@unifiedcommerce/core 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/auth/middleware.d.ts.map +1 -1
  2. package/dist/auth/middleware.js +27 -4
  3. package/dist/auth/setup.d.ts +27 -1
  4. package/dist/auth/setup.d.ts.map +1 -1
  5. package/dist/interfaces/mcp/tools/analytics.d.ts +1 -1
  6. package/package.json +1 -1
  7. package/src/auth/middleware.ts +31 -4
  8. package/src/auth/setup.ts +23 -1
package/dist/auth/middleware.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAmB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA0B/C,wBAAgB,cAAc,CAC5B,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE,cAAc,GACrB,iBAAiB,CA0GnB"}
1
+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAmB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA0B/C,wBAAgB,cAAc,CAC5B,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE,cAAc,GACrB,iBAAiB,CAqInB"}
package/dist/auth/middleware.js CHANGED
@@ -22,10 +22,33 @@ export function authMiddleware(auth, config) {
22
22
  headers: c.req.raw.headers,
23
23
  }));
24
24
  if (session) {
25
- // Better Auth's session only stores activeOrganizationId, not the role.
26
- // Resolve role via the organization plugin's server-side API when needed.
25
+ // Better Auth's session stores activeOrganizationId, but often not the role.
26
+ // For single-store apps (org_default), users may never call set-active,
27
+ // so activeOrganizationId can be null even for valid org members.
27
28
  let role = session.session.activeOrganizationRole;
28
- if (!role && session.session.activeOrganizationId && auth.api.getActiveMemberRole) {
29
+ let orgId = session.session.activeOrganizationId;
30
+ // If no active org, try to resolve the user's membership in org_default.
31
+ // This handles the common case where the user is a member but hasn't
32
+ // called organization/set-active (single-store apps, seed scripts, tests).
33
+ if (!role && auth.api.getFullOrganization) {
34
+ try {
35
+ const org = await auth.api.getFullOrganization({
36
+ query: { organizationId: orgId ?? DEFAULT_ORG_ID },
37
+ });
38
+ if (org?.members) {
39
+ const membership = org.members.find((m) => m.userId === session.user.id);
40
+ if (membership) {
41
+ role = membership.role;
42
+ orgId = orgId ?? DEFAULT_ORG_ID;
43
+ }
44
+ }
45
+ }
46
+ catch {
47
+ // fall through — treat as customer
48
+ }
49
+ }
50
+ // Also try getActiveMemberRole if active org is set
51
+ if (!role && orgId && auth.api.getActiveMemberRole) {
29
52
  try {
30
53
  const roleResult = await auth.api.getActiveMemberRole({
31
54
  headers: c.req.raw.headers,
@@ -46,7 +69,7 @@ export function authMiddleware(auth, config) {
46
69
  email: session.user.email ?? null,
47
70
  name: session.user.name ?? "User",
48
71
  vendorId: session.user.vendorId ?? null,
49
- organizationId: session.session.activeOrganizationId ?? null,
72
+ organizationId: orgId ?? DEFAULT_ORG_ID,
50
73
  role: role ?? "customer",
51
74
  permissions: resolvePermissions(enrichedSession, config),
52
75
  });
package/dist/auth/setup.d.ts CHANGED
@@ -1,5 +1,13 @@
1
1
  import type { CommerceConfig } from "../config/types.js";
2
2
  import type { DatabaseAdapter } from "../kernel/database/adapter.js";
3
+ /** Member shape returned by Better Auth's organization plugin */
4
+ export interface OrgMember {
5
+ id: string;
6
+ userId: string;
7
+ organizationId: string;
8
+ role: string;
9
+ createdAt: string;
10
+ }
3
11
  export interface AuthInstance {
4
12
  handler(request: Request): Promise<Response>;
5
13
  api: {
@@ -8,7 +16,23 @@ export interface AuthInstance {
8
16
  }): Promise<unknown>;
9
17
  getActiveMemberRole?: (input: {
10
18
  headers: Headers;
11
- }) => Promise<unknown>;
19
+ }) => Promise<{
20
+ role: string;
21
+ } | null>;
22
+ getFullOrganization?: (input: {
23
+ query: {
24
+ organizationId: string;
25
+ };
26
+ }) => Promise<{
27
+ id: string;
28
+ name: string;
29
+ members: OrgMember[];
30
+ } | null>;
31
+ listMembers?: (input: {
32
+ query: {
33
+ organizationId: string;
34
+ };
35
+ }) => Promise<OrgMember[]>;
12
36
  verifyApiKey?: (input: {
13
37
  body: {
14
38
  key: string;
@@ -24,9 +48,11 @@ export interface AuthInstance {
24
48
  }>;
25
49
  createApiKey?: (input: {
26
50
  body: {
51
+ configId?: string;
27
52
  name?: string;
28
53
  permissions?: Record<string, string[]>;
29
54
  userId?: string;
55
+ organizationId?: string;
30
56
  };
31
57
  headers?: Headers;
32
58
  }) => Promise<{
package/dist/auth/setup.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/auth/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAgCrE,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,EAAE;QACH,UAAU,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;QACxE,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;aAAE,CAAC;SAC/D,KAAK,OAAO,CAAC;YACZ,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,GAAG,IAAI,CAAC;YAChD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;SACrC,CAAC,CAAC;QACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBACJ,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACvC,MAAM,CAAC,EAAE,MAAM,CAAC;aACjB,CAAC;YACF,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,KAAK,OAAO,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC3C,qEAAqE;QACrE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B;AAED,wBAAgB,UAAU,CACxB,EAAE,EAAE,eAAe,EACnB,MAAM,EAAE,cAAc,GACrB,YAAY,CAuHd"}
1
+ {"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/auth/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAgCrE,iEAAiE;AACjE,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,EAAE;QACH,UAAU,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAG1D,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC,CAAC;QACxF,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,KAAK,EAAE;gBAAE,cAAc,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,KAAK,OAAO,CAAC;YAC9E,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,SAAS,EAAE,CAAC;SACtB,GAAG,IAAI,CAAC,CAAC;QACV,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,KAAK,EAAE;gBAAE,cAAc,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAGrF,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;aAAE,CAAC;SAC/D,KAAK,OAAO,CAAC;YACZ,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,GAAG,IAAI,CAAC;YAChD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;SACrC,CAAC,CAAC;QACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBACJ,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAClB,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACvC,MAAM,CAAC,EAAE,MAAM,CAAC;gBAChB,cAAc,CAAC,EAAE,MAAM,CAAC;aACzB,CAAC;YACF,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,KAAK,OAAO,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAE3C,qEAAqE;QACrE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B;AAED,wBAAgB,UAAU,CACxB,EAAE,EAAE,eAAe,EACnB,MAAM,EAAE,cAAc,GACrB,YAAY,CAuHd"}
package/dist/interfaces/mcp/tools/analytics.d.ts CHANGED
@@ -6,9 +6,9 @@ export declare const analyticsQuery: ToolDefinition<z.ZodObject<{
6
6
  timeDimensions: z.ZodOptional<z.ZodArray<z.ZodObject<{
7
7
  dimension: z.ZodString;
8
8
  granularity: z.ZodOptional<z.ZodEnum<{
9
- month: "month";
10
9
  day: "day";
11
10
  week: "week";
11
+ month: "month";
12
12
  year: "year";
13
13
  }>>;
14
14
  dateRange: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodTuple<[z.ZodString, z.ZodString], null>]>>;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@unifiedcommerce/core",
3
- "version": "0.3.0",
3
+ "version": "0.3.2",
4
4
  "type": "module",
5
5
  "exports": {
6
6
  ".": {
package/src/auth/middleware.ts CHANGED
@@ -37,10 +37,36 @@ export function authMiddleware(
37
37
  })) as AuthSessionLike | null;
38
38
 
39
39
  if (session) {
40
- // Better Auth's session only stores activeOrganizationId, not the role.
41
- // Resolve role via the organization plugin's server-side API when needed.
40
+ // Better Auth's session stores activeOrganizationId, but often not the role.
41
+ // For single-store apps (org_default), users may never call set-active,
42
+ // so activeOrganizationId can be null even for valid org members.
42
43
  let role = session.session.activeOrganizationRole as string | undefined;
43
- if (!role && session.session.activeOrganizationId && auth.api.getActiveMemberRole) {
44
+ let orgId = session.session.activeOrganizationId as string | null;
45
+
46
+ // If no active org, try to resolve the user's membership in org_default.
47
+ // This handles the common case where the user is a member but hasn't
48
+ // called organization/set-active (single-store apps, seed scripts, tests).
49
+ if (!role && auth.api.getFullOrganization) {
50
+ try {
51
+ const org = await auth.api.getFullOrganization({
52
+ query: { organizationId: orgId ?? DEFAULT_ORG_ID },
53
+ });
54
+ if (org?.members) {
55
+ const membership = org.members.find(
56
+ (m) => m.userId === session.user.id,
57
+ );
58
+ if (membership) {
59
+ role = membership.role;
60
+ orgId = orgId ?? DEFAULT_ORG_ID;
61
+ }
62
+ }
63
+ } catch {
64
+ // fall through — treat as customer
65
+ }
66
+ }
67
+
68
+ // Also try getActiveMemberRole if active org is set
69
+ if (!role && orgId && auth.api.getActiveMemberRole) {
44
70
  try {
45
71
  const roleResult = await auth.api.getActiveMemberRole({
46
72
  headers: c.req.raw.headers,
@@ -50,6 +76,7 @@ export function authMiddleware(
50
76
  // fall through — treat as customer
51
77
  }
52
78
  }
79
+
53
80
  const enrichedSession = {
54
81
  ...session,
55
82
  session: { ...session.session, activeOrganizationRole: role ?? null },
@@ -60,7 +87,7 @@ export function authMiddleware(
60
87
  email: session.user.email ?? null,
61
88
  name: session.user.name ?? "User",
62
89
  vendorId: session.user.vendorId ?? null,
63
- organizationId: session.session.activeOrganizationId ?? null,
90
+ organizationId: orgId ?? DEFAULT_ORG_ID,
64
91
  role: role ?? "customer",
65
92
  permissions: resolvePermissions(enrichedSession, config),
66
93
  } satisfies Actor);
package/src/auth/setup.ts CHANGED
@@ -36,11 +36,30 @@ interface AuthEmailPayload {
36
36
  url: string;
37
37
  }
38
38
 
39
+ /** Member shape returned by Better Auth's organization plugin */
40
+ export interface OrgMember {
41
+ id: string;
42
+ userId: string;
43
+ organizationId: string;
44
+ role: string;
45
+ createdAt: string;
46
+ }
47
+
39
48
  export interface AuthInstance {
40
49
  handler(request: Request): Promise<Response>;
41
50
  api: {
42
51
  getSession(input: { headers: Headers }): Promise<unknown>;
43
- getActiveMemberRole?: (input: { headers: Headers }) => Promise<unknown>;
52
+
53
+ // Organization plugin methods
54
+ getActiveMemberRole?: (input: { headers: Headers }) => Promise<{ role: string } | null>;
55
+ getFullOrganization?: (input: { query: { organizationId: string } }) => Promise<{
56
+ id: string;
57
+ name: string;
58
+ members: OrgMember[];
59
+ } | null>;
60
+ listMembers?: (input: { query: { organizationId: string } }) => Promise<OrgMember[]>;
61
+
62
+ // API key plugin methods
44
63
  verifyApiKey?: (input: {
45
64
  body: { key: string; permissions?: Record<string, string[]> };
46
65
  }) => Promise<{
@@ -50,12 +69,15 @@ export interface AuthInstance {
50
69
  }>;
51
70
  createApiKey?: (input: {
52
71
  body: {
72
+ configId?: string;
53
73
  name?: string;
54
74
  permissions?: Record<string, string[]>;
55
75
  userId?: string;
76
+ organizationId?: string;
56
77
  };
57
78
  headers?: Headers;
58
79
  }) => Promise<{ key: string; id: string }>;
80
+
59
81
  /** Allow access to other Better Auth API methods added by plugins */
60
82
  [key: string]: unknown;
61
83
  };