@veloxts/auth 0.6.72 → 0.6.74

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +18 -0
  2. package/dist/types.d.ts +77 -9
  3. package/package.json +5 -5
package/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # @veloxts/auth
2
2
 
3
+ ## 0.6.74
4
+
5
+ ### Patch Changes
6
+
7
+ - docs: fix erroneous file paths and improve auth context documentation
8
+ - Updated dependencies
9
+ - @veloxts/core@0.6.74
10
+ - @veloxts/router@0.6.74
11
+
12
+ ## 0.6.73
13
+
14
+ ### Patch Changes
15
+
16
+ - fix(create): add @veloxts/auth as explicit dependency in auth template
17
+ - Updated dependencies
18
+ - @veloxts/core@0.6.73
19
+ - @veloxts/router@0.6.73
20
+
3
21
  ## 0.6.72
4
22
 
5
23
  ### Patch Changes
package/dist/types.d.ts CHANGED
@@ -22,26 +22,70 @@ export declare class AuthError extends Error {
22
22
  constructor(message: string, statusCode: number, code?: string);
23
23
  }
24
24
  /**
25
- * Base user interface for authenticated requests
25
+ * Base user interface available on `ctx.user` after authentication.
26
26
  *
27
- * Applications should extend this via declaration merging to add
28
- * custom properties without using index signatures:
27
+ * **IMPORTANT:** `ctx.user` is NOT the raw database user. It only contains
28
+ * fields explicitly returned by your `userLoader` function passed to `authPlugin()`.
29
29
  *
30
- * @example
30
+ * ## How ctx.user Gets Populated
31
+ *
32
+ * 1. JWT token is validated from cookie/header
33
+ * 2. User ID is extracted from token payload
34
+ * 3. Your `userLoader(userId)` function is called
35
+ * 4. Only fields returned by `userLoader` are available on `ctx.user`
36
+ *
37
+ * ## Default Fields
38
+ *
39
+ * The scaffolded templates return:
40
+ * - `id`: User's unique identifier
41
+ * - `email`: User's email address
42
+ * - `name`: User's display name
43
+ * - `roles`: Array of role names
44
+ *
45
+ * ## Adding Custom Fields
46
+ *
47
+ * To add fields like `organizationId` to `ctx.user`:
48
+ *
49
+ * 1. Update your `userLoader` to return the field:
50
+ * ```typescript
51
+ * async function userLoader(userId: string) {
52
+ * const user = await db.user.findUnique({ where: { id: userId } });
53
+ * return {
54
+ * id: user.id,
55
+ * email: user.email,
56
+ * organizationId: user.organizationId, // Add field here
57
+ * };
58
+ * }
59
+ * ```
60
+ *
61
+ * 2. Extend this interface via declaration merging:
31
62
  * ```typescript
32
63
  * declare module '@veloxts/auth' {
33
64
  * interface User {
34
- * name?: string;
35
- * avatarUrl?: string;
36
- * tenantId?: string;
65
+ * organizationId: string;
37
66
  * }
38
67
  * }
39
68
  * ```
40
69
  *
70
+ * ## Common Mistake
71
+ *
72
+ * ```typescript
73
+ * // ❌ WRONG - undefined if not returned by userLoader
74
+ * const orgId = ctx.user.organizationId;
75
+ *
76
+ * // ✅ CORRECT - After adding to userLoader
77
+ * const orgId = ctx.user.organizationId;
78
+ *
79
+ * // ✅ ALTERNATIVE - Fetch full user when needed
80
+ * const fullUser = await db.user.findUnique({ where: { id: ctx.user.id } });
81
+ * ```
82
+ *
41
83
  * This approach provides:
42
84
  * - Full type safety (no implicit `unknown` properties)
43
85
  * - Better IDE autocomplete
44
86
  * - Compile-time errors for typos
87
+ *
88
+ * @see userLoader option in authPlugin configuration
45
89
  */
46
90
  export interface User {
47
91
  /** Unique user identifier */
@@ -157,8 +201,32 @@ export interface AuthConfig {
157
201
  /** Rate limiting configuration */
158
202
  rateLimit?: RateLimitConfig;
159
203
  /**
160
- * User loader function - fetches user from database by ID
161
- * Called on every authenticated request to populate ctx.user
204
+ * User loader function - fetches user from database by ID.
205
+ *
206
+ * Called on every authenticated request to populate `ctx.user`.
207
+ *
208
+ * **IMPORTANT:** Only fields you return here will be available on `ctx.user`.
209
+ * The returned object is NOT the raw database user - you control exactly
210
+ * which fields are exposed.
211
+ *
212
+ * @example
213
+ * ```typescript
214
+ * userLoader: async (userId) => {
215
+ * const user = await db.user.findUnique({ where: { id: userId } });
216
+ * if (!user) return null;
217
+ *
218
+ * return {
219
+ * id: user.id,
220
+ * email: user.email,
221
+ * name: user.name,
222
+ * roles: parseUserRoles(user.roles),
223
+ * // Add custom fields here to make them available on ctx.user
224
+ * organizationId: user.organizationId,
225
+ * };
226
+ * }
227
+ * ```
228
+ *
229
+ * @see User interface for extending the type via declaration merging
162
230
  */
163
231
  userLoader?: (userId: string) => Promise<User | null>;
164
232
  /**
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@veloxts/auth",
3
- "version": "0.6.72",
3
+ "version": "0.6.74",
4
4
  "description": "Authentication and authorization system for VeloxTS framework",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -57,8 +57,8 @@
57
57
  "dependencies": {
58
58
  "@fastify/cookie": "11.0.2",
59
59
  "fastify": "5.6.2",
60
- "@veloxts/core": "0.6.72",
61
- "@veloxts/router": "0.6.72"
60
+ "@veloxts/router": "0.6.74",
61
+ "@veloxts/core": "0.6.74"
62
62
  },
63
63
  "peerDependencies": {
64
64
  "argon2": ">=0.30.0",
@@ -82,8 +82,8 @@
82
82
  "fastify-plugin": "5.1.0",
83
83
  "typescript": "5.9.3",
84
84
  "vitest": "4.0.16",
85
- "@veloxts/testing": "0.6.72",
86
- "@veloxts/validation": "0.6.72"
85
+ "@veloxts/testing": "0.6.74",
86
+ "@veloxts/validation": "0.6.74"
87
87
  },
88
88
  "keywords": [
89
89
  "velox",