proteum 2.0.0 → 2.1.0

package/server/app/service/container.ts

@@ -3,16 +3,10 @@
 ----------------------------------*/
 
 // Specific
-import type {
-    AnyService,
-    StartedServicesIndex,
-    // Hooks
-    THookCallback,
-    THooksIndex,
-} from '.';
+import type { AnyService, AnyServiceClass, StartedServicesIndex } from '.';
 
 /*----------------------------------
-- TYPES: REGISTRATION
+- TYPES
 ----------------------------------*/
 
 // From service/service.json
@@ -24,34 +18,38 @@ export type TServiceMetas<TServiceClass extends AnyService = AnyService> = {
     class: () => { default: ClassType<TServiceClass> };
 };
 
-export type TRegisteredService<TServiceClass extends AnyService = AnyService> = {
-    type: 'service'; // Used to recognize if an object is a registered service
-    config?: {};
-    metas: TServiceMetas<TServiceClass>;
-    hooks: THooksIndex<{}>;
-    on: (hookName: string, hookFunc: THookCallback<any>) => void;
-    subServices: TRegisteredServicesIndex;
-};
-
-export type TRegisteredServicesIndex<TServiceClass extends AnyService = AnyService> = {
-    [serviceId: string]: TRegisteredService<TServiceClass>;
-};
-
-/*----------------------------------
-- CONFIG
-----------------------------------*/
-
-const LogPrefix = '[service]';
+export type ServiceConfig<TServiceClass extends AnyServiceClass> = NonNullable<ConstructorParameters<TServiceClass>[1]>;
+
+type ExactConfig<TValue, TShape> = TValue extends TShape
+    ? TShape extends (...args: never[]) => infer _TReturn
+        ? TValue
+        : TValue extends readonly (infer TValueItem)[]
+          ? TShape extends readonly (infer TShapeItem)[]
+            ? readonly ExactConfig<TValueItem, TShapeItem>[]
+            : never
+          : TValue extends object
+            ? TShape extends object
+                ? Exclude<keyof TValue, keyof TShape> extends never
+                    ? { [K in keyof TValue]: K extends keyof TShape ? ExactConfig<TValue[K], TShape[K]> : never }
+                    : never
+                : TValue
+            : TValue
+    : never;
 
 /*----------------------------------
 - CLASS
 ----------------------------------*/
 export class ServicesContainer<TServicesIndex extends StartedServicesIndex = StartedServicesIndex> {
-    public registered: TRegisteredServicesIndex = {};
-
     // All service instances by service id
     public allServices: TServicesIndex = {} as TServicesIndex;
 
+    public config<TServiceClass extends AnyServiceClass, const TConfig extends ServiceConfig<TServiceClass>>(
+        _serviceClass: TServiceClass,
+        config: TConfig & ExactConfig<TConfig, ServiceConfig<TServiceClass>>,
+    ): TConfig {
+        return config;
+    }
+
     public callableInstance = <TInstance extends object, TCallableName extends keyof TInstance>(
         instance: TInstance,
         funcName: TCallableName,

package/server/app/service/index.ts

@@ -6,7 +6,6 @@
 import type { Application } from '../index';
 import type { Command } from '../commands';
 import type { TServiceMetas } from './container';
-import context from '@server/context';
 import type { TRouterContext, TAnyRouter } from '../../services/router';
 
 export { schema } from '../../services/router/request/validation/zod';
@@ -17,8 +16,7 @@ export type { z } from '../../services/router/request/validation/zod';
 ----------------------------------*/
 
 export type AnyService = Service<{}, {}, Application, any>;
-
-export type { TRegisteredServicesIndex, TRegisteredService } from './container';
+export type AnyServiceClass = ClassType<AnyService>;
 
 /*----------------------------------
 - TYPES: HOOKS
@@ -40,6 +38,10 @@ type TServiceRouter<TApplication extends Application> = TApplication extends { R
         : TAnyRouter
     : TAnyRouter;
 
+/**
+ * @deprecated Services should not depend on request context.
+ * Resolve auth/input/request data in controllers and pass explicit typed values into services instead.
+ */
 export type TServiceRequestContext<TApplication extends Application = Application> = TRouterContext<
     TServiceRouter<TApplication>
 >;
@@ -59,7 +61,7 @@ export type TSetupConfig<TConfig> = TConfig extends (...args: any[]) => any
     : TConfig extends Array<infer TItem>
       ? Array<TSetupConfig<TItem>>
       : TConfig extends object
-        ? ({ [K in keyof TConfig]?: TSetupConfig<TConfig[K]> } & Record<string, unknown>)
+        ? { [K in keyof TConfig]?: TSetupConfig<TConfig[K]> }
         : TConfig;
 
 export type TServiceArgs<TService extends { config: any; app: any; parent: any }> = [
@@ -133,18 +135,6 @@ export default abstract class Service<
         return models;
     }
 
-    protected get request(): TServiceRequestContext<TApplication> {
-        const store = context.getStore() as { requestContext?: TServiceRequestContext<TApplication> } | undefined;
-        const requestContext = store?.requestContext;
-
-        if (!requestContext)
-            throw new Error(
-                `${this.constructor.name} tried to access request context outside of a controller request.`,
-            );
-
-        return requestContext;
-    }
-
     /*----------------------------------
     - LIFECYCLE
     ----------------------------------*/
@@ -162,12 +152,12 @@ export default abstract class Service<
         useOptions: { optional?: boolean } = {},
     ): TService | undefined {
         const app = this.app as {
-            registered?: Record<string, { name: string }>;
+            findService?: (serviceId: string) => AnyService | undefined;
         } & Record<string, unknown>;
-        const registeredService = app.registered?.[serviceId];
-        if (registeredService !== undefined) return app[registeredService.name] as TService;
+        const service = app.findService?.(serviceId);
+        if (service !== undefined) return service as TService;
 
-        if (useOptions.optional === false) throw new Error(`Service ${registeredService} not registered.`);
+        if (useOptions.optional === false) throw new Error(`Service ${serviceId} not registered.`);
 
         return undefined;
     }

package/server/app.tsconfig.json

@@ -5,7 +5,14 @@
         "baseUrl": "..",
         "paths": {
 
-            "@/server/models": ["./server/.generated/models.ts"],
+            "@/server/models": ["./.proteum/server/models.ts"],
+            "@/client/context": ["./.proteum/client/context.ts"],
+            "@generated/client/*": ["./.proteum/client/*"],
+            "@generated/common/*": ["./.proteum/common/*"],
+            "@generated/server/*": ["./.proteum/server/*"],
+            "@/client/.generated/*": ["./.proteum/client/*"],
+            "@/common/.generated/*": ["./.proteum/common/*"],
+            "@/server/.generated/*": ["./.proteum/server/*"],
 
             "@client/*": ["../node_modules/proteum/client/*"],
             "@common/*": ["../node_modules/proteum/common/*"],
@@ -25,4 +32,4 @@
         ".",
         "../../node_modules/proteum/types/global"
     ]
-}
+}

package/server/index.ts

@@ -1,8 +1,35 @@
 import AppContainer from './app/container';
-import Application from '@/server/.generated/app';
+import Application from '@/server/index';
 import { isServerHotReloadRequest, serverHotReloadMessageType } from '@common/dev/serverHotReload';
 
 const application = AppContainer.start(Application);
+let shutdownPromise: Promise<void> | undefined;
+
+const shutdownApplication = async (reason: string) => {
+    if (!shutdownPromise) {
+        shutdownPromise = (async () => {
+            try {
+                console.info(`[server] Shutting down (${reason}) ...`);
+                await application.runHook('cleanup');
+            } catch (error) {
+                console.error('[server] Failed to run application cleanup.', error);
+                process.exit(1);
+            }
+
+            process.exit(0);
+        })();
+    }
+
+    return shutdownPromise;
+};
+
+process.once('SIGINT', () => {
+    void shutdownApplication('SIGINT');
+});
+
+process.once('SIGTERM', () => {
+    void shutdownApplication('SIGTERM');
+});
 
 if (__DEV__ && typeof process.send === 'function') {
     process.on('message', (message: unknown) => {
@@ -25,4 +52,8 @@ if (__DEV__ && typeof process.send === 'function') {
             }
         })();
     });
+
+    process.on('disconnect', () => {
+        void shutdownApplication('parent disconnect');
+    });
 }

package/server/services/auth/index.ts

@@ -11,7 +11,7 @@ import type http from 'http';
 import type { Application } from '@server/app/index';
 import Service from '@server/app/service';
 import { type TAnyRouter, Request as ServerRequest } from '@server/services/router';
-import { InputError, AuthRequired, Forbidden } from '@common/errors';
+import * as AuthErrors from '@common/errors';
 
 /*----------------------------------
 - TYPES
@@ -34,6 +34,24 @@ declare global {
      */
     interface ProteumAuthFeatureCatalog {}
 
+    /**
+     * App-level rule catalog consumed by `auth.check({ ... })`.
+     *
+     * Apps can extend this interface with their own condition inputs:
+     * `interface ProteumAuthRuleCatalog { hasFeature: MyFeatureName }`
+     */
+    interface ProteumAuthRuleCatalog {
+        role: TUserRole;
+    }
+
+    /**
+     * Optional tracking context attached to auth / upgrade prompts.
+     *
+     * Apps can extend this interface with their own machine-readable payload:
+     * `interface ProteumAuthTrackingContext extends Partial<BlockedAttempt> {}`
+     */
+    interface ProteumAuthTrackingContext {}
+
     /**
      * Canonical feature keys union used across app + framework.
      *
@@ -52,6 +70,44 @@ export type THttpRequest = express.Request | http.IncomingMessage;
 
 export type TFeatureKey = FeatureKeys;
 
+export type TAuthRuleOutcome = true | false | Error;
+
+declare const ProteumAuthRuleNoInputBrand: unique symbol;
+
+export type TAuthRuleNoInput = {
+    readonly [ProteumAuthRuleNoInputBrand]: 'ProteumAuthRuleNoInput';
+};
+
+type TAuthRuleConditionValue<TValue> = TValue extends TAuthRuleNoInput ? true : TValue;
+
+type TAuthRuleHandler<TValue> = TValue extends TAuthRuleNoInput
+    ? () => TAuthRuleOutcome
+    : TValue extends readonly [...infer TArgs]
+      ? (...args: TArgs) => TAuthRuleOutcome
+      : (input: TValue) => TAuthRuleOutcome;
+
+export type TAuthCheckConditions = {
+    [TRuleName in Extract<keyof ProteumAuthRuleCatalog, string>]?: TAuthRuleConditionValue<
+        ProteumAuthRuleCatalog[TRuleName]
+    >;
+};
+
+export type TAuthCheckInput = TUserRole | boolean | TAuthCheckConditions | null;
+
+export type TAuthConfiguredRules = {
+    [TRuleName in Extract<keyof ProteumAuthRuleCatalog, string>]?: TAuthRuleHandler<
+        ProteumAuthRuleCatalog[TRuleName]
+    >;
+};
+
+export type TAuthTrackingContext = ProteumAuthTrackingContext | null;
+
+export type TAuthRulesFactory<TUser extends TBasicUser, TRequest extends ServerRequest<TAnyRouter>> = (
+    user: TUser,
+    tracking: TAuthTrackingContext,
+    request: TRequest,
+) => TAuthConfiguredRules;
+
 /*----------------------------------
 - CONFIG
 ----------------------------------*/
@@ -64,7 +120,10 @@ export const UserRoles = ['USER', 'ADMIN', 'TEST', 'DEV'] as const;
 - SERVICE CONVIG
 ----------------------------------*/
 
-export type TConfig = {
+export type TConfig<
+    TUser extends TBasicUser = TBasicUser,
+    TRequest extends ServerRequest<TAnyRouter> = ServerRequest<TAnyRouter>,
+> = {
     debug: boolean;
     logoutUrl: string;
     jwt: {
@@ -72,6 +131,8 @@ export type TConfig = {
         key: string;
         expiration: number;
     };
+    unauthenticated?: (tracking: TAuthTrackingContext, request: TRequest) => Error;
+    rules?: TAuthRulesFactory<TUser, TRequest>;
 };
 
 export type THooks = {};
@@ -96,7 +157,7 @@ export default abstract class AuthService<
     TApplication extends Application,
     TJwtSession extends TBasicJwtSession = TBasicJwtSession,
     TRequest extends ServerRequest<TAnyRouter> = ServerRequest<TAnyRouter>,
-> extends Service<TConfig, THooks, TApplication, TApplication> {
+> extends Service<TConfig<TUser, TRequest>, THooks, TApplication, TApplication> {
     public login?(request: TRequest, email: string): Promise<unknown>;
     public abstract decodeSession(jwt: TJwtSession, req: THttpRequest): Promise<TUser | null>;
 
@@ -196,33 +257,144 @@ export default abstract class AuthService<
         request.res.clearCookie('authorization');
     }
 
-    public check(request: TRequest, role?: TUserRole | boolean): TUser | null;
+    protected getDecodedUser(request: TRequest): TUser | null {
+        const user = request.user;
 
-    public check(request: TRequest, role: TUserRole | boolean, feature: FeatureKeys, action?: string): TUser | null;
+        if (user === undefined) throw new Error(`request.user has not been decoded.`);
 
-    public check(
+        return user as TUser | null;
+    }
+
+    private resolveErrorTrackingContext(
+        tracking: TAuthTrackingContext,
+        fallbackFeature: FeatureKeys | null,
+        fallbackAction: string,
+    ): {
+        feature: FeatureKeys;
+        action: string;
+        details?: {
+            data: Exclude<TAuthTrackingContext, null>;
+        };
+    } {
+        const trackingDetails = tracking
+            ? (tracking as {
+                  feature?: string | null;
+                  action?: string | null;
+              })
+            : null;
+
+        const feature =
+            typeof trackingDetails?.feature === 'string' && trackingDetails.feature.trim()
+                ? (trackingDetails.feature as FeatureKeys)
+                : fallbackFeature;
+
+        if (!feature) throw new AuthErrors.InputError(`This auth rule requires a tracking context with a feature.`);
+
+        const action =
+            typeof trackingDetails?.action === 'string' && trackingDetails.action.trim()
+                ? trackingDetails.action
+                : fallbackAction;
+
+        return {
+            feature,
+            action,
+            details: tracking ? { data: tracking as Exclude<TAuthTrackingContext, null> } : undefined,
+        };
+    }
+
+    protected buildUnauthenticatedError(request: TRequest, tracking: TAuthTrackingContext): Error {
+        if (this.config.unauthenticated) return this.config.unauthenticated(tracking, request);
+
+        const resolved = this.resolveErrorTrackingContext(tracking, 'auth' as FeatureKeys, 'view');
+
+        return new AuthErrors.AuthRequired(
+            'Please login to continue',
+            resolved.feature,
+            resolved.action,
+            resolved.details,
+        );
+    }
+
+    private isCheckConditions(
+        value: TUserRole | boolean | TAuthCheckConditions | null,
+    ): value is TAuthCheckConditions {
+        return typeof value === 'object' && value !== null && !Array.isArray(value);
+    }
+
+    private invokeConfiguredRule<TRuleName extends Extract<keyof TAuthConfiguredRules, string>>(
+        ruleName: TRuleName,
+        rule: TAuthConfiguredRules[TRuleName],
+        input: TAuthCheckConditions[TRuleName],
+    ): TAuthRuleOutcome {
+        if (typeof rule !== 'function') throw new AuthErrors.InputError(`Unknown auth rule "${ruleName}".`);
+
+        const callable = rule as Function;
+
+        if (callable.length === 0) return callable() as TAuthRuleOutcome;
+        if (Array.isArray(input)) return Reflect.apply(callable, undefined, input) as TAuthRuleOutcome;
+        return Reflect.apply(callable, undefined, [input]) as TAuthRuleOutcome;
+    }
+
+    private checkWithConditions(
+        request: TRequest,
+        conditions: TAuthCheckConditions | null | false,
+        tracking: TAuthTrackingContext,
+    ): TUser | null {
+        const user = this.getDecodedUser(request);
+
+        this.config.debug && console.warn(LogPrefix, `Check auth with rules. Current user =`, user?.name, conditions);
+
+        if (conditions === false) return user;
+
+        if (user === null) {
+            console.warn(LogPrefix, 'Refusé pour anonyme (' + request.ip + ')');
+            throw this.buildUnauthenticatedError(request, tracking);
+        }
+
+        if (!conditions) return user;
+
+        if (!this.config.rules) throw new AuthErrors.InputError(`Auth rules are not configured for this application.`);
+
+        const rules = this.config.rules(user, tracking, request);
+        const conditionRuleNames = Object.keys(conditions) as Array<Extract<keyof TAuthConfiguredRules, string>>;
+
+        for (const ruleName of conditionRuleNames) {
+            const input = conditions[ruleName];
+            if (input === undefined) continue;
+
+            const outcome = this.invokeConfiguredRule(ruleName, rules[ruleName], input);
+            if (outcome === true) continue;
+            if (outcome === false)
+                throw new AuthErrors.Forbidden('You do not have sufficient permissions to access this resource.');
+            throw outcome;
+        }
+
+        return user;
+    }
+
+    protected checkLegacyRole(
         request: TRequest,
         role: TUserRole | boolean = 'USER',
-        feature?: FeatureKeys,
+        feature?: FeatureKeys | null,
         action?: string,
     ): TUser | null {
         const normalizedRole = role === true ? 'USER' : role;
-        const user = request.user;
+        const user = this.getDecodedUser(request);
 
         this.config.debug &&
             console.warn(LogPrefix, `Check auth, role = ${normalizedRole}. Current user =`, user?.name, feature);
 
-        if (user === undefined) {
-            throw new Error(`request.user has not been decoded.`);
-
-            // Shoudln't be logged
-        } else if (normalizedRole === false) {
+        if (normalizedRole === false) {
             return user as TUser;
 
             // Not connected
         } else if (user === null) {
             console.warn(LogPrefix, 'Refusé pour anonyme (' + request.ip + ')');
-            throw new AuthRequired('Please login to continue', feature as any, action as any);
+            throw new AuthErrors.AuthRequired(
+                'Please login to continue',
+                feature && feature !== null ? feature : ('auth' as FeatureKeys),
+                action || 'view',
+            );
 
             // Insufficient permissions
         } else if (!user.roles.includes(normalizedRole)) {
@@ -231,7 +403,7 @@ export default abstract class AuthService<
                 'Refusé: ' + normalizedRole + ' pour ' + user.name + ' (' + (user.roles || 'role inconnu') + ')',
             );
 
-            throw new Forbidden('You do not have sufficient permissions to access this resource.');
+            throw new AuthErrors.Forbidden('You do not have sufficient permissions to access this resource.');
         } else {
             this.config.debug &&
                 console.warn(
@@ -242,4 +414,51 @@ export default abstract class AuthService<
 
         return user as TUser;
     }
+
+    public check(request: TRequest): TUser;
+
+    public check(request: TRequest, conditions: null, tracking?: TAuthTrackingContext): TUser;
+
+    public check(request: TRequest, conditions: TAuthCheckConditions, tracking?: TAuthTrackingContext): TUser;
+
+    public check(request: TRequest, conditions: false, tracking?: TAuthTrackingContext): null;
+
+    public check(request: TRequest, role?: TUserRole | boolean): TUser | null;
+
+    public check(request: TRequest, role: TUserRole | boolean, feature: FeatureKeys, action?: string): TUser | null;
+
+    public check(
+        request: TRequest,
+        roleOrConditions: TUserRole | boolean | TAuthCheckConditions | null = null,
+        featureOrTracking?: FeatureKeys | null | TAuthTrackingContext,
+        action?: string,
+    ): TUser | null {
+        if (roleOrConditions === null || this.isCheckConditions(roleOrConditions)) {
+            const tracking = (featureOrTracking ?? null) as TAuthTrackingContext;
+            return this.checkWithConditions(request, roleOrConditions, tracking);
+        }
+
+        if (roleOrConditions === false) {
+            if (
+                featureOrTracking === undefined ||
+                featureOrTracking === null ||
+                typeof featureOrTracking === 'object'
+            ) {
+                const tracking = (featureOrTracking ?? null) as TAuthTrackingContext;
+                return this.checkWithConditions(request, false, tracking);
+            }
+
+            return this.checkLegacyRole(request, false, featureOrTracking, action);
+        }
+
+        if ((roleOrConditions === true || typeof roleOrConditions === 'string') && this.config.rules) {
+            return this.checkWithConditions(
+                request,
+                { role: roleOrConditions === true ? 'USER' : roleOrConditions },
+                null,
+            );
+        }
+
+        return this.checkLegacyRole(request, roleOrConditions, featureOrTracking as FeatureKeys | null | undefined, action);
+    }
 }

package/server/services/auth/router/index.ts

@@ -18,7 +18,7 @@ import type { Application } from '@server/app/index';
 import type { TRouterServiceArgs } from '@server/services/router/service';
 
 // Specific
-import type { default as UsersService, TUserRole, TBasicUser } from '..';
+import type { default as UsersService, TAuthCheckConditions, TBasicUser } from '..';
 import UsersRequestService from './request';
 
 /*----------------------------------
@@ -71,13 +71,45 @@ export default class AuthenticationRouterService<
         // Check route permissions
         this.parent.on('resolved', async (route: TAnyRoute, request: TRequest, response: ServerResponse<TRouter>) => {
             if (route.options.auth !== undefined) {
-                // Basic auth check
-                const requiredRole = route.options.auth === true ? 'USER' : route.options.auth;
-                this.users.check(request, requiredRole as TUserRole | false);
+                const tracking = route.options.authTracking ?? null;
 
-                // Redirect to logged page
-                if (route.options.auth === false && request.user && route.options.redirectLogged)
-                    response.redirect(route.options.redirectLogged);
+                // Guest-only routes can still redirect authenticated users away.
+                if (route.options.auth === false) {
+                    const currentUser = this.users.check(request, false, tracking);
+
+                    if (route.options.redirectLogged && currentUser) response.redirect(route.options.redirectLogged);
+                    return;
+                }
+
+                if (route.options.auth === null) {
+                    this.users.check(request, null, tracking);
+                    return;
+                }
+
+                if (typeof route.options.auth === 'object') {
+                    this.users.check(request, route.options.auth as TAuthCheckConditions, tracking);
+                    return;
+                }
+
+                // `true` keeps the historical "USER" meaning. Use `null` for "logged in only".
+                if (route.options.auth === true) {
+                    if (tracking !== null && this.users.config.rules) {
+                        this.users.check(request, { role: 'USER' }, tracking);
+                        return;
+                    }
+
+                    this.users.check(request, true);
+                    return;
+                }
+
+                const requiredRole = route.options.auth;
+
+                if (tracking !== null && this.users.config.rules) {
+                    this.users.check(request, { role: requiredRole }, tracking);
+                    return;
+                }
+
+                this.users.check(request, requiredRole);
             }
         });
     }

package/server/services/auth/router/request.ts

@@ -2,16 +2,13 @@
 - DEPENDANCES
 ----------------------------------*/
 
-// Npm
-import jwt from 'jsonwebtoken';
-
 // Core
 import type { Request as ServerRequest, TAnyRouter } from '@server/services/router';
 import RequestService from '@server/services/router/request/service';
 
 // Specific
 import type AuthenticationRouterService from '.';
-import type { default as UsersManagementService, TUserRole } from '..';
+import type { TAuthCheckConditions, TAuthTrackingContext, TUserRole } from '..';
 
 // Types
 import type { TBasicUser } from '@server/services/auth';
@@ -45,19 +42,54 @@ export default class UsersRequestService<
         return this.users.logout(this.request);
     }
 
+    private isCheckConditions(value: TUserRole | true | false | TAuthCheckConditions | null): value is TAuthCheckConditions {
+        return typeof value === 'object' && value !== null && !Array.isArray(value);
+    }
+
     public check(): TUser;
 
+    public check(conditions: null, tracking?: TAuthTrackingContext): TUser;
+
+    public check(conditions: TAuthCheckConditions, tracking?: TAuthTrackingContext): TUser;
+
+    public check(conditions: false, tracking?: TAuthTrackingContext): null;
+
     // TODO: return user type according to entity
     public check(role: TUserRole, feature: null): TUser;
 
     public check(role: false): null;
 
-    public check(role: TUserRole, feature: FeatureKeys, action?: string): TUser;
+    public check(role: TUserRole | true, feature: FeatureKeys, action?: string): TUser;
 
     public check(role: false, feature: FeatureKeys, action?: string): null;
 
-    public check(role: TUserRole | false = 'USER', feature?: FeatureKeys | null, action?: string) {
-        if (feature === null || feature === undefined) return this.users.check(this.request, role);
-        return this.users.check(this.request, role, feature, action);
+    public check(
+        roleOrConditions: TUserRole | true | false | TAuthCheckConditions | null = null,
+        featureOrTracking?: FeatureKeys | null | TAuthTrackingContext,
+        action?: string,
+    ) {
+        if (roleOrConditions === null) {
+            return this.users.check(this.request, null, (featureOrTracking ?? null) as TAuthTrackingContext);
+        }
+
+        if (this.isCheckConditions(roleOrConditions)) {
+            return this.users.check(this.request, roleOrConditions, (featureOrTracking ?? null) as TAuthTrackingContext);
+        }
+
+        if (roleOrConditions === false) {
+            if (
+                featureOrTracking === undefined ||
+                featureOrTracking === null ||
+                typeof featureOrTracking === 'object'
+            ) {
+                return this.users.check(this.request, false, (featureOrTracking ?? null) as TAuthTrackingContext);
+            }
+
+            return this.users.check(this.request, false, featureOrTracking, action);
+        }
+
+        if (featureOrTracking === null || featureOrTracking === undefined || typeof featureOrTracking === 'object')
+            return this.users.check(this.request, roleOrConditions);
+        return this.users.check(this.request, roleOrConditions, featureOrTracking, action);
     }
 }