@suluk/better-auth 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/src/index.ts +4 -1
- package/src/principal.ts +10 -0
- package/src/weights.ts +16 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@suluk/better-auth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.3.0",
|
|
4
4
|
"description": "Official Better-Auth-on-Hono support for Suluk: auth methods -> v4 securitySchemes; ingest Better Auth's OpenAPI 3.0 -> v4; session -> principal for per-viewer docs. CANDIDATE tooling.",
|
|
5
5
|
"publishConfig": {
|
|
6
6
|
"access": "public"
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
},
|
|
21
21
|
"dependencies": {
|
|
22
22
|
"@suluk/core": "^0.1.13",
|
|
23
|
-
"@suluk/openapi-compat": "^0.1.
|
|
23
|
+
"@suluk/openapi-compat": "^0.1.4"
|
|
24
24
|
},
|
|
25
25
|
"peerDependencies": {
|
|
26
26
|
"better-auth": "^1.0.0",
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
38
|
"@types/bun": "latest",
|
|
39
|
-
"@suluk/hono": "^0.
|
|
39
|
+
"@suluk/hono": "^0.3.0"
|
|
40
40
|
},
|
|
41
41
|
"scripts": {
|
|
42
42
|
"test": "bun test",
|
package/src/index.ts
CHANGED
|
@@ -11,7 +11,7 @@ export { authSecuritySchemes, type AuthMethods, type AuthSecurity } from "./secu
|
|
|
11
11
|
export { normalizeOas30, ingestAuthOpenAPI, mergeAuth, type IngestOptions } from "./ingest";
|
|
12
12
|
export {
|
|
13
13
|
principalFromSession, MFA_SCOPE, mcpConnectionKeyId, orgScope, parseOrgScope,
|
|
14
|
-
type Principal, type SessionLike, type PrincipalOptions,
|
|
14
|
+
type Principal, type SessionLike, type PrincipalOptions, type AppVars,
|
|
15
15
|
} from "./principal";
|
|
16
16
|
export { mountAuth, type AuthHandlerLike, type HonoLike, type MountAuthOptions } from "./mount";
|
|
17
17
|
// scope-aware API-key verification (Phase 0): wraps Better Auth's verifyApiKey to return a { scopes } Principal,
|
|
@@ -30,3 +30,6 @@ export { previewLoginHandler, isPreviewRuntime, type PreviewRequestLike, type Pr
|
|
|
30
30
|
// C057 local-dev any-email login (the Google mock when no GOOGLE_CLIENT_ID) — fail-closed behind an `armed` flag, mints
|
|
31
31
|
// a REAL session via the public signUp/signIn API. The registry arms it only in dev-mock mode; a prod deploy 404s it.
|
|
32
32
|
export { devLoginHandler, DEV_LOGIN_PASSWORD, type DevLoginAuthLike, type DevLoginOptions } from "./dev-login";
|
|
33
|
+
// Provider FEE weights — Google OAuth is free ($0); the real per-login cost is D1 infra. AUTH_WEIGHTS carries `google.oauth`
|
|
34
|
+
// at 0 for observability + as the paid-Google-API extension point. Merge into the app's table (see @suluk/cost mergeWeights).
|
|
35
|
+
export { AUTH_WEIGHTS, GOOGLE_OAUTH_MICRO_USD } from "./weights";
|
package/src/principal.ts
CHANGED
|
@@ -8,6 +8,16 @@ export interface Principal {
|
|
|
8
8
|
scopes: string[];
|
|
9
9
|
}
|
|
10
10
|
|
|
11
|
+
/** The Hono context Variables the auth middleware POPULATES per `/api/*` request — the resolved caller (`c.get("user")`,
|
|
12
|
+
* `c.var.scopes`, and the api-key id/name for a keyed caller). A module that READS the auth-set principal (e.g. `mcp`)
|
|
13
|
+
* types its context off THIS shared shape instead of importing the app's `../auth` — so it needs no sibling import. */
|
|
14
|
+
export interface AppVars {
|
|
15
|
+
user?: { id: string; email?: string };
|
|
16
|
+
scopes?: string[];
|
|
17
|
+
keyId?: string;
|
|
18
|
+
keyName?: string;
|
|
19
|
+
}
|
|
20
|
+
|
|
11
21
|
/** A minimal view of a Better Auth session (duck-typed; works with the real Session shape). */
|
|
12
22
|
export interface SessionLike {
|
|
13
23
|
user?: { role?: string | string[]; scopes?: string[] } | null;
|
package/src/weights.ts
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GOOGLE / better-auth WEIGHTS — the cost of authenticating, contributed to the token weight table (the provider analogue
|
|
3
|
+
* of @suluk/cloudflare's infra weights). Google Sign-In (OAuth) is FREE and better-auth is self-hosted, so the third-party
|
|
4
|
+
* fee is $0. The REAL per-login cost is the D1 session read/write — declare THAT as infra (`d1.write` / `d1.read`), which
|
|
5
|
+
* the bubbled-up Cloudflare weights price. `google.oauth` is carried at 0 for OBSERVABILITY (a login route can mark that it
|
|
6
|
+
* calls Google, so the cost trace names the dependency) and as the extension point for a PAID Google API (Maps, Places, …)
|
|
7
|
+
* should one ever be wired — set its weight here and every route that declares it reprices automatically.
|
|
8
|
+
*
|
|
9
|
+
* Merge `AUTH_WEIGHTS` into the app's weight table (see @suluk/cost `mergeWeights`). Pure data — no runtime dependency.
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
/** Google OAuth / Sign-In fee: $0 (free). Kept as a declared meter for observability + as the paid-Google-API extension point. */
|
|
13
|
+
export const GOOGLE_OAUTH_MICRO_USD = 0;
|
|
14
|
+
|
|
15
|
+
/** The provider fee weights for auth (meter → µ$/unit) to merge into the token weight table — $0 today (the cost is infra). */
|
|
16
|
+
export const AUTH_WEIGHTS: Record<string, number> = { "google.oauth": GOOGLE_OAUTH_MICRO_USD };
|