@sveltebase/auth 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +42 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -197,6 +197,47 @@ export const handlers = [
|
|
|
197
197
|
];
|
|
198
198
|
```
|
|
199
199
|
|
|
200
|
+
`createAuthSync` registers and protects the `"users"` sync channel. It verifies the session token when the client subscribes to that channel and can call your `verifyUser` hook to check the database.
|
|
201
|
+
|
|
202
|
+
To make the verified user object available to every other sync handler, resolve connection auth in your `/api/sync` WebSocket upgrade route.
|
|
203
|
+
|
|
204
|
+
Recommended SvelteKit setup:
|
|
205
|
+
|
|
206
|
+
```typescript
|
|
207
|
+
// src/routes/api/sync/+server.ts
|
|
208
|
+
import { JWT_SECRET } from "$env/static/private";
|
|
209
|
+
import { getVerifiedUserFromRequest } from "@sveltebase/auth";
|
|
210
|
+
import { handleUpgrade } from "@sveltebase/sync";
|
|
211
|
+
import type { User } from "$lib/server/db/schema";
|
|
212
|
+
import type { RequestEvent, RequestHandler } from "@sveltejs/kit";
|
|
213
|
+
|
|
214
|
+
export const GET: RequestHandler = async (event: RequestEvent) => {
|
|
215
|
+
return handleUpgrade(event.request, event.platform, {
|
|
216
|
+
auth: async (request) => {
|
|
217
|
+
const user = await getVerifiedUserFromRequest<User>(
|
|
218
|
+
request,
|
|
219
|
+
JWT_SECRET
|
|
220
|
+
);
|
|
221
|
+
|
|
222
|
+
return user ? { user } : null;
|
|
223
|
+
},
|
|
224
|
+
identity: (auth) => auth.user.id,
|
|
225
|
+
allowUnauthenticated: false
|
|
226
|
+
});
|
|
227
|
+
};
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
After this, other sync handlers can use `ctx.auth.user` for row ownership checks. The `identity` option gives `@sveltebase/sync` a stable user ID for `scope` filtering:
|
|
231
|
+
|
|
232
|
+
```typescript
|
|
233
|
+
fetch: async (ctx) => {
|
|
234
|
+
const user = ctx.auth?.user;
|
|
235
|
+
if (!user) return [];
|
|
236
|
+
|
|
237
|
+
return db.select().from(todos).where(eq(todos.userId, user.id));
|
|
238
|
+
}
|
|
239
|
+
```
|
|
240
|
+
|
|
200
241
|
---
|
|
201
242
|
|
|
202
243
|
## 6. API Reference
|
|
@@ -228,7 +269,7 @@ export const handlers = [
|
|
|
228
269
|
### Sync Server Handler (`@sveltebase/auth/server`)
|
|
229
270
|
|
|
230
271
|
* **`createAuthSync(config: SyncAuthConfig)`**
|
|
231
|
-
Establishes the
|
|
272
|
+
Establishes the `"users"` sync channel and verifies WebSocket subscriptions for auth state. For unrelated sync channels, use `handleUpgrade(..., { auth, identity })` in your `/api/sync` route to populate `ctx.auth`.
|
|
232
273
|
|
|
233
274
|
---
|
|
234
275
|
|