najm-auth 1.1.31 → 1.1.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +4 -0
  2. package/dist/index.js +7 -10
  3. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -1006,6 +1006,10 @@ declare class AuthResolver {
1006
1006
  /**
1007
1007
  * Resolve the current user from the refresh cookie (cookie-only flow,
1008
1008
  * e.g. Next.js Server Components calling /auth/me with just the cookie).
1009
+ *
1010
+ * Read-only: does NOT rotate the refresh token. Rotation is reserved for
1011
+ * the /auth/refresh handler. Mutating here races with /auth/refresh when
1012
+ * requests are concurrent.
1009
1013
  */
1010
1014
  resolveFromCookie(): Promise<{
1011
1015
  user: any;
package/dist/index.js CHANGED
@@ -2282,22 +2282,19 @@ var AuthResolver = class AuthResolver2 {
2282
2282
  /**
2283
2283
  * Resolve the current user from the refresh cookie (cookie-only flow,
2284
2284
  * e.g. Next.js Server Components calling /auth/me with just the cookie).
2285
+ *
2286
+ * Read-only: does NOT rotate the refresh token. Rotation is reserved for
2287
+ * the /auth/refresh handler. Mutating here races with /auth/refresh when
2288
+ * requests are concurrent.
2285
2289
  */
2286
2290
  async resolveFromCookie() {
2287
2291
  try {
2288
- const cookieManager = await this.container.resolve(CookieManager);
2289
- const refreshToken = cookieManager.getRefreshToken();
2290
- if (!refreshToken)
2291
- return false;
2292
2292
  const tokenService = await this.container.resolve(TokenService);
2293
- const result = await tokenService.validateRefreshSession(refreshToken);
2294
- if (!result.userId)
2293
+ const userId = await tokenService.resolveUserFromCookie();
2294
+ if (!userId)
2295
2295
  return false;
2296
- if (result.rotatedTokens) {
2297
- cookieManager.setRefreshToken(result.rotatedTokens.refreshToken);
2298
- }
2299
2296
  const userService = await this.container.resolve(UserService);
2300
- const user = await userService.getById(result.userId);
2297
+ const user = await userService.getById(userId);
2301
2298
  if (!user)
2302
2299
  return false;
2303
2300
  return {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "najm-auth",
3
- "version": "1.1.31",
3
+ "version": "1.1.32",
4
4
  "description": "Authentication and authorization library for najm framework",
5
5
  "type": "module",
6
6
  "files": [