@veloxts/auth 0.6.89 → 0.6.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +9 -11
  2. package/package.json +8 -8
package/CHANGELOG.md CHANGED
@@ -1,5 +1,14 @@
1
1
  # @veloxts/auth
2
2
 
3
+ ## 0.6.90
4
+
5
+ ### Patch Changes
6
+
7
+ - Dependencies updates – fix critical and high severity vulnerabilities
8
+ - Updated dependencies
9
+ - @veloxts/core@0.6.90
10
+ - @veloxts/router@0.6.90
11
+
3
12
  ## 0.6.89
4
13
 
5
14
  ### Patch Changes
@@ -178,7 +187,6 @@
178
187
  - ### feat(auth): Unified Adapter-Only Architecture
179
188
 
180
189
  **New Features:**
181
-
182
190
  - Add `JwtAdapter` implementing the `AuthAdapter` interface for unified JWT authentication
183
191
  - Add `jwtAuth()` convenience function for direct adapter usage with optional built-in routes (`/api/auth/refresh`, `/api/auth/logout`)
184
192
  - Add `AuthContext` discriminated union (`NativeAuthContext | AdapterAuthContext`) for type-safe auth mode handling
@@ -186,24 +194,20 @@
186
194
  - Add shared decoration utilities (`decorateAuth`, `setRequestAuth`, `checkDoubleRegistration`)
187
195
 
188
196
  **Architecture Changes:**
189
-
190
197
  - `authPlugin` now uses `JwtAdapter` internally - all authentication flows through the adapter pattern
191
198
  - Single code path for authentication (no more dual native/adapter modes)
192
199
  - `authContext.authMode` is now always `'adapter'` with `providerId='jwt'` when using `authPlugin`
193
200
 
194
201
  **Breaking Changes:**
195
-
196
202
  - Remove deprecated `LegacySessionConfig` interface (use `sessionMiddleware` instead)
197
203
  - Remove deprecated `session` field from `AuthConfig`
198
204
  - `User` interface no longer has index signature (extend via declaration merging)
199
205
 
200
206
  **Type Safety Improvements:**
201
-
202
207
  - `AuthContext` discriminated union enables exhaustive type narrowing based on `authMode`
203
208
  - Export `NativeAuthContext` and `AdapterAuthContext` types for explicit typing
204
209
 
205
210
  **Migration:**
206
-
207
211
  - Existing `authPlugin` usage remains backward-compatible
208
212
  - If checking `authContext.token`, use `authContext.session` instead (token stored in session for adapter mode)
209
213
 
@@ -222,12 +226,10 @@
222
226
  Addresses 9 user feedback items to improve DX, reduce boilerplate, and eliminate template duplications.
223
227
 
224
228
  ### Phase 1: Validation Helpers (`@veloxts/validation`)
225
-
226
229
  - Add `prismaDecimal()`, `prismaDecimalNullable()`, `prismaDecimalOptional()` for Prisma Decimal → number conversion
227
230
  - Add `dateToIso`, `dateToIsoNullable`, `dateToIsoOptional` aliases for consistency
228
231
 
229
232
  ### Phase 2: Template Deduplication (`@veloxts/auth`)
230
-
231
233
  - Export `createEnhancedTokenStore()` with token revocation and refresh token reuse detection
232
234
  - Export `parseUserRoles()` and `DEFAULT_ALLOWED_ROLES`
233
235
  - Fix memory leak: track pending timeouts for proper cleanup on `destroy()`
@@ -235,20 +237,17 @@
235
237
  - Fix jwtManager singleton pattern in templates
236
238
 
237
239
  ### Phase 3: Router Helpers (`@veloxts/router`)
238
-
239
240
  - Add `createRouter()` returning `{ collections, router }` for DRY setup
240
241
  - Add `toRouter()` for router-only use cases
241
242
  - Update all router templates to use `createRouter()`
242
243
 
243
244
  ### Phase 4: Guard Type Narrowing - Experimental (`@veloxts/auth`, `@veloxts/router`)
244
-
245
245
  - Add `NarrowingGuard` interface with phantom `_narrows` type
246
246
  - Add `authenticatedNarrow` and `hasRoleNarrow()` guards
247
247
  - Add `guardNarrow()` method to `ProcedureBuilder` for context narrowing
248
248
  - Enables `ctx.user` to be non-null after guard passes
249
249
 
250
250
  ### Phase 5: Documentation (`@veloxts/router`)
251
-
252
251
  - Document `.rest()` override patterns
253
252
  - Document `createRouter()` helper usage
254
253
  - Document `guardNarrow()` experimental API
@@ -1179,7 +1178,6 @@
1179
1178
  ### Patch Changes
1180
1179
 
1181
1180
  - Fix Prisma client generation in scaffolder
1182
-
1183
1181
  - Added automatic Prisma client generation after dependency installation in create-velox-app
1184
1182
  - Fixed database template to validate DATABASE_URL environment variable
1185
1183
  - Added alpha release warning to all package READMEs
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@veloxts/auth",
3
- "version": "0.6.89",
3
+ "version": "0.6.90",
4
4
  "description": "Authentication and authorization system for VeloxTS framework",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -60,9 +60,9 @@
60
60
  },
61
61
  "dependencies": {
62
62
  "@fastify/cookie": "11.0.2",
63
- "fastify": "5.6.2",
64
- "@veloxts/core": "0.6.89",
65
- "@veloxts/router": "0.6.89"
63
+ "fastify": "5.7.2",
64
+ "@veloxts/core": "0.6.90",
65
+ "@veloxts/router": "0.6.90"
66
66
  },
67
67
  "peerDependencies": {
68
68
  "argon2": ">=0.30.0",
@@ -82,12 +82,12 @@
82
82
  },
83
83
  "devDependencies": {
84
84
  "@types/bcrypt": "6.0.0",
85
- "@vitest/coverage-v8": "4.0.16",
85
+ "@vitest/coverage-v8": "4.0.18",
86
86
  "fastify-plugin": "5.1.0",
87
87
  "typescript": "5.9.3",
88
- "vitest": "4.0.16",
89
- "@veloxts/testing": "0.6.89",
90
- "@veloxts/validation": "0.6.89"
88
+ "vitest": "4.0.18",
89
+ "@veloxts/validation": "0.6.90",
90
+ "@veloxts/testing": "0.6.90"
91
91
  },
92
92
  "keywords": [
93
93
  "velox",