create-fluxstack 1.17.0 → 1.18.0

package/app/client/src/live/RoomChatDemo.tsx

@@ -1,6 +1,6 @@
 // RoomChatDemo - Chat multi-salas with password-protected rooms
 
-import { useState, useEffect, useRef, useMemo } from 'react'
+import { useEffect, useRef, useMemo, useReducer } from 'react'
 import { Live } from '@/core/client'
 import { LiveRoomChat } from '@server/live/LiveRoomChat'
 
@@ -10,13 +10,57 @@ const DEFAULT_ROOMS = [
   { id: 'random', name: 'Random' },
 ]
 
+// Consolidated UI state to avoid fragmented useState calls and ensure
+// related modal states update atomically.
+interface ChatUIState {
+  text: string
+  error: string
+  createModal: { open: boolean; name: string; password: string }
+  passwordPrompt: { roomId: string; roomName: string; input: string } | null
+}
+
+type ChatUIAction =
+  | { type: 'SET_TEXT'; text: string }
+  | { type: 'SET_ERROR'; error: string }
+  | { type: 'OPEN_CREATE_MODAL' }
+  | { type: 'CLOSE_CREATE_MODAL' }
+  | { type: 'UPDATE_CREATE_FORM'; name?: string; password?: string }
+  | { type: 'OPEN_PASSWORD_PROMPT'; roomId: string; roomName: string }
+  | { type: 'CLOSE_PASSWORD_PROMPT' }
+  | { type: 'SET_PASSWORD_INPUT'; input: string }
+
+function chatUIReducer(state: ChatUIState, action: ChatUIAction): ChatUIState {
+  switch (action.type) {
+    case 'SET_TEXT':
+      return { ...state, text: action.text }
+    case 'SET_ERROR':
+      return { ...state, error: action.error }
+    case 'OPEN_CREATE_MODAL':
+      return { ...state, createModal: { open: true, name: '', password: '' } }
+    case 'CLOSE_CREATE_MODAL':
+      return { ...state, createModal: { open: false, name: '', password: '' } }
+    case 'UPDATE_CREATE_FORM':
+      return { ...state, createModal: { ...state.createModal, name: action.name ?? state.createModal.name, password: action.password ?? state.createModal.password } }
+    case 'OPEN_PASSWORD_PROMPT':
+      return { ...state, passwordPrompt: { roomId: action.roomId, roomName: action.roomName, input: '' } }
+    case 'CLOSE_PASSWORD_PROMPT':
+      return { ...state, passwordPrompt: null }
+    case 'SET_PASSWORD_INPUT':
+      return state.passwordPrompt ? { ...state, passwordPrompt: { ...state.passwordPrompt, input: action.input } } : state
+    default:
+      return state
+  }
+}
+
+const initialUIState: ChatUIState = {
+  text: '',
+  error: '',
+  createModal: { open: false, name: '', password: '' },
+  passwordPrompt: null,
+}
+
 export function RoomChatDemo() {
-  const [text, setText] = useState('')
-  const [showCreateModal, setShowCreateModal] = useState(false)
-  const [passwordPrompt, setPasswordPrompt] = useState<{ roomId: string; roomName: string } | null>(null)
-  const [passwordInput, setPasswordInput] = useState('')
-  const [createForm, setCreateForm] = useState({ name: '', password: '' })
-  const [error, setError] = useState('')
+  const [ui, dispatch] = useReducer(chatUIReducer, initialUIState)
   const messagesEndRef = useRef<HTMLDivElement>(null)
 
   const defaultUsername = useMemo(() => {
@@ -37,11 +81,11 @@ export function RoomChatDemo() {
   }, [activeMessages.length])
 
   useEffect(() => {
-    if (error) {
-      const t = setTimeout(() => setError(''), 3000)
+    if (ui.error) {
+      const t = setTimeout(() => dispatch({ type: 'SET_ERROR', error: '' }), 3000)
       return () => clearTimeout(t)
     }
-  }, [error])
+  }, [ui.error])
 
   const joinedRoomIds = chat.$state.rooms.map(r => r.id)
   const joinedRoomsMap = new Map(chat.$state.rooms.map(r => [r.id, r]))
@@ -54,8 +98,7 @@ export function RoomChatDemo() {
 
     // If the room is known to be private, prompt for password
     if (isPrivate) {
-      setPasswordPrompt({ roomId, roomName })
-      setPasswordInput('')
+      dispatch({ type: 'OPEN_PASSWORD_PROMPT', roomId, roomName })
       return
     }
 
@@ -63,28 +106,26 @@ export function RoomChatDemo() {
     const result = await chat.joinRoom({ roomId, roomName })
     if (result && !result.success) {
       // If rejected, might be password-protected — prompt
-      setPasswordPrompt({ roomId, roomName })
-      setPasswordInput('')
+      dispatch({ type: 'OPEN_PASSWORD_PROMPT', roomId, roomName })
     }
   }
 
   const handlePasswordSubmit = async () => {
-    if (!passwordPrompt) return
+    if (!ui.passwordPrompt) return
     const result = await chat.joinRoom({
-      roomId: passwordPrompt.roomId,
-      roomName: passwordPrompt.roomName,
-      password: passwordInput
+      roomId: ui.passwordPrompt.roomId,
+      roomName: ui.passwordPrompt.roomName,
+      password: ui.passwordPrompt.input
     })
     if (result && !result.success) {
-      setError(result.error || 'Senha incorreta')
+      dispatch({ type: 'SET_ERROR', error: result.error || 'Senha incorreta' })
     } else {
-      setPasswordPrompt(null)
-      setPasswordInput('')
+      dispatch({ type: 'CLOSE_PASSWORD_PROMPT' })
     }
   }
 
   const handleCreateRoom = async () => {
-    const name = createForm.name.trim()
+    const name = ui.createModal.name.trim()
     if (!name) return
     const roomId = name.toLowerCase().replace(/\s+/g, '-').replace(/[^a-z0-9-]/g, '')
     if (!roomId) return
@@ -92,20 +133,19 @@ export function RoomChatDemo() {
     const result = await chat.createRoom({
       roomId,
       roomName: name,
-      password: createForm.password || undefined
+      password: ui.createModal.password || undefined
     })
     if (result && !result.success) {
-      setError(result.error || 'Falha ao criar sala')
+      dispatch({ type: 'SET_ERROR', error: result.error || 'Falha ao criar sala' })
     } else {
-      setShowCreateModal(false)
-      setCreateForm({ name: '', password: '' })
+      dispatch({ type: 'CLOSE_CREATE_MODAL' })
     }
   }
 
   const handleSendMessage = async () => {
-    if (!text.trim() || !activeRoom) return
-    await chat.sendMessage({ text })
-    setText('')
+    if (!ui.text.trim() || !activeRoom) return
+    await chat.sendMessage({ text: ui.text })
+    dispatch({ type: 'SET_TEXT', text: '' })
   }
 
   // Combine default rooms + custom rooms from shared directory (visible to all users)
@@ -133,7 +173,7 @@ export function RoomChatDemo() {
           <div className="flex items-center justify-between px-2 py-1">
             <p className="text-xs text-gray-500">SALAS</p>
             <button
-              onClick={() => { setShowCreateModal(true); setCreateForm({ name: '', password: '' }) }}
+              onClick={() => dispatch({ type: 'OPEN_CREATE_MODAL' })}
               className="text-xs text-purple-400 hover:text-purple-300"
             >+ Criar</button>
           </div>
@@ -223,15 +263,15 @@ export function RoomChatDemo() {
             <div className="p-3 sm:p-4 border-t border-white/10">
               <div className="flex gap-2">
                 <input
-                  value={text}
-                  onChange={(e) => setText(e.target.value)}
+                  value={ui.text}
+                  onChange={(e) => dispatch({ type: 'SET_TEXT', text: e.target.value })}
                   onKeyDown={(e) => { if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); handleSendMessage() } }}
                   placeholder="Digite uma mensagem..."
                   className="flex-1 px-3 sm:px-4 py-2 rounded-xl bg-white/10 border border-white/20 text-white placeholder-gray-500 focus:outline-none focus:ring-2 focus:ring-purple-500/50 text-sm sm:text-base"
                 />
                 <button
                   onClick={handleSendMessage}
-                  disabled={!text.trim()}
+                  disabled={!ui.text.trim()}
                   className="px-4 sm:px-6 py-2 rounded-xl bg-purple-500/30 text-purple-200 hover:bg-purple-500/40 disabled:opacity-50 text-sm sm:text-base"
                 >Enviar</button>
               </div>
@@ -248,23 +288,23 @@ export function RoomChatDemo() {
       </div>
 
       {/* Error toast */}
-      {error && (
+      {ui.error && (
         <div className="absolute top-4 left-1/2 -translate-x-1/2 px-4 py-2 bg-red-500/90 text-white text-sm rounded-lg shadow-lg z-50">
-          {error}
+          {ui.error}
         </div>
       )}
 
       {/* Create Room Modal */}
-      {showCreateModal && (
-        <div className="absolute inset-0 bg-black/60 flex items-center justify-center z-40" onClick={() => setShowCreateModal(false)}>
+      {ui.createModal.open && (
+        <div className="absolute inset-0 bg-black/60 flex items-center justify-center z-40" onClick={() => dispatch({ type: 'CLOSE_CREATE_MODAL' })}>
           <div className="bg-gray-800 rounded-2xl p-6 w-80 border border-white/10" onClick={e => e.stopPropagation()}>
             <h3 className="text-white font-bold text-lg mb-4">Criar Sala</h3>
             <div className="space-y-3">
               <div>
                 <label className="text-xs text-gray-400 block mb-1">Nome da sala</label>
                 <input
-                  value={createForm.name}
-                  onChange={e => setCreateForm(f => ({ ...f, name: e.target.value }))}
+                  value={ui.createModal.name}
+                  onChange={e => dispatch({ type: 'UPDATE_CREATE_FORM', name: e.target.value })}
                   placeholder="Minha Sala"
                   className="w-full px-3 py-2 rounded-lg bg-white/10 border border-white/20 text-white placeholder-gray-500 focus:outline-none focus:ring-2 focus:ring-purple-500/50 text-sm"
                   autoFocus
@@ -275,8 +315,8 @@ export function RoomChatDemo() {
                 <label className="text-xs text-gray-400 block mb-1">Senha (opcional)</label>
                 <input
                   type="password"
-                  value={createForm.password}
-                  onChange={e => setCreateForm(f => ({ ...f, password: e.target.value }))}
+                  value={ui.createModal.password}
+                  onChange={e => dispatch({ type: 'UPDATE_CREATE_FORM', password: e.target.value })}
                   placeholder="Deixe vazio para sala publica"
                   className="w-full px-3 py-2 rounded-lg bg-white/10 border border-white/20 text-white placeholder-gray-500 focus:outline-none focus:ring-2 focus:ring-purple-500/50 text-sm"
                   onKeyDown={e => { if (e.key === 'Enter') handleCreateRoom() }}
@@ -284,12 +324,12 @@ export function RoomChatDemo() {
               </div>
               <div className="flex gap-2 pt-2">
                 <button
-                  onClick={() => setShowCreateModal(false)}
+                  onClick={() => dispatch({ type: 'CLOSE_CREATE_MODAL' })}
                   className="flex-1 px-4 py-2 rounded-lg bg-white/10 text-gray-300 hover:bg-white/20 text-sm"
                 >Cancelar</button>
                 <button
                   onClick={handleCreateRoom}
-                  disabled={!createForm.name.trim()}
+                  disabled={!ui.createModal.name.trim()}
                   className="flex-1 px-4 py-2 rounded-lg bg-purple-500/30 text-purple-200 hover:bg-purple-500/40 disabled:opacity-50 text-sm"
                 >Criar</button>
               </div>
@@ -299,17 +339,17 @@ export function RoomChatDemo() {
       )}
 
       {/* Password Prompt Modal */}
-      {passwordPrompt && (
-        <div className="absolute inset-0 bg-black/60 flex items-center justify-center z-40" onClick={() => setPasswordPrompt(null)}>
+      {ui.passwordPrompt && (
+        <div className="absolute inset-0 bg-black/60 flex items-center justify-center z-40" onClick={() => dispatch({ type: 'CLOSE_PASSWORD_PROMPT' })}>
           <div className="bg-gray-800 rounded-2xl p-6 w-80 border border-white/10" onClick={e => e.stopPropagation()}>
             <h3 className="text-white font-bold text-lg mb-1">Sala Protegida</h3>
             <p className="text-sm text-gray-400 mb-4">
-              A sala "{passwordPrompt.roomName}" requer senha.
+              A sala "{ui.passwordPrompt.roomName}" requer senha.
             </p>
             <input
               type="password"
-              value={passwordInput}
-              onChange={e => setPasswordInput(e.target.value)}
+              value={ui.passwordPrompt.input}
+              onChange={e => dispatch({ type: 'SET_PASSWORD_INPUT', input: e.target.value })}
               placeholder="Digite a senha..."
               className="w-full px-3 py-2 rounded-lg bg-white/10 border border-white/20 text-white placeholder-gray-500 focus:outline-none focus:ring-2 focus:ring-purple-500/50 text-sm mb-3"
               autoFocus
@@ -317,12 +357,12 @@ export function RoomChatDemo() {
             />
             <div className="flex gap-2">
               <button
-                onClick={() => setPasswordPrompt(null)}
+                onClick={() => dispatch({ type: 'CLOSE_PASSWORD_PROMPT' })}
                 className="flex-1 px-4 py-2 rounded-lg bg-white/10 text-gray-300 hover:bg-white/20 text-sm"
               >Cancelar</button>
               <button
                 onClick={handlePasswordSubmit}
-                disabled={!passwordInput}
+                disabled={!ui.passwordPrompt.input}
                 className="flex-1 px-4 py-2 rounded-lg bg-purple-500/30 text-purple-200 hover:bg-purple-500/40 disabled:opacity-50 text-sm"
               >Entrar</button>
             </div>

package/app/client/src/live/SharedCounterDemo.tsx

@@ -32,6 +32,11 @@ export function SharedCounterDemo() {
 
   useEffect(() => {
     const unsub = counter.$room<CounterRoom>('counter:global').on('counter:updated', (data) => {
+      // Validate incoming room event data
+      if (data == null || typeof data.count !== 'number' || typeof data.updatedBy !== 'string') {
+        return
+      }
+
       const id = ++floatIdRef.current
       const isReset = data.count === 0
       const text = isReset ? '0' : data.count > 0 ? `+${data.count}` : `${data.count}`

package/app/server/auth/AuthManager.ts

@@ -48,6 +48,8 @@ export interface ProviderConfig {
 }
 
 export class AuthManager {
+  private static readonly MAX_GUARDS_CACHE = 100
+
   private config: AuthManagerConfig
   private guards = new Map<string, Guard>()
   private customGuardFactories = new Map<string, GuardFactory>()
@@ -72,6 +74,15 @@ export class AuthManager {
     }
 
     const guard = this.resolve(guardName)
+
+    // Evict oldest entries if cache exceeds limit (LRU-like)
+    if (this.guards.size >= AuthManager.MAX_GUARDS_CACHE) {
+      const firstKey = this.guards.keys().next().value
+      if (firstKey !== undefined) {
+        this.guards.delete(firstKey)
+      }
+    }
+
     this.guards.set(guardName, guard)
     return guard
   }
@@ -143,6 +154,19 @@ export class AuthManager {
     return this.config
   }
 
+  /**
+   * Retorna um provider registrado por nome, ou undefined se não encontrado.
+   * Útil para acessar providers diretamente (ex: register route precisa de createUser).
+   */
+  getProvider(name: string): UserProvider | undefined {
+    return this.providerInstances.get(name)
+  }
+
+  /** Retorna o tamanho atual do cache de guards */
+  getGuardsCacheSize(): number {
+    return this.guards.size
+  }
+
   /** Resolve um guard por nome */
   private resolve(name: string): Guard {
     const guardConfig = this.config.guards[name]

package/app/server/auth/contracts.ts

@@ -9,6 +9,17 @@
  * Adaptado para API-only (sem HTML, sem redirects, sem CSRF).
  */
 
+// ===== Authenticatable JSON =====
+
+/** Serialized user shape returned by toJSON() — matches Elysia response schemas */
+export interface AuthenticatableJSON {
+  id: string | number
+  name?: string
+  email?: string
+  createdAt?: string
+  [key: string]: unknown
+}
+
 // ===== Authenticatable =====
 
 /**
@@ -41,7 +52,7 @@ export interface Authenticatable {
   setRememberToken(token: string | null): void
 
   /** Retorna dados serializáveis do usuário (para response da API) */
-  toJSON(): Record<string, unknown>
+  toJSON(): AuthenticatableJSON
 }
 
 // ===== UserProvider =====

package/app/server/auth/errors.ts

@@ -0,0 +1,84 @@
+/**
+ * FluxStack Auth - Custom Error Classes
+ *
+ * Typed errors for better error handling in auth routes.
+ * Replaces generic catch blocks with classified errors.
+ */
+
+/**
+ * Validation error (422) - invalid input, duplicate email, etc.
+ */
+export class AuthValidationError extends Error {
+  readonly name = 'AuthValidationError' as const
+  readonly field?: string
+
+  constructor(message: string, field?: string) {
+    super(message)
+    this.field = field
+  }
+}
+
+/**
+ * Server error (500) - provider failure, unexpected internal error.
+ */
+export class AuthServerError extends Error {
+  readonly name = 'AuthServerError' as const
+
+  constructor(message: string) {
+    super(message)
+  }
+}
+
+/**
+ * Authentication failed (401) - invalid credentials.
+ */
+export class AuthenticationError extends Error {
+  readonly name = 'AuthenticationError' as const
+
+  constructor(message: string = 'Invalid credentials') {
+    super(message)
+  }
+}
+
+/**
+ * Classify an unknown error into a typed auth error.
+ */
+export function classifyAuthError(error: unknown): {
+  status: number
+  error: string
+  message: string
+} {
+  if (error instanceof AuthValidationError) {
+    return {
+      status: 422,
+      error: 'ValidationError',
+      message: error.message,
+    }
+  }
+
+  if (error instanceof AuthenticationError) {
+    return {
+      status: 401,
+      error: 'AuthenticationFailed',
+      message: error.message,
+    }
+  }
+
+  if (error instanceof AuthServerError) {
+    return {
+      status: 500,
+      error: 'ServerError',
+      message: error.message,
+    }
+  }
+
+  // Generic/unknown errors - don't leak internals in production
+  const msg = error instanceof Error ? error.message : 'An unexpected error occurred'
+  return {
+    status: 500,
+    error: 'InternalError',
+    message: process.env.NODE_ENV === 'production'
+      ? 'An unexpected error occurred'
+      : msg,
+  }
+}

package/app/server/auth/guards/TokenGuard.ts

@@ -36,6 +36,9 @@ export class TokenGuard implements Guard {
   /** Cache do usuário para a request atual */
   private resolvedUser: Authenticatable | null | undefined = undefined
 
+  /** Last generated token (stored temporarily for the login response) */
+  private _lastGeneratedToken: string | null = null
+
   constructor(
     name: string,
     provider: UserProvider,
@@ -136,7 +139,7 @@ export class TokenGuard implements Guard {
     this.resolvedUser = user
 
     // Salvar token plain-text temporariamente para a response poder retorná-lo
-    ;(this as any)._lastGeneratedToken = token
+    this._lastGeneratedToken = token
   }
 
   async logout(): Promise<void> {
@@ -171,7 +174,7 @@ export class TokenGuard implements Guard {
 
   /** Retorna o último token gerado (para a response após login) */
   getLastGeneratedToken(): string | null {
-    return (this as any)._lastGeneratedToken ?? null
+    return this._lastGeneratedToken ?? null
   }
 
   /** Extrai Bearer token do header Authorization */

package/app/server/auth/index.ts

@@ -138,7 +138,7 @@ export function initAuth(): {
   // 6. Conectar middleware
   setAuthManagerForMiddleware(authManagerInstance)
 
-  console.log(`🔐 Auth system initialized (guard: ${authConfig.defaults.guard}, hash: ${authConfig.passwords.hashAlgorithm})`)
+  if (process.env.NODE_ENV !== 'production') console.log(`🔐 Auth system initialized (guard: ${authConfig.defaults.guard}, hash: ${authConfig.passwords.hashAlgorithm})`)
 
   return {
     authManager: authManagerInstance,

package/app/server/auth/providers/InMemoryProvider.ts

@@ -62,7 +62,7 @@ export class InMemoryUser implements Authenticatable {
     this.rememberToken = token
   }
 
-  toJSON(): Record<string, unknown> {
+  toJSON() {
     return {
       id: this.id,
       name: this.name,

package/app/server/index.ts

@@ -13,20 +13,19 @@
 import { FluxStackFramework } from "@core/server"
 import { vitePlugin } from "@core/plugins/built-in/vite"
 import { swaggerPlugin } from "@core/plugins/built-in/swagger"
-import { liveComponentsPlugin } from "@core/server/live"
+import { liveComponentsPlugin, registerAuthProvider } from "@core/server/live"
 import { appInstance } from "@server/app"
 import { appConfig } from "@config"
 
 // 🔒 Auth provider para Live Components
-import { liveAuthManager } from "@core/server/live"
 import { DevAuthProvider } from "./auth/DevAuthProvider"
 
 // 🔐 Auth system (Guard + Provider, Laravel-inspired)
 import { initAuth } from "@server/auth"
 
 // Registrar provider de desenvolvimento (tokens simples para testes)
-liveAuthManager.register(new DevAuthProvider())
-console.log('🔓 DevAuthProvider registered')
+registerAuthProvider(new DevAuthProvider())
+if (process.env.NODE_ENV !== 'production') console.log('🔓 DevAuthProvider registered')
 
 // Inicializar sistema de autenticação
 initAuth()

package/app/server/live/LiveAdminPanel.ts

@@ -80,9 +80,9 @@ export class LiveAdminPanel extends LiveComponent<AdminPanelState> {
   async getAuthInfo() {
     return {
       authenticated: this.$auth.authenticated,
-      userId: this.$auth.user?.id,
-      roles: this.$auth.user?.roles || [],
-      permissions: this.$auth.user?.permissions || [],
+      userId: this.$auth.session?.id,
+      roles: this.$auth.session?.roles || [],
+      permissions: this.$auth.session?.permissions || [],
       isAdmin: this.$auth.hasRole('admin'),
     }
   }
@@ -93,12 +93,12 @@ export class LiveAdminPanel extends LiveComponent<AdminPanelState> {
    */
   async init() {
     this.setState({
-      currentUser: this.$auth.user?.id || null,
-      currentRoles: this.$auth.user?.roles || [],
+      currentUser: this.$auth.session?.id || null,
+      currentRoles: this.$auth.session?.roles || [],
       isAdmin: this.$auth.hasRole('admin'),
     })
 
-    this.addAudit('LOGIN', this.$auth.user?.id || 'unknown')
+    this.addAudit('LOGIN', this.$auth.session?.id || 'unknown')
 
     return { success: true }
   }
@@ -125,7 +125,7 @@ export class LiveAdminPanel extends LiveComponent<AdminPanelState> {
       users: [...this.state.users, user],
     })
 
-    this.addAudit('ADD_USER', this.$auth.user?.id || 'unknown', user.name)
+    this.addAudit('ADD_USER', this.$auth.session?.id || 'unknown', user.name)
 
     return { success: true, user }
   }
@@ -144,7 +144,7 @@ export class LiveAdminPanel extends LiveComponent<AdminPanelState> {
       users: this.state.users.filter(u => u.id !== payload.userId),
     })
 
-    this.addAudit('DELETE_USER', this.$auth.user?.id || 'unknown', user.name)
+    this.addAudit('DELETE_USER', this.$auth.session?.id || 'unknown', user.name)
 
     return { success: true }
   }

package/app/server/live/LiveForm.ts

@@ -23,7 +23,7 @@ export class LiveForm extends LiveComponent<typeof LiveForm.defaultState> {
       throw new Error('Nome e email são obrigatórios')
     }
 
-    console.log(`📝 Form submitted:`, { name, email, message })
+    if (process.env.NODE_ENV !== 'production') console.log(`📝 Form submitted:`, { name, email, message })
 
     this.setState({
       submitted: true,

package/app/server/live/LiveProtectedChat.ts

@@ -75,7 +75,7 @@ export class LiveProtectedChat extends LiveComponent<ProtectedChatState> {
     this.$room(payload.room).join()
 
     // 🔒 Usar $auth para identificar o usuário
-    const userId = this.$auth.user?.id || this.userId || 'anonymous'
+    const userId = this.$auth.session?.id || this.userId || 'anonymous'
     const isAdmin = this.$auth.hasRole('admin')
 
     this.setState({
@@ -96,7 +96,7 @@ export class LiveProtectedChat extends LiveComponent<ProtectedChatState> {
 
     const message: ChatMessage = {
       id: Date.now(),
-      userId: this.$auth.user?.id || this.userId || 'unknown',
+      userId: this.$auth.session?.id || this.userId || 'unknown',
       text: payload.text.trim(),
       timestamp: Date.now(),
       isAdmin: this.$auth.hasRole('admin'),
@@ -142,9 +142,9 @@ export class LiveProtectedChat extends LiveComponent<ProtectedChatState> {
   async getAuthInfo() {
     return {
       authenticated: this.$auth.authenticated,
-      userId: this.$auth.user?.id,
-      roles: this.$auth.user?.roles,
-      permissions: this.$auth.user?.permissions,
+      userId: this.$auth.session?.id,
+      roles: this.$auth.session?.roles,
+      permissions: this.$auth.session?.permissions,
       isAdmin: this.$auth.hasRole('admin'),
     }
   }