@rudderjs/auth 3.1.1 → 3.2.0

package/README.md

@@ -65,9 +65,16 @@ Route.get('/profile', async (req) => {
 })
 ```
 
-None of these require attaching any middleware per-route. The `authProvider()`
-service provider installs `AuthMiddleware` as a global router middleware at
-boot, so every request has the auth context ready before your handler runs.
+**No per-route wiring needed on web routes.** `authProvider()` auto-installs
+`AuthMiddleware` on the `web` route group during `boot()`, so every request
+matched by `withRouting({ web })` has the auth context populated before your
+handler runs.
+
+**API routes stay stateless.** `AuthMiddleware` does not run on the `api` group
+by default — `req.user` will be `undefined`, and `Auth.user()` returns `null`.
+For token-based API auth, reach for [`@rudderjs/passport`](../passport):
+`[RequireBearer(), scope('read')]`. Or mount `AuthMiddleware('api')` per-route
+with a token guard if you've wired one.
 
 ### Login / logout
 
@@ -100,21 +107,32 @@ Route.get('/login', showLoginPage, [RequireGuest('/')])
 import { AuthMiddleware } from '@rudderjs/auth'
 ```
 
-**You don't normally attach this.** The `authProvider()` service provider
-already installs `AuthMiddleware()` globally, so `req.user` and `auth()` work
-on every route without wiring. The only time to reach for it manually is to
-run a **non-default guard** on a specific route — the RudderJS equivalent of
-Laravel's `->middleware('auth:api')`:
+**You don't normally attach this on web routes.** `authProvider()` already
+installs `AuthMiddleware()` on the `web` route group, so `req.user` and `auth()`
+work automatically on every web request. Reach for it manually in two cases:
+
+**1. A non-default guard on a specific web route** — the RudderJS equivalent
+of Laravel's `->middleware('auth:api')`:
 
 ```ts
-Route.get('/api/admin/stats', handler, [
+Route.get('/admin/stats', handler, [
   AuthMiddleware('api'),   // populate req.user using the 'api' guard
   RequireAuth('api'),      // 401 if not authenticated against 'api'
 ])
 ```
 
-In normal app code you can forget `AuthMiddleware` exists — use `auth()`,
-`Auth`, or `req.user` directly.
+**2. Opting an API route into a token-backed guard** — API routes are
+stateless by default, so wire the guard per-route:
+
+```ts
+Route.get('/api/admin/stats', handler, [
+  AuthMiddleware('api'),
+  RequireAuth('api'),
+])
+```
+
+On web routes, you can forget `AuthMiddleware` exists — use `auth()`, `Auth`,
+or `req.user` directly.
 
 ### Authenticatable Contract
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rudderjs/auth",
-  "version": "3.1.1",
+  "version": "3.2.0",
   "rudderjs": {
     "provider": "AuthProvider",
     "stage": "infrastructure",
@@ -44,14 +44,14 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@rudderjs/contracts": "0.1.0",
-    "@rudderjs/core": "0.1.1"
+    "@rudderjs/core": "0.1.1",
+    "@rudderjs/contracts": "0.1.0"
   },
   "peerDependencies": {
-    "@rudderjs/router": "0.3.0",
-    "@rudderjs/view": "0.0.3",
     "@rudderjs/hash": "0.0.7",
-    "@rudderjs/session": "0.1.1"
+    "@rudderjs/session": "0.1.1",
+    "@rudderjs/view": "0.0.3",
+    "@rudderjs/router": "0.3.0"
   },
   "peerDependenciesMeta": {
     "@rudderjs/hash": {

package/views/react/ForgotPassword.tsx

@@ -44,31 +44,30 @@ export default function ForgotPassword(props: ForgotPasswordProps) {
   }
 
   return (
-    <div className="flex min-h-svh items-center justify-center p-4">
-      <div className="w-full max-w-sm space-y-6">
-        <div className="text-center">
-          <h1 className="text-2xl font-bold">Forgot password</h1>
-          <p className="text-sm text-gray-500 mt-1">Enter your email to receive a reset link</p>
+    <div className="auth-wrap">
+      <div className="auth-card">
+        <div className="auth-head">
+          <h1 className="heading-lg">Forgot password</h1>
+          <p className="muted">Enter your email to receive a reset link</p>
         </div>
-        <form onSubmit={handleSubmit} className="space-y-4 rounded-lg border p-6 shadow-sm">
-          {error && <p className="rounded-md bg-red-50 px-3 py-2 text-sm text-red-600">{error}</p>}
-          {success && <p className="rounded-md bg-green-50 px-3 py-2 text-sm text-green-600">{success}</p>}
+        <form onSubmit={handleSubmit} className="form-card">
+          {error && <p className="form-error">{error}</p>}
+          {success && <p className="form-success">{success}</p>}
           <div>
-            <label className="block text-sm font-medium mb-1" htmlFor="email">Email</label>
+            <label className="form-label" htmlFor="email">Email</label>
             <input
               id="email" type="email" placeholder="you@example.com"
               value={email} onChange={e => setEmail(e.currentTarget.value)}
               required autoComplete="email"
-              className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+              className="form-input"
             />
           </div>
-          <button type="submit" disabled={loading}
-            className="w-full rounded-md bg-black px-4 py-2 text-sm font-medium text-white hover:bg-black/90 disabled:opacity-50">
+          <button type="submit" disabled={loading} className="form-submit">
             {loading ? 'Sending...' : 'Send reset link'}
           </button>
-          <p className="text-center text-sm text-gray-500">
+          <p className="auth-head muted">
             Remember your password?{' '}
-            <a href={loginUrl} className="underline hover:text-black">Sign in</a>
+            <a href={loginUrl} className="auth-link">Sign in</a>
           </p>
         </form>
       </div>

package/views/react/Login.tsx

@@ -47,39 +47,38 @@ export default function Login(props: LoginProps) {
   }
 
   return (
-    <div className="flex min-h-svh items-center justify-center p-4">
-      <div className="w-full max-w-sm space-y-6">
-        <div className="text-center">
-          <h1 className="text-2xl font-bold">Welcome back</h1>
-          <p className="text-sm text-gray-500 mt-1">Sign in to your account</p>
+    <div className="auth-wrap">
+      <div className="auth-card">
+        <div className="auth-head">
+          <h1 className="heading-lg">Welcome back</h1>
+          <p className="muted">Sign in to your account</p>
         </div>
-        <form onSubmit={handleSubmit} className="space-y-4 rounded-lg border p-6 shadow-sm">
-          {error && <p className="rounded-md bg-red-50 px-3 py-2 text-sm text-red-600">{error}</p>}
+        <form onSubmit={handleSubmit} className="form-card">
+          {error && <p className="form-error">{error}</p>}
           <div>
-            <label className="block text-sm font-medium mb-1" htmlFor="email">Email</label>
+            <label className="form-label" htmlFor="email">Email</label>
             <input
               id="email" type="email" placeholder="you@example.com"
               value={email} onChange={e => setEmail(e.currentTarget.value)}
               required autoComplete="email"
-              className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+              className="form-input"
             />
           </div>
           <div>
-            <label className="block text-sm font-medium mb-1" htmlFor="password">Password</label>
+            <label className="form-label" htmlFor="password">Password</label>
             <input
               id="password" type="password" placeholder="••••••••"
               value={password} onChange={e => setPassword(e.currentTarget.value)}
               required autoComplete="current-password"
-              className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+              className="form-input"
             />
           </div>
-          <button type="submit" disabled={loading}
-            className="w-full rounded-md bg-black px-4 py-2 text-sm font-medium text-white hover:bg-black/90 disabled:opacity-50">
+          <button type="submit" disabled={loading} className="form-submit">
             {loading ? 'Signing in…' : 'Sign in'}
           </button>
-          <div className="flex items-center justify-between text-sm text-gray-500">
-            <a href={forgotPasswordUrl} className="underline hover:text-black">Forgot password?</a>
-            <a href={registerUrl} className="underline hover:text-black">Register</a>
+          <div className="form-link-row">
+            <a href={forgotPasswordUrl} className="auth-link">Forgot password?</a>
+            <a href={registerUrl} className="auth-link">Register</a>
           </div>
         </form>
       </div>

package/views/react/Register.tsx

@@ -41,48 +41,47 @@ export default function Register(props: RegisterProps) {
   }
 
   return (
-    <div className="flex min-h-svh items-center justify-center p-4">
-      <div className="w-full max-w-sm space-y-6">
-        <div className="text-center">
-          <h1 className="text-2xl font-bold">Create an account</h1>
-          <p className="text-sm text-gray-500 mt-1">Get started in seconds</p>
+    <div className="auth-wrap">
+      <div className="auth-card">
+        <div className="auth-head">
+          <h1 className="heading-lg">Create an account</h1>
+          <p className="muted">Get started in seconds</p>
         </div>
-        <form onSubmit={handleSubmit} className="space-y-4 rounded-lg border p-6 shadow-sm">
-          {error && <p className="rounded-md bg-red-50 px-3 py-2 text-sm text-red-600">{error}</p>}
+        <form onSubmit={handleSubmit} className="form-card">
+          {error && <p className="form-error">{error}</p>}
           <div>
-            <label className="block text-sm font-medium mb-1" htmlFor="name">Name</label>
+            <label className="form-label" htmlFor="name">Name</label>
             <input
               id="name" type="text" placeholder="Alice Smith"
               value={name} onChange={e => setName(e.currentTarget.value)}
               required autoComplete="name"
-              className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+              className="form-input"
             />
           </div>
           <div>
-            <label className="block text-sm font-medium mb-1" htmlFor="email">Email</label>
+            <label className="form-label" htmlFor="email">Email</label>
             <input
               id="email" type="email" placeholder="you@example.com"
               value={email} onChange={e => setEmail(e.currentTarget.value)}
               required autoComplete="email"
-              className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+              className="form-input"
             />
           </div>
           <div>
-            <label className="block text-sm font-medium mb-1" htmlFor="password">Password</label>
+            <label className="form-label" htmlFor="password">Password</label>
             <input
               id="password" type="password" placeholder="••••••••"
               value={password} onChange={e => setPassword(e.currentTarget.value)}
               required autoComplete="new-password" minLength={8}
-              className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+              className="form-input"
             />
           </div>
-          <button type="submit" disabled={loading}
-            className="w-full rounded-md bg-black px-4 py-2 text-sm font-medium text-white hover:bg-black/90 disabled:opacity-50">
+          <button type="submit" disabled={loading} className="form-submit">
             {loading ? 'Creating account…' : 'Create account'}
           </button>
-          <p className="text-center text-sm text-gray-500">
+          <p className="auth-head muted">
             Already have an account?{' '}
-            <a href={loginUrl} className="underline hover:text-black">Sign in</a>
+            <a href={loginUrl} className="auth-link">Sign in</a>
           </p>
         </form>
       </div>

package/views/react/ResetPassword.tsx

@@ -62,20 +62,20 @@ export default function ResetPassword(props: ResetPasswordProps) {
 
   if (!mounted) {
     return (
-      <div className="flex min-h-svh items-center justify-center p-4">
-        <div className="text-sm text-gray-500">Loading...</div>
+      <div className="auth-wrap">
+        <div className="muted">Loading...</div>
       </div>
     )
   }
 
   if (!token) {
     return (
-      <div className="flex min-h-svh items-center justify-center p-4">
-        <div className="w-full max-w-sm space-y-6">
-          <div className="space-y-4 rounded-lg border p-6 shadow-sm">
-            <p className="rounded-md bg-red-50 px-3 py-2 text-sm text-red-600">Missing reset token.</p>
-            <p className="text-center text-sm text-gray-500">
-              <a href={forgotPasswordUrl} className="underline hover:text-black">Request a new reset link</a>
+      <div className="auth-wrap">
+        <div className="auth-card">
+          <div className="form-card">
+            <p className="form-error">Missing reset token.</p>
+            <p className="auth-head muted">
+              <a href={forgotPasswordUrl} className="auth-link">Request a new reset link</a>
             </p>
           </div>
         </div>
@@ -84,44 +84,43 @@ export default function ResetPassword(props: ResetPasswordProps) {
   }
 
   return (
-    <div className="flex min-h-svh items-center justify-center p-4">
-      <div className="w-full max-w-sm space-y-6">
-        <div className="text-center">
-          <h1 className="text-2xl font-bold">Reset password</h1>
-          <p className="text-sm text-gray-500 mt-1">Enter your new password</p>
+    <div className="auth-wrap">
+      <div className="auth-card">
+        <div className="auth-head">
+          <h1 className="heading-lg">Reset password</h1>
+          <p className="muted">Enter your new password</p>
         </div>
-        <form onSubmit={handleSubmit} className="space-y-4 rounded-lg border p-6 shadow-sm">
-          {error && <p className="rounded-md bg-red-50 px-3 py-2 text-sm text-red-600">{error}</p>}
+        <form onSubmit={handleSubmit} className="form-card">
+          {error && <p className="form-error">{error}</p>}
           {success && (
-            <div className="space-y-2">
-              <p className="rounded-md bg-green-50 px-3 py-2 text-sm text-green-600">{success}</p>
-              <p className="text-center text-sm text-gray-500">
-                <a href={loginUrl} className="underline hover:text-black">Sign in</a>
+            <>
+              <p className="form-success">{success}</p>
+              <p className="auth-head muted">
+                <a href={loginUrl} className="auth-link">Sign in</a>
               </p>
-            </div>
+            </>
           )}
           {!success && (
             <>
               <div>
-                <label className="block text-sm font-medium mb-1" htmlFor="password">New password</label>
+                <label className="form-label" htmlFor="password">New password</label>
                 <input
                   id="password" type="password" placeholder="••••••••"
                   value={password} onChange={e => setPassword(e.currentTarget.value)}
                   required minLength={8} autoComplete="new-password"
-                  className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+                  className="form-input"
                 />
               </div>
               <div>
-                <label className="block text-sm font-medium mb-1" htmlFor="confirm-password">Confirm password</label>
+                <label className="form-label" htmlFor="confirm-password">Confirm password</label>
                 <input
                   id="confirm-password" type="password" placeholder="••••••••"
                   value={confirmPassword} onChange={e => setConfirm(e.currentTarget.value)}
                   required minLength={8} autoComplete="new-password"
-                  className="w-full rounded-md border px-3 py-2 text-sm outline-none focus:ring-2 focus:ring-black"
+                  className="form-input"
                 />
               </div>
-              <button type="submit" disabled={loading}
-                className="w-full rounded-md bg-black px-4 py-2 text-sm font-medium text-white hover:bg-black/90 disabled:opacity-50">
+              <button type="submit" disabled={loading} className="form-submit">
                 {loading ? 'Resetting...' : 'Reset password'}
               </button>
             </>