authfyio-express 0.2.1

package/README.md

@@ -0,0 +1,21 @@
+# authfyio-express
+
+Express middleware for Authfyio — protect routes, inject the auth context, verify session JWTs.
+
+> Part of [Authfyio](https://authfyio.com) — a self-hostable authentication platform.
+
+## Install
+
+```bash
+npm install authfyio-express
+```
+
+## Usage
+
+See the full guide at **https://authfyio.com/docs**.
+
+Point the SDK at your Authfyio instance via the same-origin proxy (`/api/af`) or set `AF_API_BASE_URL` for server-side calls.
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,28 @@
+import { type AuthfyioBackendClientOptions, type SessionClaims } from 'authfyio-backend';
+export type { SessionClaims };
+export type ExpressAuthObject = {
+    userId: string;
+    sessionId: string;
+    environmentId: string;
+    orgId: string | null;
+    orgRole: string | null;
+    claims: SessionClaims;
+    getToken(): string;
+};
+export type RequireAuthOptions = AuthfyioBackendClientOptions;
+/**
+ * Express middleware that requires a valid Authfyio session. Attaches a
+ * typed `req.auth` object on success; responds 401 on failure.
+ *
+ *     import { requireAuth } from 'authfyio-express';
+ *     app.use('/api/private', requireAuth({ baseUrl: process.env.AF_API_BASE_URL! }));
+ *     app.get('/api/private/me', (req, res) => res.json(req.auth.userId));
+ */
+export declare function requireAuth(opts: RequireAuthOptions): (req: any, res: any, next: any) => Promise<void>;
+/**
+ * Non-blocking variant — sets `req.auth` when a session is present, leaves it
+ * `null` otherwise. Use when a handler serves both anonymous and signed-in
+ * traffic.
+ */
+export declare function withAuth(opts: RequireAuthOptions): (req: any, _res: any, next: any) => Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,4BAA4B,EACjC,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,aAAa,EAAE,CAAC;AAE9B,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,IAAI,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,4BAA4B,CAAC;AAE9D;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,kBAAkB,IAE3B,KAAK,GAAG,EAAE,KAAK,GAAG,EAAE,MAAM,GAAG,mBAerD;AAED;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,kBAAkB,IAExB,KAAK,GAAG,EAAE,MAAM,GAAG,EAAE,MAAM,GAAG,mBAWtD"}

package/dist/index.js

@@ -0,0 +1,73 @@
+import { AuthfyioBackendClient, } from 'authfyio-backend';
+/**
+ * Express middleware that requires a valid Authfyio session. Attaches a
+ * typed `req.auth` object on success; responds 401 on failure.
+ *
+ *     import { requireAuth } from 'authfyio-express';
+ *     app.use('/api/private', requireAuth({ baseUrl: process.env.AF_API_BASE_URL! }));
+ *     app.get('/api/private/me', (req, res) => res.json(req.auth.userId));
+ */
+export function requireAuth(opts) {
+    const client = new AuthfyioBackendClient(opts);
+    return async function (req, res, next) {
+        try {
+            const cookie = req.headers?.cookie ?? '';
+            const claims = await client.getSessionFromRequest({ headers: { cookie } });
+            if (!claims) {
+                res.status(401).json({ error: 'unauthorized' });
+                return;
+            }
+            const token = extractSessionCookie(cookie);
+            req.auth = buildAuth(claims, token ?? '');
+            next();
+        }
+        catch {
+            res.status(401).json({ error: 'unauthorized' });
+        }
+    };
+}
+/**
+ * Non-blocking variant — sets `req.auth` when a session is present, leaves it
+ * `null` otherwise. Use when a handler serves both anonymous and signed-in
+ * traffic.
+ */
+export function withAuth(opts) {
+    const client = new AuthfyioBackendClient(opts);
+    return async function (req, _res, next) {
+        try {
+            const cookie = req.headers?.cookie ?? '';
+            const claims = await client.getSessionFromRequest({ headers: { cookie } });
+            const token = extractSessionCookie(cookie);
+            req.auth = claims ? buildAuth(claims, token ?? '') : null;
+        }
+        catch {
+            req.auth = null;
+        }
+        next();
+    };
+}
+function buildAuth(claims, token) {
+    return {
+        userId: claims.sub,
+        sessionId: claims.sid,
+        environmentId: claims.env,
+        orgId: claims.org ?? null,
+        orgRole: claims.org_role ?? null,
+        claims,
+        getToken: () => token,
+    };
+}
+function extractSessionCookie(cookieHeader) {
+    if (!cookieHeader)
+        return null;
+    for (const pair of cookieHeader.split(';')) {
+        const eq = pair.indexOf('=');
+        if (eq < 0)
+            continue;
+        const k = pair.slice(0, eq).trim();
+        const v = pair.slice(eq + 1).trim();
+        if (k === '__session')
+            return decodeURIComponent(v);
+    }
+    return null;
+}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "authfyio-express",
+  "version": "0.2.1",
+  "description": "Express middleware for Authfyio — protect routes, inject the auth context, verify session JWTs.",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc -p tsconfig.build.json --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "peerDependencies": {
+    "authfyio-backend": "^0.2.0",
+    "express": ">=4"
+  },
+  "keywords": [
+    "authfyio",
+    "auth",
+    "express",
+    "middleware"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "homepage": "https://authfyio.com/docs",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/authfyio/authfyio.git"
+  }
+}