@veloxts/auth 0.6.88 → 0.6.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +18 -11
  2. package/package.json +8 -8
package/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # @veloxts/auth
2
2
 
3
+ ## 0.6.90
4
+
5
+ ### Patch Changes
6
+
7
+ - Dependencies updates – fix critical and high severity vulnerabilities
8
+ - Updated dependencies
9
+ - @veloxts/core@0.6.90
10
+ - @veloxts/router@0.6.90
11
+
12
+ ## 0.6.89
13
+
14
+ ### Patch Changes
15
+
16
+ - expand preset system with server config, auth presets, and security validation
17
+ - Updated dependencies
18
+ - @veloxts/core@0.6.89
19
+ - @veloxts/router@0.6.89
20
+
3
21
  ## 0.6.88
4
22
 
5
23
  ### Patch Changes
@@ -169,7 +187,6 @@
169
187
  - ### feat(auth): Unified Adapter-Only Architecture
170
188
 
171
189
  **New Features:**
172
-
173
190
  - Add `JwtAdapter` implementing the `AuthAdapter` interface for unified JWT authentication
174
191
  - Add `jwtAuth()` convenience function for direct adapter usage with optional built-in routes (`/api/auth/refresh`, `/api/auth/logout`)
175
192
  - Add `AuthContext` discriminated union (`NativeAuthContext | AdapterAuthContext`) for type-safe auth mode handling
@@ -177,24 +194,20 @@
177
194
  - Add shared decoration utilities (`decorateAuth`, `setRequestAuth`, `checkDoubleRegistration`)
178
195
 
179
196
  **Architecture Changes:**
180
-
181
197
  - `authPlugin` now uses `JwtAdapter` internally - all authentication flows through the adapter pattern
182
198
  - Single code path for authentication (no more dual native/adapter modes)
183
199
  - `authContext.authMode` is now always `'adapter'` with `providerId='jwt'` when using `authPlugin`
184
200
 
185
201
  **Breaking Changes:**
186
-
187
202
  - Remove deprecated `LegacySessionConfig` interface (use `sessionMiddleware` instead)
188
203
  - Remove deprecated `session` field from `AuthConfig`
189
204
  - `User` interface no longer has index signature (extend via declaration merging)
190
205
 
191
206
  **Type Safety Improvements:**
192
-
193
207
  - `AuthContext` discriminated union enables exhaustive type narrowing based on `authMode`
194
208
  - Export `NativeAuthContext` and `AdapterAuthContext` types for explicit typing
195
209
 
196
210
  **Migration:**
197
-
198
211
  - Existing `authPlugin` usage remains backward-compatible
199
212
  - If checking `authContext.token`, use `authContext.session` instead (token stored in session for adapter mode)
200
213
 
@@ -213,12 +226,10 @@
213
226
  Addresses 9 user feedback items to improve DX, reduce boilerplate, and eliminate template duplications.
214
227
 
215
228
  ### Phase 1: Validation Helpers (`@veloxts/validation`)
216
-
217
229
  - Add `prismaDecimal()`, `prismaDecimalNullable()`, `prismaDecimalOptional()` for Prisma Decimal → number conversion
218
230
  - Add `dateToIso`, `dateToIsoNullable`, `dateToIsoOptional` aliases for consistency
219
231
 
220
232
  ### Phase 2: Template Deduplication (`@veloxts/auth`)
221
-
222
233
  - Export `createEnhancedTokenStore()` with token revocation and refresh token reuse detection
223
234
  - Export `parseUserRoles()` and `DEFAULT_ALLOWED_ROLES`
224
235
  - Fix memory leak: track pending timeouts for proper cleanup on `destroy()`
@@ -226,20 +237,17 @@
226
237
  - Fix jwtManager singleton pattern in templates
227
238
 
228
239
  ### Phase 3: Router Helpers (`@veloxts/router`)
229
-
230
240
  - Add `createRouter()` returning `{ collections, router }` for DRY setup
231
241
  - Add `toRouter()` for router-only use cases
232
242
  - Update all router templates to use `createRouter()`
233
243
 
234
244
  ### Phase 4: Guard Type Narrowing - Experimental (`@veloxts/auth`, `@veloxts/router`)
235
-
236
245
  - Add `NarrowingGuard` interface with phantom `_narrows` type
237
246
  - Add `authenticatedNarrow` and `hasRoleNarrow()` guards
238
247
  - Add `guardNarrow()` method to `ProcedureBuilder` for context narrowing
239
248
  - Enables `ctx.user` to be non-null after guard passes
240
249
 
241
250
  ### Phase 5: Documentation (`@veloxts/router`)
242
-
243
251
  - Document `.rest()` override patterns
244
252
  - Document `createRouter()` helper usage
245
253
  - Document `guardNarrow()` experimental API
@@ -1170,7 +1178,6 @@
1170
1178
  ### Patch Changes
1171
1179
 
1172
1180
  - Fix Prisma client generation in scaffolder
1173
-
1174
1181
  - Added automatic Prisma client generation after dependency installation in create-velox-app
1175
1182
  - Fixed database template to validate DATABASE_URL environment variable
1176
1183
  - Added alpha release warning to all package READMEs
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@veloxts/auth",
3
- "version": "0.6.88",
3
+ "version": "0.6.90",
4
4
  "description": "Authentication and authorization system for VeloxTS framework",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -60,9 +60,9 @@
60
60
  },
61
61
  "dependencies": {
62
62
  "@fastify/cookie": "11.0.2",
63
- "fastify": "5.6.2",
64
- "@veloxts/core": "0.6.88",
65
- "@veloxts/router": "0.6.88"
63
+ "fastify": "5.7.2",
64
+ "@veloxts/core": "0.6.90",
65
+ "@veloxts/router": "0.6.90"
66
66
  },
67
67
  "peerDependencies": {
68
68
  "argon2": ">=0.30.0",
@@ -82,12 +82,12 @@
82
82
  },
83
83
  "devDependencies": {
84
84
  "@types/bcrypt": "6.0.0",
85
- "@vitest/coverage-v8": "4.0.16",
85
+ "@vitest/coverage-v8": "4.0.18",
86
86
  "fastify-plugin": "5.1.0",
87
87
  "typescript": "5.9.3",
88
- "vitest": "4.0.16",
89
- "@veloxts/testing": "0.6.88",
90
- "@veloxts/validation": "0.6.88"
88
+ "vitest": "4.0.18",
89
+ "@veloxts/validation": "0.6.90",
90
+ "@veloxts/testing": "0.6.90"
91
91
  },
92
92
  "keywords": [
93
93
  "velox",