step
213
+ // /api/auth/me + /api/fn/getMe dance.
214
+ const session = await readSession();
215
+ if (!session) return null;
216
+ const resp = await fetch(`${target()}/api/auth/session`, {
217
+ headers: { cookie: session.header },
218
+ cache: "no-store",
219
+ })
220
+ .then(
221
+ (r) =>
222
+ r.json() as Promise<{
223
+ session?: {
224
+ user_id?: string;
225
+ tenant_id?: string | null;
226
+ is_admin?: boolean;
227
+ };
228
+ user?: U | null;
229
+ }>,
230
+ )
231
+ .catch(() => ({}) as { session?: undefined; user?: undefined });
232
+ if (!resp.session?.user_id || !resp.user) return null;
233
+ return {
234
+ auth: {
235
+ userId: resp.session.user_id,
236
+ tenantId: resp.session.tenant_id ?? null,
237
+ isAdmin: resp.session.is_admin ?? false,
238
+ cookieHeader: session.header,
239
+ },
240
+ user: resp.user,
241
+ };
224
242
  }
225
243
 
226
244
  async function requireMe<U = Record<string, unknown>>(): Promise<{