@terreno/api 0.13.3 → 0.14.1

package/dist/auth.test.js

@@ -99,22 +99,30 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+// biome-ignore-all lint/suspicious/noExplicitAny: test mock typing
 var bun_test_1 = require("bun:test");
 var supertest_1 = __importDefault(require("supertest"));
 var api_1 = require("./api");
 var auth_1 = require("./auth");
 var expressServer_1 = require("./expressServer");
 var permissions_1 = require("./permissions");
+var requestContext_1 = require("./requestContext");
 var tests_1 = require("./tests");
 var transformers_1 = require("./transformers");
 var utils_1 = require("./utils");
+var decodeTokenPayload = function (token) {
+    var encodedPayload = token.split(".")[1];
+    return JSON.parse(Buffer.from(encodedPayload, "base64url").toString("utf8"));
+};
 (0, bun_test_1.describe)("auth tests", function () {
     var app;
     var admin;
+    var contextEvents;
     var notAdmin;
     var agent;
     (0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
         function addRoutes(router) {
+            var _this = this;
             router.use("/food", (0, api_1.modelRouter)(tests_1.FoodModel, {
                 allowAnonymous: true,
                 permissions: {
@@ -141,6 +149,58 @@ var utils_1 = require("./utils");
                     ownerWriteFields: ["name", "calories", "created"],
                 }),
             }));
+            router.use("/context-food", (0, api_1.modelRouter)(tests_1.FoodModel, {
+                permissions: {
+                    create: [permissions_1.Permissions.IsAuthenticated],
+                    delete: [],
+                    list: [],
+                    read: [],
+                    update: [],
+                },
+                postCreate: function (_value, req) { return __awaiter(_this, void 0, void 0, function () {
+                    var _a, _b;
+                    return __generator(this, function (_c) {
+                        contextEvents.push({
+                            currentSessionId: (_a = (0, requestContext_1.getCurrentRequestContext)()) === null || _a === void 0 ? void 0 : _a.sessionId,
+                            requestId: req.requestId,
+                            sessionId: req.sessionId,
+                            stage: "postCreate",
+                            userId: (_b = req.user) === null || _b === void 0 ? void 0 : _b.id,
+                        });
+                        return [2 /*return*/];
+                    });
+                }); },
+                preCreate: function (body, req) {
+                    var _a, _b, _c, _d;
+                    contextEvents.push({
+                        currentSessionId: (_a = (0, requestContext_1.getCurrentRequestContext)()) === null || _a === void 0 ? void 0 : _a.sessionId,
+                        requestId: req.requestId,
+                        sessionId: req.sessionId,
+                        stage: "preCreate",
+                        userId: (_b = req.user) === null || _b === void 0 ? void 0 : _b.id,
+                    });
+                    return __assign(__assign({}, body), { categories: [], eatenBy: [(_c = req.user) === null || _c === void 0 ? void 0 : _c._id], expiration: "2026-01-01", lastEatenWith: {}, likesIds: [], ownerId: (_d = req.user) === null || _d === void 0 ? void 0 : _d._id, source: { name: "context-test" }, tags: [] });
+                },
+                responseHandler: function (value, method, req) { return __awaiter(_this, void 0, void 0, function () {
+                    var _a, _b, _c, _d, _e, _f, _g, _h;
+                    return __generator(this, function (_j) {
+                        contextEvents.push({
+                            currentSessionId: (_a = (0, requestContext_1.getCurrentRequestContext)()) === null || _a === void 0 ? void 0 : _a.sessionId,
+                            requestId: req.requestId,
+                            sessionId: req.sessionId,
+                            stage: "responseHandler:".concat(method),
+                            userId: (_b = req.user) === null || _b === void 0 ? void 0 : _b.id,
+                        });
+                        return [2 /*return*/, {
+                                id: String(value._id),
+                                requestId: (_c = req.requestId) !== null && _c !== void 0 ? _c : null,
+                                sessionContext: (_e = (_d = (0, requestContext_1.getCurrentRequestContext)()) === null || _d === void 0 ? void 0 : _d.sessionId) !== null && _e !== void 0 ? _e : null,
+                                sessionId: (_f = req.sessionId) !== null && _f !== void 0 ? _f : null,
+                                userId: (_h = (_g = req.user) === null || _g === void 0 ? void 0 : _g.id) !== null && _h !== void 0 ? _h : null,
+                            }];
+                    });
+                }); },
+            }));
         }
         var _a;
         return __generator(this, function (_b) {
@@ -152,6 +212,7 @@ var utils_1 = require("./utils");
                     return [4 /*yield*/, (0, tests_1.setupDb)()];
                 case 1:
                     _a = __read.apply(void 0, [_b.sent(), 2]), admin = _a[0], notAdmin = _a[1];
+                    contextEvents = [];
                     return [4 /*yield*/, Promise.all([
                             tests_1.FoodModel.create({
                                 calories: 1,
@@ -346,6 +407,104 @@ var utils_1 = require("./utils");
             }
         });
     }); });
+    (0, bun_test_1.it)("passes request and session context through modelRouter hooks", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var loginRes, loginTokenPayload, createRes, sessionId;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, agent
+                        .post("/auth/login")
+                        .send({ email: "admin@example.com", password: "securePassword" })
+                        .expect(200)];
+                case 1:
+                    loginRes = _a.sent();
+                    loginTokenPayload = decodeTokenPayload(loginRes.body.data.token);
+                    return [4 /*yield*/, agent
+                            .post("/context-food")
+                            .set("authorization", "Bearer ".concat(loginRes.body.data.token))
+                            .set("X-Request-ID", "model-router-request-1")
+                            .send({ calories: 10, name: "Context Apple" })
+                            .expect(201)];
+                case 2:
+                    createRes = _a.sent();
+                    (0, bun_test_1.expect)(loginTokenPayload.sid).toBeDefined();
+                    sessionId = loginTokenPayload.sid;
+                    if (!sessionId) {
+                        throw new Error("Expected login token to include a session id");
+                    }
+                    (0, bun_test_1.expect)(createRes.headers["x-request-id"]).toBe("model-router-request-1");
+                    (0, bun_test_1.expect)(createRes.headers["x-session-id"]).toBe(sessionId);
+                    (0, bun_test_1.expect)(createRes.body.data.requestId).toBe("model-router-request-1");
+                    (0, bun_test_1.expect)(createRes.body.data.sessionId).toBe(sessionId);
+                    (0, bun_test_1.expect)(createRes.body.data.sessionContext).toBe(sessionId);
+                    (0, bun_test_1.expect)(createRes.body.data.userId).toBe(String(admin._id));
+                    (0, bun_test_1.expect)(contextEvents).toEqual([
+                        {
+                            currentSessionId: sessionId,
+                            requestId: "model-router-request-1",
+                            sessionId: sessionId,
+                            stage: "preCreate",
+                            userId: String(admin._id),
+                        },
+                        {
+                            currentSessionId: sessionId,
+                            requestId: "model-router-request-1",
+                            sessionId: sessionId,
+                            stage: "postCreate",
+                            userId: String(admin._id),
+                        },
+                        {
+                            currentSessionId: sessionId,
+                            requestId: "model-router-request-1",
+                            sessionId: sessionId,
+                            stage: "responseHandler:create",
+                            userId: String(admin._id),
+                        },
+                    ]);
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("preserves JWT session id across refresh and request context", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var loginRes, loginTokenPayload, loginRefreshPayload, loginSessionId, refreshRes, refreshedTokenPayload, refreshedRefreshPayload, foodRes;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, agent
+                        .post("/auth/login")
+                        .send({ email: "admin@example.com", password: "securePassword" })
+                        .expect(200)];
+                case 1:
+                    loginRes = _a.sent();
+                    loginTokenPayload = decodeTokenPayload(loginRes.body.data.token);
+                    loginRefreshPayload = decodeTokenPayload(loginRes.body.data.refreshToken);
+                    (0, bun_test_1.expect)(loginTokenPayload.sid).toBeDefined();
+                    loginSessionId = loginTokenPayload.sid;
+                    if (!loginSessionId) {
+                        throw new Error("Expected login token to include a session id");
+                    }
+                    (0, bun_test_1.expect)(loginRefreshPayload.sid).toBe(loginSessionId);
+                    (0, bun_test_1.expect)(loginRes.headers["x-session-id"]).toBe(loginSessionId);
+                    return [4 /*yield*/, agent
+                            .post("/auth/refresh_token")
+                            .send({ refreshToken: loginRes.body.data.refreshToken })
+                            .expect(200)];
+                case 2:
+                    refreshRes = _a.sent();
+                    refreshedTokenPayload = decodeTokenPayload(refreshRes.body.data.token);
+                    refreshedRefreshPayload = decodeTokenPayload(refreshRes.body.data.refreshToken);
+                    (0, bun_test_1.expect)(refreshedTokenPayload.sid).toBe(loginSessionId);
+                    (0, bun_test_1.expect)(refreshedRefreshPayload.sid).toBe(loginSessionId);
+                    (0, bun_test_1.expect)(refreshRes.headers["x-session-id"]).toBe(loginSessionId);
+                    return [4 /*yield*/, agent
+                            .get("/food")
+                            .set("authorization", "Bearer ".concat(refreshRes.body.data.token))
+                            .expect(200)];
+                case 3:
+                    foodRes = _a.sent();
+                    (0, bun_test_1.expect)(foodRes.headers["x-session-id"]).toBe(loginSessionId);
+                    return [2 /*return*/];
+            }
+        });
+    }); });
     (0, bun_test_1.it)("completes token login e2e", function () { return __awaiter(void 0, void 0, void 0, function () {
         var res, _a, userId, token, meRes, mePatchRes, getRes, food, updateRes;
         return __generator(this, function (_b) {

package/dist/betterAuthApp.test.js

@@ -83,6 +83,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+// biome-ignore-all lint/suspicious/noExplicitAny: test mock typing
 var bun_test_1 = require("bun:test");
 var express_1 = __importDefault(require("express"));
 var mongodb_memory_server_1 = require("mongodb-memory-server");

package/dist/betterAuthSetup.d.ts

@@ -15,9 +15,12 @@ export type BetterAuthInstance = ReturnType<typeof betterAuth>;
 /**
  * Options for creating a Better Auth instance.
  */
+export interface MongoClientLike {
+    db: () => any;
+}
 export interface CreateBetterAuthOptions {
     config: BetterAuthConfig;
-    mongoClient: any;
+    mongoClient: MongoClientLike;
     userModel?: UserModel;
 }
 /**
@@ -29,10 +32,6 @@ export declare const createBetterAuth: (options: CreateBetterAuthOptions) => Bet
  * and populates req.user with the application User model.
  */
 export declare const createBetterAuthSessionMiddleware: (auth: BetterAuthInstance, userModel?: UserModel) => (req: Request, _res: Response, next: NextFunction) => Promise<void>;
-/**
- * Syncs a Better Auth user to the application User model.
- * Creates or updates the user as needed.
- */
 export declare const syncBetterAuthUser: (userModel: UserModel, betterAuthUser: BetterAuthUser, oauthProvider?: string) => Promise<any>;
 /**
  * Mounts Better Auth routes on the Express app.
@@ -41,7 +40,7 @@ export declare const mountBetterAuthRoutes: (app: Application, auth: BetterAuthI
 /**
  * Gets the MongoDB client from the mongoose connection.
  */
-export declare const getMongoClientFromMongoose: () => any;
+export declare const getMongoClientFromMongoose: () => MongoClientLike;
 /**
  * Sets up Better Auth user sync hooks.
  * This ensures users created/updated in Better Auth are synced to the application User model.

package/dist/betterAuthSetup.js

@@ -61,8 +61,10 @@ var better_auth_1 = require("better-auth");
 var mongodb_1 = require("better-auth/adapters/mongodb");
 var node_1 = require("better-auth/node");
 var mongoose_1 = __importDefault(require("mongoose"));
+var errors_1 = require("./errors");
 var logger_1 = require("./logger");
 var plugins_1 = require("./plugins");
+var requestContext_1 = require("./requestContext");
 /**
  * Creates a Better Auth instance with MongoDB adapter.
  */
@@ -71,11 +73,17 @@ var createBetterAuth = function (options) {
     var config = options.config, mongoClient = options.mongoClient;
     var secret = config.secret || process.env.BETTER_AUTH_SECRET;
     if (!secret) {
-        throw new Error("BETTER_AUTH_SECRET must be set in env or config.secret must be provided.");
+        throw new errors_1.APIError({
+            status: 500,
+            title: "BETTER_AUTH_SECRET must be set in env or config.secret must be provided.",
+        });
     }
     var baseURL = config.baseURL || process.env.BETTER_AUTH_URL;
     if (!baseURL) {
-        throw new Error("BETTER_AUTH_URL must be set in env or config.baseURL must be provided.");
+        throw new errors_1.APIError({
+            status: 500,
+            title: "BETTER_AUTH_URL must be set in env or config.baseURL must be provided.",
+        });
     }
     var basePath = (_a = config.basePath) !== null && _a !== void 0 ? _a : "/api/auth";
     var socialProviders = {};
@@ -123,7 +131,7 @@ exports.createBetterAuth = createBetterAuth;
  */
 var createBetterAuthSessionMiddleware = function (auth, userModel) {
     return function (req, _res, next) { return __awaiter(void 0, void 0, void 0, function () {
-        var session, betterAuthUser, appUser, newUser, error_1;
+        var session, betterAuthUser, reqWithSession, appUser, newUser, error_1;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -135,6 +143,7 @@ var createBetterAuthSessionMiddleware = function (auth, userModel) {
                     session = _a.sent();
                     if (!((session === null || session === void 0 ? void 0 : session.user) && (session === null || session === void 0 ? void 0 : session.session))) return [3 /*break*/, 7];
                     betterAuthUser = session.user;
+                    reqWithSession = req;
                     if (!userModel) return [3 /*break*/, 6];
                     return [4 /*yield*/, (0, plugins_1.findOneOrNoneFor)(userModel, {
                             betterAuthId: betterAuthUser.id,
@@ -142,19 +151,21 @@ var createBetterAuthSessionMiddleware = function (auth, userModel) {
                 case 2:
                     appUser = _a.sent();
                     if (!appUser) return [3 /*break*/, 3];
-                    req.user = appUser;
-                    req.betterAuthSession = session;
+                    reqWithSession.user = appUser;
+                    reqWithSession.betterAuthSession = session;
+                    (0, requestContext_1.updateRequestContextFromRequest)(req);
                     return [3 /*break*/, 5];
                 case 3: return [4 /*yield*/, (0, exports.syncBetterAuthUser)(userModel, betterAuthUser)];
                 case 4:
                     newUser = _a.sent();
-                    req.user = newUser;
-                    req.betterAuthSession = session;
+                    reqWithSession.user = newUser;
+                    reqWithSession.betterAuthSession = session;
+                    (0, requestContext_1.updateRequestContextFromRequest)(req);
                     _a.label = 5;
                 case 5: return [3 /*break*/, 7];
                 case 6:
                     // No user model - just attach the Better Auth user directly
-                    req.user = {
+                    reqWithSession.user = {
                         _id: betterAuthUser.id,
                         admin: false,
                         betterAuthId: betterAuthUser.id,
@@ -162,7 +173,8 @@ var createBetterAuthSessionMiddleware = function (auth, userModel) {
                         id: betterAuthUser.id,
                         name: betterAuthUser.name,
                     };
-                    req.betterAuthSession = session;
+                    reqWithSession.betterAuthSession = session;
+                    (0, requestContext_1.updateRequestContextFromRequest)(req);
                     _a.label = 7;
                 case 7:
                     next();
@@ -178,11 +190,9 @@ var createBetterAuthSessionMiddleware = function (auth, userModel) {
     }); };
 };
 exports.createBetterAuthSessionMiddleware = createBetterAuthSessionMiddleware;
-/**
- * Syncs a Better Auth user to the application User model.
- * Creates or updates the user as needed.
- */
-var syncBetterAuthUser = function (userModel, betterAuthUser, oauthProvider) { return __awaiter(void 0, void 0, void 0, function () {
+var syncBetterAuthUser = function (userModel, betterAuthUser, oauthProvider
+// biome-ignore lint/suspicious/noExplicitAny: return is a consumer-defined user document; tests inspect varied fields
+) { return __awaiter(void 0, void 0, void 0, function () {
     var existingUser, userByEmail, useAsId, newUser, error_2;
     return __generator(this, function (_a) {
         switch (_a.label) {
@@ -192,7 +202,7 @@ var syncBetterAuthUser = function (userModel, betterAuthUser, oauthProvider) { r
                         betterAuthId: betterAuthUser.id,
                     })];
             case 1:
-                existingUser = _a.sent();
+                existingUser = (_a.sent());
                 if (!existingUser) return [3 /*break*/, 3];
                 // Update existing user if needed
                 existingUser.email = betterAuthUser.email;
@@ -207,7 +217,7 @@ var syncBetterAuthUser = function (userModel, betterAuthUser, oauthProvider) { r
                     email: betterAuthUser.email,
                 })];
             case 4:
-                userByEmail = _a.sent();
+                userByEmail = (_a.sent());
                 if (!userByEmail) return [3 /*break*/, 6];
                 // Link existing user to Better Auth
                 userByEmail.betterAuthId = betterAuthUser.id;
@@ -255,7 +265,10 @@ var getMongoClientFromMongoose = function () {
     var connection = mongoose_1.default.connection;
     var client = connection.client;
     if (!client) {
-        throw new Error("Mongoose is not connected. Ensure MongoDB connection is established first.");
+        throw new errors_1.APIError({
+            status: 500,
+            title: "Mongoose is not connected. Ensure MongoDB connection is established first.",
+        });
     }
     return client;
 };

package/dist/betterAuthSetup.test.js

@@ -83,6 +83,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+// biome-ignore-all lint/suspicious/noExplicitAny: test mock typing
 var bun_test_1 = require("bun:test");
 var express_1 = __importDefault(require("express"));
 var mongodb_memory_server_1 = require("mongodb-memory-server");

package/dist/config.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Runtime configuration registry with a fixed resolution order:
+ *
+ *   1. In-process override (Config.setOverride) — highest, for tests/bootstrap
+ *   2. Cached env map — typically loaded from an admin-editable Mongoose document
+ *   3. process.env
+ *   4. Registered default
+ *
+ * Why a registry: every key migrating off raw `process.env` declares its type
+ * and default in one place. That keeps the admin UI honest (no surprise keys),
+ * gives synchronous access without scattered `?? "default"` literals at call
+ * sites, and lets tests assert behavior against a single source of truth.
+ *
+ * Why sync: hundreds of call sites read configuration during request handling
+ * and module init; an async API would force enormous refactors. Callers load
+ * the env map once via `Config.refresh()` after Mongo connects, then read
+ * synchronously from cache.
+ *
+ * The mechanism is agnostic to where the env map comes from. Apps wire up
+ * their backing store with `Config.setEnvLoader(fn)`. The optional
+ * `envConfigurationPlugin` provides a drop-in Mongoose schema integration.
+ */
+export interface ConfigRegistration {
+    /** Default returned when neither override, cache, nor process.env supplies a value. */
+    default?: string;
+    /** Documentation surfaced in the admin UI. */
+    description?: string;
+    /** Marks the key as a secret so admin UI can mask the value. */
+    secret?: boolean;
+}
+export declare const Config: {
+    clearOverrides: () => void;
+    clearRegistryForTesting: () => void;
+    get: (key: string) => string | undefined;
+    getBoolean: (key: string) => boolean;
+    getDefault: (key: string) => string | undefined;
+    getJSON: <T = unknown>(key: string) => T | undefined;
+    getNumber: (key: string) => number | undefined;
+    getRegisteredKeys: () => string[];
+    getRegistration: (key: string) => ConfigRegistration | undefined;
+    isRegistered: (key: string) => boolean;
+    refresh: () => Promise<void>;
+    register: (key: string, registration?: ConfigRegistration) => void;
+    setCachedEnv: (env: Record<string, string> | null) => void;
+    setEnvLoader: (loader: (() => Promise<Record<string, string>>) | null) => void;
+    setOverride: (key: string, value: string | undefined) => void;
+};
+export type ConfigType = typeof Config;