npm - @veloxts/auth - Versions diffs - 0.6.83 → 0.6.84 - Mend

@veloxts/auth 0.6.83 → 0.6.84

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,14 @@
 # @veloxts/auth
+## 0.6.84
+### Patch Changes
+- - auth: add simplified guard() function with overloads + fluent builder
+- Updated dependencies
+  - @veloxts/core@0.6.84
+  - @veloxts/router@0.6.84
 ## 0.6.83
 ### Patch Changes

package/dist/guards.d.ts CHANGED Viewed

@@ -18,13 +18,83 @@ import type { AuthContext, GuardDefinition, GuardFunction, User } from './types.
  */
 export declare function defineGuard<TContext = unknown>(definition: GuardDefinition<TContext>): GuardDefinition<TContext>;
 /**
- * Creates a simple guard from a check function
+ * Fluent guard builder for progressive configuration
  *
+ * Allows building guards step-by-step with method chaining.
+ * The builder is compatible with GuardLike, so it can be used
+ * directly with `.guard()` on procedures.
+ *
+ * **Note**: This builder uses mutable internal state. Each method
+ * modifies the builder and returns the same instance. See
+ * `createGuardBuilder` for usage patterns and caveats.
+ */
+export interface GuardBuilder<TContext> {
+    /** Guard name for error messages (read-only, set via named()) */
+    readonly name: string;
+    /** Guard check function (read-only) */
+    readonly check: GuardFunction<TContext>;
+    /** Custom error message (read-only, set via msg()) */
+    readonly message: string | undefined;
+    /** HTTP status code on failure (read-only, set via status()) */
+    readonly statusCode: number;
+    /** Set a descriptive name (used in error messages and debugging) */
+    named(name: string): GuardBuilder<TContext>;
+    /** Set custom error message shown when guard fails */
+    msg(message: string): GuardBuilder<TContext>;
+    /** Set HTTP status code returned when guard fails (default: 403) */
+    status(code: number): GuardBuilder<TContext>;
+}
+/**
+ * Resets the guard counter to zero.
+ *
+ * This is intended for testing purposes only to ensure deterministic
+ * guard naming across test runs. Should not be used in production code.
+ *
+ * @internal
  * @example
  * ```typescript
+ * import { _resetGuardCounter } from '@veloxts/auth';
+ *
+ * beforeEach(() => {
+ *   _resetGuardCounter();
+ * });
+ * ```
+ */
+export declare function _resetGuardCounter(): void;
+/**
+ * Creates a guard with simplified syntax
+ *
+ * Supports three usage patterns with progressive disclosure:
+ *
+ * @example Simple check function (returns builder for configuration)
+ * ```typescript
+ * const isVerified = guard((ctx) => ctx.user?.emailVerified === true)
+ *   .msg('Email verification required');
+ * ```
+ *
+ * @example Check with message (most common - auto-generates name)
+ * ```typescript
+ * const isVerified = guard(
+ *   (ctx) => ctx.user?.emailVerified === true,
+ *   'Email verification required'
+ * );
+ * ```
+ *
+ * @example Named guard (explicit name for debugging)
+ * ```typescript
  * const isActive = guard('isActive', (ctx) => ctx.user?.status === 'active');
  * ```
+ *
+ * @example Full fluent configuration
+ * ```typescript
+ * const isPremium = guard((ctx) => ctx.user?.subscription === 'premium')
+ *   .named('isPremium')
+ *   .msg('Premium subscription required')
+ *   .status(402);
+ * ```
  */
+export declare function guard<TContext = unknown>(check: GuardFunction<TContext>): GuardBuilder<TContext>;
+export declare function guard<TContext = unknown>(check: GuardFunction<TContext>, message: string): GuardDefinition<TContext>;
 export declare function guard<TContext = unknown>(name: string, check: GuardFunction<TContext>): GuardDefinition<TContext>;
 /**
  * Guard that requires authentication

package/dist/guards.js CHANGED Viewed

@@ -24,15 +24,131 @@ export function defineGuard(definition) {
     };
 }
 /**
- * Creates a simple guard from a check function
+ * Counter for generating unique guard names when not provided
+ * @internal
+ */
+let guardCounter = 0;
+/**
+ * Resets the guard counter to zero.
+ *
+ * This is intended for testing purposes only to ensure deterministic
+ * guard naming across test runs. Should not be used in production code.
  *
+ * @internal
  * @example
  * ```typescript
- * const isActive = guard('isActive', (ctx) => ctx.user?.status === 'active');
+ * import { _resetGuardCounter } from '@veloxts/auth';
+ *
+ * beforeEach(() => {
+ *   _resetGuardCounter();
+ * });
+ * ```
+ */
+export function _resetGuardCounter() {
+    guardCounter = 0;
+}
+/**
+ * Attempts to infer a meaningful name from a guard check function
+ * @internal
+ */
+function inferGuardName(check) {
+    // Try to use function name if it exists and isn't generic
+    if (check.name && check.name !== 'check' && check.name !== 'anonymous') {
+        return check.name;
+    }
+    // Fall back to generated name
+    return `guard_${++guardCounter}`;
+}
+/**
+ * Creates a guard builder instance.
+ *
+ * The builder uses **mutable internal state** with method chaining that returns
+ * the same instance. This is intentional for performance and API simplicity:
+ *
+ * ```typescript
+ * // Each method mutates the builder and returns `this`
+ * const myGuard = guard((ctx) => ctx.user?.active)
+ *   .named('isActive')      // Mutates name, returns same builder
+ *   .msg('User inactive')   // Mutates message, returns same builder
+ *   .status(403);           // Mutates statusCode, returns same builder
+ *
+ * // The builder IS the guard definition (implements GuardLike)
+ * // No need to call .build() - use directly with .guard()
+ * ```
+ *
+ * **Important**: Because the builder mutates, avoid patterns like:
+ * ```typescript
+ * // DON'T do this - both variables reference the same mutable builder
+ * const base = guard((ctx) => ctx.user != null);
+ * const withMsg = base.msg('Auth required');
+ * const withOtherMsg = base.msg('Login needed'); // Overwrites previous msg!
+ * ```
+ *
+ * If you need variations, create separate guards:
+ * ```typescript
+ * const authRequired = guard((ctx) => ctx.user != null, 'Auth required');
+ * const loginNeeded = guard((ctx) => ctx.user != null, 'Login needed');
  * ```
+ *
+ * @internal
  */
-export function guard(name, check) {
-    return defineGuard({ name, check });
+function createGuardBuilder(check, initialName) {
+    // Mutable internal state - intentionally not exposed directly
+    let guardName = initialName;
+    let guardMessage;
+    let guardStatusCode = 403;
+    const builder = {
+        // GuardLike compatible properties (getters for current values)
+        get name() {
+            return guardName;
+        },
+        get check() {
+            return check;
+        },
+        get message() {
+            return guardMessage;
+        },
+        get statusCode() {
+            return guardStatusCode;
+        },
+        // Builder methods (return self for chaining)
+        named(name) {
+            guardName = name;
+            return builder;
+        },
+        msg(message) {
+            guardMessage = message;
+            return builder;
+        },
+        status(code) {
+            guardStatusCode = code;
+            return builder;
+        },
+    };
+    return builder;
+}
+// Implementation
+export function guard(nameOrCheck, checkOrMessage) {
+    // Overload 3: Legacy (name, check)
+    if (typeof nameOrCheck === 'string' && typeof checkOrMessage === 'function') {
+        return defineGuard({ name: nameOrCheck, check: checkOrMessage });
+    }
+    // Overloads 1 & 2: (check) or (check, message)
+    if (typeof nameOrCheck === 'function') {
+        const check = nameOrCheck;
+        const message = typeof checkOrMessage === 'string' ? checkOrMessage : undefined;
+        if (message !== undefined) {
+            // Overload 2: Simple form with message - return completed guard
+            return defineGuard({
+                name: inferGuardName(check),
+                check,
+                message,
+            });
+        }
+        // Overload 1: Return builder for fluent configuration
+        return createGuardBuilder(check, inferGuardName(check));
+    }
+    throw new Error('Invalid guard arguments: expected (check), (check, message), or (name, check)');
 }
 // ============================================================================
 // Built-in Guards

package/dist/index.d.ts CHANGED Viewed

@@ -18,6 +18,7 @@ export { createEnhancedTokenStore, DEFAULT_ALLOWED_ROLES, parseUserRoles, } from
 export type { AuthenticatedContext, InferNarrowedContext, NarrowingGuard, RoleNarrowedContext, } from './guards-narrowing.js';
 export { authenticatedNarrow, hasRoleNarrow } from './guards-narrowing.js';
 export { hashPassword, PasswordHasher, passwordHasher, verifyPassword, } from './hash.js';
+export type { GuardBuilder } from './guards.js';
 export { allOf, anyOf, authenticated, defineGuard, emailVerified, executeGuard, executeGuards, guard, hasAnyPermission, hasPermission, hasRole, not, userCan, } from './guards.js';
 export { authorize, can, cannot, clearPolicies, createAdminOnlyPolicy, createOwnerOrAdminPolicy, createPolicyBuilder, createReadOnlyPolicy, definePolicy, getPolicy, registerPolicy, } from './policies.js';
 export { authMiddleware, clearRateLimitStore, rateLimitMiddleware, } from './middleware.js';

package/dist/index.js CHANGED Viewed

@@ -23,9 +23,6 @@ export { authenticatedNarrow, hasRoleNarrow } from './guards-narrowing.js';
 // Password Hashing
 // ============================================================================
 export { hashPassword, PasswordHasher, passwordHasher, verifyPassword, } from './hash.js';
-// ============================================================================
-// Guards
-// ============================================================================
 export {
 // Combinators
 allOf, anyOf,
@@ -35,6 +32,7 @@ authenticated,
 defineGuard, emailVerified,
 // Execution
 executeGuard, executeGuards, guard, hasAnyPermission, hasPermission, hasRole, not, userCan, } from './guards.js';
+// NOTE: _resetGuardCounter is available via '@veloxts/auth/testing' for test isolation
 // ============================================================================
 // Policies
 // ============================================================================

package/dist/testing.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * @veloxts/auth/testing - Internal testing utilities
+ *
+ * This module exports utilities intended for testing purposes only.
+ * These are NOT part of the public API and may change without notice.
+ *
+ * @example
+ * ```typescript
+ * import { _resetGuardCounter } from '@veloxts/auth/testing';
+ *
+ * beforeEach(() => {
+ *   _resetGuardCounter();
+ * });
+ * ```
+ *
+ * @packageDocumentation
+ * @module @veloxts/auth/testing
+ */
+export { _resetGuardCounter } from './guards.js';
+export { clearRateLimitStore } from './middleware.js';
+export { clearPolicies } from './policies.js';
+export { clearAuthRateLimitStore, stopAuthRateLimitCleanup } from './rate-limit.js';

package/dist/testing.js ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * @veloxts/auth/testing - Internal testing utilities
+ *
+ * This module exports utilities intended for testing purposes only.
+ * These are NOT part of the public API and may change without notice.
+ *
+ * @example
+ * ```typescript
+ * import { _resetGuardCounter } from '@veloxts/auth/testing';
+ *
+ * beforeEach(() => {
+ *   _resetGuardCounter();
+ * });
+ * ```
+ *
+ * @packageDocumentation
+ * @module @veloxts/auth/testing
+ */
+// Guard testing utilities
+export { _resetGuardCounter } from './guards.js';
+// Rate limit store clearing (for test isolation)
+export { clearRateLimitStore } from './middleware.js';
+// Policy registry clearing (for test isolation)
+export { clearPolicies } from './policies.js';
+export { clearAuthRateLimitStore, stopAuthRateLimitCleanup } from './rate-limit.js';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/auth",
-  "version": "0.6.83",
+  "version": "0.6.84",
   "description": "Authentication and authorization system for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -10,6 +10,10 @@
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js"
     },
+    "./testing": {
+      "types": "./dist/testing.d.ts",
+      "import": "./dist/testing.js"
+    },
     "./adapters": {
       "types": "./dist/adapters/index.d.ts",
       "import": "./dist/adapters/index.js"
@@ -57,8 +61,8 @@
   "dependencies": {
     "@fastify/cookie": "11.0.2",
     "fastify": "5.6.2",
-    "@veloxts/core": "0.6.83",
-    "@veloxts/router": "0.6.83"
+    "@veloxts/router": "0.6.84",
+    "@veloxts/core": "0.6.84"
   },
   "peerDependencies": {
     "argon2": ">=0.30.0",
@@ -82,8 +86,8 @@
     "fastify-plugin": "5.1.0",
     "typescript": "5.9.3",
     "vitest": "4.0.16",
-    "@veloxts/validation": "0.6.83",
-    "@veloxts/testing": "0.6.83"
+    "@veloxts/testing": "0.6.84",
+    "@veloxts/validation": "0.6.84"
   },
   "keywords": [
     "velox",