authfyio-fastify 0.2.1

package/README.md

@@ -0,0 +1,21 @@
+# authfyio-fastify
+
+Fastify plugin for Authfyio — adds `request.auth`, verifies session JWTs, and exposes a decorator guard.
+
+> Part of [Authfyio](https://authfyio.com) — a self-hostable authentication platform.
+
+## Install
+
+```bash
+npm install authfyio-fastify
+```
+
+## Usage
+
+See the full guide at **https://authfyio.com/docs**.
+
+Point the SDK at your Authfyio instance via the same-origin proxy (`/api/af`) or set `AF_API_BASE_URL` for server-side calls.
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,30 @@
+import { type AuthfyioBackendClientOptions, type SessionClaims } from 'authfyio-backend';
+export type { SessionClaims };
+export type FastifyAuthObject = {
+    userId: string;
+    sessionId: string;
+    environmentId: string;
+    orgId: string | null;
+    orgRole: string | null;
+    claims: SessionClaims;
+    getToken(): string;
+};
+export type AuthfyioPluginOptions = AuthfyioBackendClientOptions & {
+    /**
+     * Require a valid session on every request reaching a route that uses
+     * the plugin's `protect` preHandler. Default true.
+     */
+    required?: boolean;
+};
+/**
+ * Fastify plugin — decorates the app with `verifyAuth` + `protect` and
+ * resolves `request.auth` before your handlers. Designed to work with
+ * `@fastify/cookie` already registered.
+ *
+ *     import fp from 'fastify-plugin';
+ *     import authfyio from 'authfyio-fastify';
+ *     app.register(authfyio, { baseUrl: process.env.AF_API_BASE_URL! });
+ *     app.get('/private', { preHandler: [app.protect] }, (req) => req.auth.userId);
+ */
+export default function authfyioPlugin(app: any, opts: AuthfyioPluginOptions): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,4BAA4B,EACjC,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,aAAa,EAAE,CAAC;AAE9B,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,IAAI,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG,4BAA4B,GAAG;IACjE;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAA8B,cAAc,CAC1C,GAAG,EAAE,GAAG,EACR,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAqCf"}

package/dist/index.js

@@ -0,0 +1,59 @@
+import { AuthfyioBackendClient, } from 'authfyio-backend';
+/**
+ * Fastify plugin — decorates the app with `verifyAuth` + `protect` and
+ * resolves `request.auth` before your handlers. Designed to work with
+ * `@fastify/cookie` already registered.
+ *
+ *     import fp from 'fastify-plugin';
+ *     import authfyio from 'authfyio-fastify';
+ *     app.register(authfyio, { baseUrl: process.env.AF_API_BASE_URL! });
+ *     app.get('/private', { preHandler: [app.protect] }, (req) => req.auth.userId);
+ */
+export default async function authfyioPlugin(app, opts) {
+    const client = new AuthfyioBackendClient(opts);
+    app.decorateRequest('auth', null);
+    async function verifyAuth(req) {
+        const cookie = req.headers?.cookie ?? '';
+        const claims = await client.getSessionFromRequest({ headers: { cookie } }).catch(() => null);
+        if (!claims)
+            return null;
+        const token = extractSessionCookie(cookie);
+        return {
+            userId: claims.sub,
+            sessionId: claims.sid,
+            environmentId: claims.env,
+            orgId: claims.org ?? null,
+            orgRole: claims.org_role ?? null,
+            claims,
+            getToken: () => token ?? '',
+        };
+    }
+    app.decorate('verifyAuth', verifyAuth);
+    app.decorate('protect', async function protect(req, reply) {
+        const auth = await verifyAuth(req);
+        if (!auth) {
+            reply.code(401).send({ error: 'unauthorized' });
+            return reply;
+        }
+        req.auth = auth;
+    });
+    app.addHook('onRequest', async (req) => {
+        // Populate request.auth opportunistically; handlers that required it
+        // should still use the `protect` preHandler to enforce.
+        req.auth = await verifyAuth(req);
+    });
+}
+function extractSessionCookie(cookieHeader) {
+    if (!cookieHeader)
+        return null;
+    for (const pair of cookieHeader.split(';')) {
+        const eq = pair.indexOf('=');
+        if (eq < 0)
+            continue;
+        const k = pair.slice(0, eq).trim();
+        const v = pair.slice(eq + 1).trim();
+        if (k === '__session')
+            return decodeURIComponent(v);
+    }
+    return null;
+}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "authfyio-fastify",
+  "version": "0.2.1",
+  "description": "Fastify plugin for Authfyio — adds `request.auth`, verifies session JWTs, and exposes a decorator guard.",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc -p tsconfig.build.json --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "peerDependencies": {
+    "authfyio-backend": "^0.2.0",
+    "fastify": ">=4"
+  },
+  "keywords": [
+    "authfyio",
+    "auth",
+    "fastify",
+    "plugin"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "homepage": "https://authfyio.com/docs",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/authfyio/authfyio.git"
+  }
+}