@spfn/auth 0.2.0-beta.39 → 0.2.0-beta.40

package/README.md

@@ -1116,9 +1116,13 @@ Update authenticated user's username. Validates uniqueness before updating.
   provider: 'email' | 'phone' | 'google';
   email?: string;
   phone?: string;
+  metadata?: Record<string, unknown>;  // 가입 시 전달된 커스텀 메타데이터
 }
 ```
 
+`metadata`는 클라이언트가 register/OAuth 요청 body에 포함한 값이 그대로 전달됩니다.
+레퍼럴 코드, UTM 파라미터 등 앱 고유 데이터를 이벤트 구독자에게 전달할 때 사용합니다.
+
 ---
 
 ### Subscribing to Events
@@ -1132,12 +1136,32 @@ authLoginEvent.subscribe(async (payload) => {
     await analytics.trackLogin(payload.userId);
 });
 
-// 회원가입 이벤트 구독
+// 회원가입 이벤트 구독 (metadata 활용)
 authRegisterEvent.subscribe(async (payload) => {
     console.log('New user registered:', payload.userId);
     if (payload.email) {
         await emailService.sendWelcome(payload.email);
     }
+
+    // 레퍼럴 코드 처리
+    const refCode = payload.metadata?.refCode as string;
+    if (refCode) {
+        await referralService.link(payload.userId, refCode);
+    }
+});
+```
+
+클라이언트에서 metadata를 전달하는 방법:
+
+```typescript
+// 이메일/전화 가입
+authApi.register.call({
+    body: { email, password, metadata: { refCode: 'CODE', utm_source: 'google' } }
+});
+
+// OAuth 가입
+authApi.oauthStart.call({
+    body: { provider: 'google', returnUrl: '/dashboard', metadata: { refCode: 'CODE' } }
 });
 ```
 

package/dist/{authenticate-vcXIhj1J.d.ts → authenticate-BbugF32w.d.ts}

@@ -149,6 +149,7 @@ interface RegisterParams {
     keyId: string;
     fingerprint: string;
     algorithm?: KeyAlgorithmType;
+    metadata?: Record<string, unknown>;
 }
 interface RegisterResult {
     userId: string;
@@ -393,6 +394,7 @@ interface OAuthStartParams {
     keyId: string;
     fingerprint: string;
     algorithm: KeyAlgorithmType;
+    metadata?: Record<string, unknown>;
 }
 interface OAuthStartResult {
     authUrl: string;
@@ -492,6 +494,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
             verificationToken: _sinclair_typebox.TString;
             password: _sinclair_typebox.TString;
+            metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
         }>;
     }, {
         body: _sinclair_typebox.TObject<{
@@ -570,6 +573,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             keyId: _sinclair_typebox.TString;
             fingerprint: _sinclair_typebox.TString;
             algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
+            metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
         }>;
     }, {}, OAuthStartResult>;
     oauthProviders: _spfn_core_route.RouteDef<{}, {}, {

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import * as _spfn_core_nextjs from '@spfn/core/nextjs';
-import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-vcXIhj1J.js';
-export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-vcXIhj1J.js';
+import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-BbugF32w.js';
+export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-BbugF32w.js';
 import * as _spfn_core_route from '@spfn/core/route';
 import { HttpMethod } from '@spfn/core/route';
 import * as _sinclair_typebox from '@sinclair/typebox';
@@ -118,6 +118,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
             verificationToken: _sinclair_typebox.TString;
             password: _sinclair_typebox.TString;
+            metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
         }>;
     }, {
         body: _sinclair_typebox.TObject<{
@@ -196,6 +197,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             keyId: _sinclair_typebox.TString;
             fingerprint: _sinclair_typebox.TString;
             algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
+            metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
         }>;
     }, {}, OAuthStartResult>;
     oauthProviders: _spfn_core_route.RouteDef<{}, {}, {

package/dist/server.d.ts

@@ -1,5 +1,5 @@
-import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-vcXIhj1J.js';
-export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-vcXIhj1J.js';
+import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-BbugF32w.js';
+export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-BbugF32w.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
@@ -3585,6 +3585,7 @@ declare class PermissionsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         description: string | null;
+        metadata: Record<string, any> | null;
         id: number;
         name: string;
         displayName: string;
@@ -3594,7 +3595,6 @@ declare class PermissionsRepository extends BaseRepository {
         createdAt: Date;
         updatedAt: Date;
         category: "auth" | "custom" | "user" | "rbac" | "system" | null;
-        metadata: Record<string, any> | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3831,12 +3831,12 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 생성
      */
     create(data: NewUserProfile): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
-        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3900,12 +3900,12 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 삭제 (by ID)
      */
     deleteById(id: number): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
-        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3923,12 +3923,12 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 삭제 (by User ID)
      */
     deleteByUserId(userId: number): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
-        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3949,12 +3949,12 @@ declare class UserProfilesRepository extends BaseRepository {
      * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
      */
     upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
-        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4094,12 +4094,12 @@ declare class InvitationsRepository extends BaseRepository {
      */
     create(data: NewInvitation): Promise<{
         email: string;
+        metadata: Record<string, any> | null;
         id: number;
         roleId: number;
         createdAt: Date;
         updatedAt: Date;
         status: "pending" | "accepted" | "expired" | "cancelled";
-        metadata: Record<string, any> | null;
         token: string;
         invitedBy: number;
         expiresAt: Date;
@@ -4128,12 +4128,12 @@ declare class InvitationsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         email: string;
+        metadata: Record<string, any> | null;
         id: number;
         roleId: number;
         createdAt: Date;
         updatedAt: Date;
         status: "pending" | "accepted" | "expired" | "cancelled";
-        metadata: Record<string, any> | null;
         token: string;
         invitedBy: number;
         expiresAt: Date;
@@ -5137,6 +5137,7 @@ interface OAuthState {
     keyId: string;
     fingerprint: string;
     algorithm: KeyAlgorithmType;
+    metadata?: Record<string, unknown>;
 }
 interface CreateOAuthStateParams {
     provider: string;
@@ -5145,6 +5146,7 @@ interface CreateOAuthStateParams {
     keyId: string;
     fingerprint: string;
     algorithm: KeyAlgorithmType;
+    metadata?: Record<string, unknown>;
 }
 /**
  * OAuth state 생성 및 암호화
@@ -5306,6 +5308,9 @@ declare const authLoginEvent: _spfn_core_event.EventDef<{
 declare const authRegisterEvent: _spfn_core_event.EventDef<{
     email?: string | undefined;
     phone?: string | undefined;
+    metadata?: {
+        [x: string]: unknown;
+    } | undefined;
     userId: string;
     provider: "email" | "phone" | "google";
 }>;

package/dist/server.js

@@ -7149,7 +7149,8 @@ var authRegisterEvent = defineEvent(
     userId: Type.String(),
     provider: AuthProviderSchema,
     email: Type.Optional(Type.String()),
-    phone: Type.Optional(Type.String())
+    phone: Type.Optional(Type.String()),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
   })
 );
 
@@ -7177,7 +7178,7 @@ async function checkAccountExistsService(params) {
   };
 }
 async function registerService(params) {
-  const { email, phone, verificationToken, password, publicKey, keyId, fingerprint, algorithm } = params;
+  const { email, phone, verificationToken, password, publicKey, keyId, fingerprint, algorithm, metadata } = params;
   const tokenPayload = validateVerificationToken(verificationToken);
   if (!tokenPayload) {
     throw new InvalidVerificationTokenError();
@@ -7228,7 +7229,8 @@ async function registerService(params) {
     userId: result.userId,
     provider: email ? "email" : "phone",
     email: result.email,
-    phone: result.phone
+    phone: result.phone,
+    metadata
   });
   return result;
 }
@@ -7940,7 +7942,8 @@ async function createOAuthState(params) {
     publicKey: params.publicKey,
     keyId: params.keyId,
     fingerprint: params.fingerprint,
-    algorithm: params.algorithm
+    algorithm: params.algorithm,
+    metadata: params.metadata
   };
   const jwe = await new jose.EncryptJWT({ state }).setProtectedHeader({ alg: "dir", enc: "A256GCM" }).setIssuedAt().setExpirationTime("10m").encrypt(key);
   return encodeURIComponent(jwe);
@@ -7954,7 +7957,7 @@ async function verifyOAuthState(encryptedState) {
 
 // src/server/services/oauth.service.ts
 async function oauthStartService(params) {
-  const { provider, returnUrl, publicKey, keyId, fingerprint, algorithm } = params;
+  const { provider, returnUrl, publicKey, keyId, fingerprint, algorithm, metadata } = params;
   if (provider === "google") {
     if (!isGoogleOAuthEnabled()) {
       throw new ValidationError3({
@@ -7967,7 +7970,8 @@ async function oauthStartService(params) {
       publicKey,
       keyId,
       fingerprint,
-      algorithm
+      algorithm,
+      metadata
     });
     const authUrl = getGoogleAuthUrl(state);
     return { authUrl };
@@ -8034,7 +8038,8 @@ async function handleGoogleCallback(code, stateData) {
     userId: String(userId),
     provider: "google",
     email: user?.email || void 0,
-    phone: user?.phone || void 0
+    phone: user?.phone || void 0,
+    metadata: stateData.metadata
   };
   if (isNewUser) {
     await authRegisterEvent.emit(eventPayload);
@@ -8203,7 +8208,10 @@ var register = route.post("/_auth/register").input({
     verificationToken: Type.String({
       description: "Verification token obtained from /verify-code endpoint"
     }),
-    password: PasswordSchema
+    password: PasswordSchema,
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown(), {
+      description: "Custom metadata passed to authRegisterEvent (e.g. referral code, UTM params)"
+    }))
   }, {
     minProperties: 3,
     // email/phone + verificationToken + password
@@ -8924,7 +8932,10 @@ var oauthStart = route4.post("/_auth/oauth/start").input({
     }),
     algorithm: Type.Union(KEY_ALGORITHM.map((a) => Type.Literal(a)), {
       description: "Key algorithm (ES256 or RS256)"
-    })
+    }),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown(), {
+      description: "Custom metadata passed to authRegisterEvent (e.g. referral code, UTM params)"
+    }))
   })
 }).skip(["auth"]).handler(async (c) => {
   const { body } = await c.data();