sst-http 2.0.0-beta.12 → 2.0.0-beta.15

package/README.md

@@ -174,7 +174,8 @@ export default $config({
     } = await import("sst-http/infra");
 
     const manifest = loadRoutesManifest("routes.manifest.json");
-    const { api, registerRoute, ensureJwtAuthorizer } = httpApiAdapter({ apiName: "Api" });
+    const api = new sst.aws.ApiGatewayV2("Api");
+    const { registerRoute, ensureJwtAuthorizer } = httpApiAdapter({ api });
 
     const handler = new sst.aws.Function("Handler", {
       handler: "src/server.handler",
@@ -185,7 +186,7 @@ export default $config({
 
     wireApiFromManifest(manifest, {
       handler,
-      firebaseProjectId: process.env.FIREBASE_PROJECT_ID!,
+      firebaseProjectId: process.env.FIREBASE_PROJECT_ID,
       registerRoute,
       ensureJwtAuthorizer,
     });
@@ -195,6 +196,15 @@ export default $config({
 });
 ```
 
+**Note:** `firebaseProjectId` and `ensureJwtAuthorizer` are optional and only required when your manifest contains routes with `@FirebaseAuth()`. For event-only handlers (no HTTP routes), you can omit `registerRoute` and `ensureJwtAuthorizer`:
+
+```ts
+wireApiFromManifest(manifest, {
+  handler,
+  registerRoute: (_method, _path, _config) => {},
+});
+```
+
 When the manifest contains events (from `@On()` decorators), handlers are automatically subscribed to the default EventBridge bus. Swap in `restApiAdapter` if you prefer API Gateway REST APIs—the wiring contract is identical.
 
 ## Publishing

package/dist/{chunk-SENBWWVV.js → chunk-P4HUTGVQ.js}

@@ -251,6 +251,14 @@ function buildHandlerArguments(entry, ctx, getBody) {
         args[meta.index] = ctx.auth;
         break;
       }
+      case "userId": {
+        const userId = resolveUserIdFromClaims(ctx.auth);
+        if (!userId) {
+          throw new HttpError(401, "Invalid authentication");
+        }
+        args[meta.index] = userId;
+        break;
+      }
       default: {
         args[meta.index] = ctx;
       }
@@ -337,6 +345,32 @@ function extractAuthClaims(event, entry) {
   const claims = ctxV2?.authorizer?.jwt?.claims || ctxV1?.authorizer?.claims;
   return claims ?? void 0;
 }
+function normalizeUserIdentifier(value) {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  const normalized = value.trim();
+  return normalized || void 0;
+}
+function resolveUserIdFromClaims(claims) {
+  const email = normalizeUserIdentifier(claims?.email);
+  if (email) {
+    return email.toLowerCase();
+  }
+  const userId = normalizeUserIdentifier(claims?.user_id);
+  if (userId) {
+    return userId;
+  }
+  const uid = normalizeUserIdentifier(claims?.uid);
+  if (uid) {
+    return uid;
+  }
+  const sub = normalizeUserIdentifier(claims?.sub);
+  if (sub) {
+    return sub;
+  }
+  return void 0;
+}
 function isHttpError(error) {
   if (!error || typeof error !== "object") {
     return false;
@@ -451,6 +485,9 @@ function FirebaseAuth(options) {
 function Auth() {
   return createParameterDecorator("auth");
 }
+function UserId() {
+  return createParameterDecorator("userId");
+}
 function Body(schema) {
   return createParameterDecorator("body", { schema });
 }
@@ -489,6 +526,7 @@ export {
   Options,
   FirebaseAuth,
   Auth,
+  UserId,
   Body,
   Query,
   Param,

package/dist/http/index.cjs

@@ -37,6 +37,7 @@ __export(http_exports, {
   Query: () => Query,
   Req: () => Req,
   Res: () => Res,
+  UserId: () => UserId,
   configureRoutes: () => configureRoutes,
   createHandler: () => createHandler,
   handleError: () => handleError,
@@ -381,6 +382,14 @@ function buildHandlerArguments(entry, ctx, getBody) {
         args[meta.index] = ctx.auth;
         break;
       }
+      case "userId": {
+        const userId = resolveUserIdFromClaims(ctx.auth);
+        if (!userId) {
+          throw new HttpError(401, "Invalid authentication");
+        }
+        args[meta.index] = userId;
+        break;
+      }
       default: {
         args[meta.index] = ctx;
       }
@@ -467,6 +476,32 @@ function extractAuthClaims(event, entry) {
   const claims = ctxV2?.authorizer?.jwt?.claims || ctxV1?.authorizer?.claims;
   return claims ?? void 0;
 }
+function normalizeUserIdentifier(value) {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  const normalized = value.trim();
+  return normalized || void 0;
+}
+function resolveUserIdFromClaims(claims) {
+  const email = normalizeUserIdentifier(claims?.email);
+  if (email) {
+    return email.toLowerCase();
+  }
+  const userId = normalizeUserIdentifier(claims?.user_id);
+  if (userId) {
+    return userId;
+  }
+  const uid = normalizeUserIdentifier(claims?.uid);
+  if (uid) {
+    return uid;
+  }
+  const sub = normalizeUserIdentifier(claims?.sub);
+  if (sub) {
+    return sub;
+  }
+  return void 0;
+}
 function isHttpError(error) {
   if (!error || typeof error !== "object") {
     return false;
@@ -595,6 +630,9 @@ function FirebaseAuth(options2) {
 function Auth() {
   return createParameterDecorator("auth");
 }
+function UserId() {
+  return createParameterDecorator("userId");
+}
 function Body(schema) {
   return createParameterDecorator("body", { schema });
 }
@@ -635,6 +673,7 @@ function Res() {
   Query,
   Req,
   Res,
+  UserId,
   configureRoutes,
   createHandler,
   handleError,

package/dist/http/index.d.cts

@@ -38,6 +38,7 @@ declare const Head: (path?: string) => LegacyDecorator;
 declare const Options: (path?: string) => LegacyDecorator;
 declare function FirebaseAuth(options?: FirebaseAuthOptions): LegacyDecorator;
 declare function Auth(): LegacyParameterDecorator;
+declare function UserId(): LegacyParameterDecorator;
 declare function Body(schema?: ZodTypeAny): LegacyParameterDecorator;
 declare function Query(name?: string): LegacyParameterDecorator;
 declare function Param(name?: string): LegacyParameterDecorator;
@@ -48,4 +49,4 @@ declare function Res(): LegacyParameterDecorator;
 
 declare function configureRoutes(next?: RouteOptions): void;
 
-export { Auth, Body, Delete, FirebaseAuth, FirebaseAuthOptions, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, ResponseLike, RouteOptions, configureRoutes, createHandler, handleError, json, noContent, text };
+export { Auth, Body, Delete, FirebaseAuth, FirebaseAuthOptions, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, ResponseLike, RouteOptions, UserId, configureRoutes, createHandler, handleError, json, noContent, text };

package/dist/http/index.d.ts

@@ -38,6 +38,7 @@ declare const Head: (path?: string) => LegacyDecorator;
 declare const Options: (path?: string) => LegacyDecorator;
 declare function FirebaseAuth(options?: FirebaseAuthOptions): LegacyDecorator;
 declare function Auth(): LegacyParameterDecorator;
+declare function UserId(): LegacyParameterDecorator;
 declare function Body(schema?: ZodTypeAny): LegacyParameterDecorator;
 declare function Query(name?: string): LegacyParameterDecorator;
 declare function Param(name?: string): LegacyParameterDecorator;
@@ -48,4 +49,4 @@ declare function Res(): LegacyParameterDecorator;
 
 declare function configureRoutes(next?: RouteOptions): void;
 
-export { Auth, Body, Delete, FirebaseAuth, FirebaseAuthOptions, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, ResponseLike, RouteOptions, configureRoutes, createHandler, handleError, json, noContent, text };
+export { Auth, Body, Delete, FirebaseAuth, FirebaseAuthOptions, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, ResponseLike, RouteOptions, UserId, configureRoutes, createHandler, handleError, json, noContent, text };

package/dist/http/index.js

@@ -16,12 +16,13 @@ import {
   Query,
   Req,
   Res,
+  UserId,
   createHandler,
   handleError,
   json,
   noContent,
   text
-} from "../chunk-SENBWWVV.js";
+} from "../chunk-P4HUTGVQ.js";
 import "../chunk-5OUNKYO5.js";
 import {
   configureRoutes
@@ -44,6 +45,7 @@ export {
   Query,
   Req,
   Res,
+  UserId,
   configureRoutes,
   createHandler,
   handleError,

package/dist/index.cjs

@@ -38,6 +38,7 @@ __export(index_exports, {
   Query: () => Query,
   Req: () => Req,
   Res: () => Res,
+  UserId: () => UserId,
   configureRoutes: () => configureRoutes,
   createHandler: () => createHandler,
   handleError: () => handleError,
@@ -389,6 +390,14 @@ function buildHandlerArguments(entry, ctx, getBody) {
         args[meta.index] = ctx.auth;
         break;
       }
+      case "userId": {
+        const userId = resolveUserIdFromClaims(ctx.auth);
+        if (!userId) {
+          throw new HttpError(401, "Invalid authentication");
+        }
+        args[meta.index] = userId;
+        break;
+      }
       default: {
         args[meta.index] = ctx;
       }
@@ -475,6 +484,32 @@ function extractAuthClaims(event, entry) {
   const claims = ctxV2?.authorizer?.jwt?.claims || ctxV1?.authorizer?.claims;
   return claims ?? void 0;
 }
+function normalizeUserIdentifier(value) {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  const normalized = value.trim();
+  return normalized || void 0;
+}
+function resolveUserIdFromClaims(claims) {
+  const email = normalizeUserIdentifier(claims?.email);
+  if (email) {
+    return email.toLowerCase();
+  }
+  const userId = normalizeUserIdentifier(claims?.user_id);
+  if (userId) {
+    return userId;
+  }
+  const uid = normalizeUserIdentifier(claims?.uid);
+  if (uid) {
+    return uid;
+  }
+  const sub = normalizeUserIdentifier(claims?.sub);
+  if (sub) {
+    return sub;
+  }
+  return void 0;
+}
 function isHttpError(error) {
   if (!error || typeof error !== "object") {
     return false;
@@ -603,6 +638,9 @@ function FirebaseAuth(options2) {
 function Auth() {
   return createParameterDecorator("auth");
 }
+function UserId() {
+  return createParameterDecorator("userId");
+}
 function Body(schema) {
   return createParameterDecorator("body", { schema });
 }
@@ -775,6 +813,7 @@ function getSignedHeaders(headers) {
   Query,
   Req,
   Res,
+  UserId,
   configureRoutes,
   createHandler,
   handleError,

package/dist/index.d.cts

@@ -1,4 +1,4 @@
-export { Auth, Body, Delete, FirebaseAuth, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, configureRoutes, createHandler, handleError, json, noContent, text } from './http/index.cjs';
+export { Auth, Body, Delete, FirebaseAuth, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, UserId, configureRoutes, createHandler, handleError, json, noContent, text } from './http/index.cjs';
 export { c as FirebaseAuthMetadata, F as FirebaseAuthOptions, d as FirebaseClaims, H as Handler, a as HandlerContext, b as HttpMethod, R as ResponseLike, e as RouteOptions } from './types-o33yWNSY.cjs';
 export { On, publish } from './bus/index.cjs';
 import 'aws-lambda';

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { Auth, Body, Delete, FirebaseAuth, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, configureRoutes, createHandler, handleError, json, noContent, text } from './http/index.js';
+export { Auth, Body, Delete, FirebaseAuth, Get, Head, Header, Headers, HttpError, Options, Param, Patch, Post, Put, Query, Req, Res, UserId, configureRoutes, createHandler, handleError, json, noContent, text } from './http/index.js';
 export { c as FirebaseAuthMetadata, F as FirebaseAuthOptions, d as FirebaseClaims, H as Handler, a as HandlerContext, b as HttpMethod, R as ResponseLike, e as RouteOptions } from './types-o33yWNSY.js';
 export { On, publish } from './bus/index.js';
 import 'aws-lambda';

package/dist/index.js

@@ -20,12 +20,13 @@ import {
   Query,
   Req,
   Res,
+  UserId,
   createHandler,
   handleError,
   json,
   noContent,
   text
-} from "./chunk-SENBWWVV.js";
+} from "./chunk-P4HUTGVQ.js";
 import "./chunk-5OUNKYO5.js";
 import {
   configureRoutes
@@ -49,6 +50,7 @@ export {
   Query,
   Req,
   Res,
+  UserId,
   configureRoutes,
   createHandler,
   handleError,

package/dist/infra.cjs

@@ -138,8 +138,7 @@ function wireRoutesFromManifest(manifest, opts) {
   }
 }
 function httpApiAdapter(args) {
-  const aws2 = args?.api ? void 0 : ensureSstAws(args);
-  const api = args?.api ?? new aws2.ApiGatewayV2(args?.apiName ?? "HttpApi", args?.apiArgs);
+  const api = args.api;
   const ensureJwtAuthorizer = createHttpAuthorizerManager(api);
   const registerRoute = createRouteRegistrar(api, "ApiGatewayV2");
   return {
@@ -149,8 +148,7 @@ function httpApiAdapter(args) {
   };
 }
 function restApiAdapter(args) {
-  const aws2 = args?.api ? void 0 : ensureSstAws(args);
-  const api = args?.api ?? new aws2.ApiGateway(args?.apiName ?? "RestApi", args?.apiArgs);
+  const api = args.api;
   const ensureJwtAuthorizer = createRestAuthorizerManager(api);
   const registerRoute = createRouteRegistrar(api, "ApiGateway");
   return {
@@ -166,6 +164,9 @@ function ensureFirebaseAuthorizer(firebaseRouteCount, opts) {
   if (!opts.firebaseProjectId) {
     throw new Error("firebaseProjectId is required when using @FirebaseAuth()");
   }
+  if (!opts.ensureJwtAuthorizer) {
+    throw new Error("ensureJwtAuthorizer is required when using @FirebaseAuth()");
+  }
   const issuer = `https://securetoken.google.com/${opts.firebaseProjectId}`;
   return opts.ensureJwtAuthorizer("firebase", {
     issuer,

package/dist/infra.d.cts

@@ -2,12 +2,6 @@ import { b as HttpMethod, f as RoutesManifest } from './types-o33yWNSY.cjs';
 export { h as RoutesManifestAuth, i as RoutesManifestEvent, g as RoutesManifestRoute } from './types-o33yWNSY.cjs';
 import 'aws-lambda';
 
-type AwsSource = {
-    sst?: {
-        aws?: unknown;
-    };
-};
-
 type RegisterRouteConfig = {
     handler: unknown;
     protected: boolean;
@@ -23,17 +17,15 @@ type EnsureJwtAuthorizer = (name: string, cfg: {
     issuer: string;
     audiences: string[];
 }) => unknown;
-type AdapterArgs = AwsSource & {
-    api?: unknown;
-    apiName?: string;
-    apiArgs?: unknown;
+type AdapterArgs = {
+    api: unknown;
 };
-declare function httpApiAdapter(args?: AdapterArgs): {
+declare function httpApiAdapter(args: AdapterArgs): {
     api: unknown;
     registerRoute: RegisterRoute;
     ensureJwtAuthorizer: EnsureJwtAuthorizer;
 };
-declare function restApiAdapter(args?: AdapterArgs): {
+declare function restApiAdapter(args: AdapterArgs): {
     api: unknown;
     registerRoute: RegisterRoute;
     ensureJwtAuthorizer: EnsureJwtAuthorizer;
@@ -41,9 +33,9 @@ declare function restApiAdapter(args?: AdapterArgs): {
 
 declare function wireApiFromManifest(manifest: RoutesManifest, opts: {
     handler: unknown;
-    firebaseProjectId: string;
+    firebaseProjectId?: string;
     registerRoute: RegisterRoute;
-    ensureJwtAuthorizer: EnsureJwtAuthorizer;
+    ensureJwtAuthorizer?: EnsureJwtAuthorizer;
 }): void;
 declare function loadRoutesManifest(filePath: string): RoutesManifest;
 declare function setHandlerBus(handler: unknown): void;

package/dist/infra.d.ts

@@ -2,12 +2,6 @@ import { b as HttpMethod, f as RoutesManifest } from './types-o33yWNSY.js';
 export { h as RoutesManifestAuth, i as RoutesManifestEvent, g as RoutesManifestRoute } from './types-o33yWNSY.js';
 import 'aws-lambda';
 
-type AwsSource = {
-    sst?: {
-        aws?: unknown;
-    };
-};
-
 type RegisterRouteConfig = {
     handler: unknown;
     protected: boolean;
@@ -23,17 +17,15 @@ type EnsureJwtAuthorizer = (name: string, cfg: {
     issuer: string;
     audiences: string[];
 }) => unknown;
-type AdapterArgs = AwsSource & {
-    api?: unknown;
-    apiName?: string;
-    apiArgs?: unknown;
+type AdapterArgs = {
+    api: unknown;
 };
-declare function httpApiAdapter(args?: AdapterArgs): {
+declare function httpApiAdapter(args: AdapterArgs): {
     api: unknown;
     registerRoute: RegisterRoute;
     ensureJwtAuthorizer: EnsureJwtAuthorizer;
 };
-declare function restApiAdapter(args?: AdapterArgs): {
+declare function restApiAdapter(args: AdapterArgs): {
     api: unknown;
     registerRoute: RegisterRoute;
     ensureJwtAuthorizer: EnsureJwtAuthorizer;
@@ -41,9 +33,9 @@ declare function restApiAdapter(args?: AdapterArgs): {
 
 declare function wireApiFromManifest(manifest: RoutesManifest, opts: {
     handler: unknown;
-    firebaseProjectId: string;
+    firebaseProjectId?: string;
     registerRoute: RegisterRoute;
-    ensureJwtAuthorizer: EnsureJwtAuthorizer;
+    ensureJwtAuthorizer?: EnsureJwtAuthorizer;
 }): void;
 declare function loadRoutesManifest(filePath: string): RoutesManifest;
 declare function setHandlerBus(handler: unknown): void;

package/dist/infra.js

@@ -108,8 +108,7 @@ function wireRoutesFromManifest(manifest, opts) {
   }
 }
 function httpApiAdapter(args) {
-  const aws2 = args?.api ? void 0 : ensureSstAws(args);
-  const api = args?.api ?? new aws2.ApiGatewayV2(args?.apiName ?? "HttpApi", args?.apiArgs);
+  const api = args.api;
   const ensureJwtAuthorizer = createHttpAuthorizerManager(api);
   const registerRoute = createRouteRegistrar(api, "ApiGatewayV2");
   return {
@@ -119,8 +118,7 @@ function httpApiAdapter(args) {
   };
 }
 function restApiAdapter(args) {
-  const aws2 = args?.api ? void 0 : ensureSstAws(args);
-  const api = args?.api ?? new aws2.ApiGateway(args?.apiName ?? "RestApi", args?.apiArgs);
+  const api = args.api;
   const ensureJwtAuthorizer = createRestAuthorizerManager(api);
   const registerRoute = createRouteRegistrar(api, "ApiGateway");
   return {
@@ -136,6 +134,9 @@ function ensureFirebaseAuthorizer(firebaseRouteCount, opts) {
   if (!opts.firebaseProjectId) {
     throw new Error("firebaseProjectId is required when using @FirebaseAuth()");
   }
+  if (!opts.ensureJwtAuthorizer) {
+    throw new Error("ensureJwtAuthorizer is required when using @FirebaseAuth()");
+  }
   const issuer = `https://securetoken.google.com/${opts.firebaseProjectId}`;
   return opts.ensureJwtAuthorizer("firebase", {
     issuer,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sst-http",
-  "version": "2.0.0-beta.12",
+  "version": "2.0.0-beta.15",
   "description": "Decorator-based routing for SST v3 with a single Lambda and Firebase JWT authorizer.",
   "license": "MIT",
   "author": "",