UNPKG

@furystack/core

Version:

Core FuryStack package

github.com/furystack/furystack

furystack/furystack

42 lines 1.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import type { Token } from '@furystack/inject'; import type { User } from './models/user.js'; /** * Provides authentication and authorization context for the current * request/session. * * The default implementation exposed by the {@link IdentityContext} token is * intentionally minimal: `isAuthenticated` and `isAuthorized` both resolve to * `false`, and `getCurrentUser` rejects. Applications override this by * rebinding the token on the request-scoped injector — typically from an * authentication provider. * * @example * ```ts * requestScope.bind(IdentityContext, () => myAuthenticatedContext) * * const authenticated = await isAuthenticated(requestScope) * const authorized = await isAuthorized(requestScope, 'admin') * const user = await getCurrentUser(requestScope) * ``` */ export interface IdentityContext { isAuthenticated(): Promise<boolean>; /** Returns `true` only when the user holds **every** role. */ isAuthorized(...roles: string[]): Promise<boolean>; /** * Resolves with the current user. The default implementation rejects * because no user is bound — applications override the token on the * request scope to provide an authenticated identity. * * @typeParam TUser - Concrete user type the caller expects. */ getCurrentUser<TUser extends User>(): Promise<TUser>; } /** * DI token for the current {@link IdentityContext}. Scoped — each injector * scope resolves and caches its own context. Default factory is * unauthenticated; rebind on the request scope to inject an authenticated * identity. */ export declare const IdentityContext: Token<IdentityContext, 'scoped'>; //# sourceMappingURL=identity-context.d.ts.map