npm - @unifiedcommerce/core - Versions diffs - 0.3.0 → 0.3.1 - Mend

@unifiedcommerce/core 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +28 -4
package/package.json +1 -1
package/src/auth/middleware.ts +34 -4

package/dist/auth/middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAmB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA0B/C,wBAAgB,cAAc,CAC5B,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE,cAAc,GACrB,iBAAiB,~~CA0GnB~~"}
1	+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAmB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA0B/C,wBAAgB,cAAc,CAC5B,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE,cAAc,GACrB,iBAAiB,CAwInB"}

package/dist/auth/middleware.js CHANGED Viewed

@@ -22,10 +22,34 @@ export function authMiddleware(auth, config) {
             headers: c.req.raw.headers,
         }));
         if (session) {
-            // Better Auth's session only stores activeOrganizationId, not the role.
-            // Resolve role via the organization plugin's server-side API when needed.
+            // Better Auth's session stores activeOrganizationId, but often not the role.
+            // For single-store apps (org_default), users may never call set-active,
+            // so activeOrganizationId can be null even for valid org members.
             let role = session.session.activeOrganizationRole;
-            if (!role && session.session.activeOrganizationId && auth.api.getActiveMemberRole) {
+            let orgId = session.session.activeOrganizationId;
+            // If no active org, try to resolve the user's membership in org_default.
+            // This handles the common case where the user is a member but hasn't
+            // called organization/set-active (single-store apps, seed scripts, tests).
+            const getFullOrg = auth.api.getFullOrganization;
+            if (!role && getFullOrg) {
+                try {
+                    const org = await getFullOrg({
+                        query: { organizationId: orgId ?? DEFAULT_ORG_ID },
+                    });
+                    if (org?.members) {
+                        const membership = org.members.find((m) => m.userId === session.user.id);
+                        if (membership) {
+                            role = membership.role;
+                            orgId = orgId ?? DEFAULT_ORG_ID;
+                        }
+                    }
+                }
+                catch {
+                    // fall through — treat as customer
+                }
+            }
+            // Also try getActiveMemberRole if active org is set
+            if (!role && orgId && auth.api.getActiveMemberRole) {
                 try {
                     const roleResult = await auth.api.getActiveMemberRole({
                         headers: c.req.raw.headers,
@@ -46,7 +70,7 @@ export function authMiddleware(auth, config) {
                 email: session.user.email ?? null,
                 name: session.user.name ?? "User",
                 vendorId: session.user.vendorId ?? null,
-                organizationId: session.session.activeOrganizationId ?? null,
+                organizationId: orgId ?? DEFAULT_ORG_ID,
                 role: role ?? "customer",
                 permissions: resolvePermissions(enrichedSession, config),
             });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@unifiedcommerce/core",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "type": "module",
   "exports": {
     ".": {

package/src/auth/middleware.ts CHANGED Viewed

@@ -37,10 +37,39 @@ export function authMiddleware(
     })) as AuthSessionLike | null;
     if (session) {
-      // Better Auth's session only stores activeOrganizationId, not the role.
-      // Resolve role via the organization plugin's server-side API when needed.
+      // Better Auth's session stores activeOrganizationId, but often not the role.
+      // For single-store apps (org_default), users may never call set-active,
+      // so activeOrganizationId can be null even for valid org members.
       let role = session.session.activeOrganizationRole as string | undefined;
-      if (!role && session.session.activeOrganizationId && auth.api.getActiveMemberRole) {
+      let orgId = session.session.activeOrganizationId as string | null;
+      // If no active org, try to resolve the user's membership in org_default.
+      // This handles the common case where the user is a member but hasn't
+      // called organization/set-active (single-store apps, seed scripts, tests).
+      const getFullOrg = auth.api.getFullOrganization as
+        | ((input: { query: { organizationId: string } }) => Promise<unknown>)
+        | undefined;
+      if (!role && getFullOrg) {
+        try {
+          const org = await getFullOrg({
+            query: { organizationId: orgId ?? DEFAULT_ORG_ID },
+          }) as { members?: Array<{ userId: string; role: string }> } | null;
+          if (org?.members) {
+            const membership = org.members.find(
+              (m: { userId: string }) => m.userId === session.user.id,
+            );
+            if (membership) {
+              role = membership.role;
+              orgId = orgId ?? DEFAULT_ORG_ID;
+            }
+          }
+        } catch {
+          // fall through — treat as customer
+        }
+      }
+      // Also try getActiveMemberRole if active org is set
+      if (!role && orgId && auth.api.getActiveMemberRole) {
         try {
           const roleResult = await auth.api.getActiveMemberRole({
             headers: c.req.raw.headers,
@@ -50,6 +79,7 @@ export function authMiddleware(
           // fall through — treat as customer
         }
       }
       const enrichedSession = {
         ...session,
         session: { ...session.session, activeOrganizationRole: role ?? null },
@@ -60,7 +90,7 @@ export function authMiddleware(
         email: session.user.email ?? null,
         name: session.user.name ?? "User",
         vendorId: session.user.vendorId ?? null,
-        organizationId: session.session.activeOrganizationId ?? null,
+        organizationId: orgId ?? DEFAULT_ORG_ID,
         role: role ?? "customer",
         permissions: resolvePermissions(enrichedSession, config),
       } satisfies Actor);