@mastra/core
Version:
Mastra is a framework for building AI-powered applications and agents with a modern TypeScript stack.
1 lines • 14.3 kB
Source Map (JSON)
{"version":3,"sources":["../../src/server/auth.ts","../../src/server/composite-auth.ts","../../src/server/simple-auth.ts","../../src/server/index.ts"],"names":["MastraAuthProvider","__decoratorStart","__decorateElement","__runInitializers","MastraError"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,MAAA,SAAA,EAAA,MAAA;AAkBA,MAAA,IAAA,EAAA,OAAA,EAAA;AAAiB,KACf,CAAA;AAAQ,IACR,IAAA,OAAA,EAAA,aAAiB,EAAA;AACnB,MAAC,IAAA,CAAA,aAAA,GAAA,OAAA,CAAA,aAAA,CAAA,IAAA,CAAA,IAAA,CAAA;AACM,IAAe;AAAuD,IACpE,IAAA,CAAA,SAAA,GAAA,OAAA,EAAA,SAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,EAAA,MAAA;AAAA,EAEP;AACE,EAAA,eAAQ,CAAA,IAAA,EAAW;AAEnB,IAAA,IAAI,mBAAS,EAAA;AACX,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAA,aAAQ,CAAA,IAAc,CAAA,IAAK,CAAA;AAAI,IACtD;AAEA,IAAA,IAAA,eAAiB,EAAA;AACjB,MAAA,cAAc,GAAA,IAAS,CAAA,SAAA;AAAA,IACzB;AAAA,oBAkB0B,EAAA;AACxB,MAAA,WAAU,GAAA,IAAA,CAAA,MAAe;AACvB,IAAA;AAAiD,EAAA;AAEnD;AACEA,0CAAsB,CAAA,CAAA,IAAA;AAAA,EAAA,KACxB,GAAAC,kCAAA,CAAA,EAAA,CAAA;AACA,EAAAD,0BAAU,GAAQE,mCAAA,CAAA,KAAA,EAAA,CAAA,EAAA,oBAAA,EAAA,8BAAA,EAAAF,0BAAA,CAAA;AAChB,EAAAG,oCAAc,KAAK,EAAA,CAAA,EAAAH,0BAAA,CAAA;;AACrB;AAEJ,EAAA,OAAAA,0BAAA;AA1CO,CAAA,EAAA;AAAe;AAAf,IAAA,aAAA,GAAA,cAAeA,0BAAA,CAAA;;;ACnBf,IAAM,KAAA,EAAA;AAAyC,IAC5C,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAER;AACE,EAAA,MAAA,iBAAM,CAAA,KAAA,EAAA,OAAA,EAAA;AACN,IAAA,KAAK,MAAA,QAAY,IAAA,IAAA,CAAA,SAAA,EAAA;AAAA,MACnB,IAAA;AAAA,QAEM,MAAA,IAAA,GAAA,MAAkB,QAAe,CAAA,iBAA+C,CAAA,KAAA,EAAA,OAAA,CAAA;AACpF,QAAA,IAAA,IAAW,EAAA;AACT,UAAI,OAAA,IAAA;AACF,QAAA;AACA,MAAA,CAAA,CAAA,MAAI,CAAA;AACF,IAAA;AAAO,IAAA,OACT,IAAA;AAAA,EAAA;AACM,EAAA,MAER,aAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,IACF,KAAA,MAAA,QAAA,IAAA,IAAA,CAAA,SAAA,EAAA;AACA,MAAA,MAAO,UAAA,GAAA,MAAA,QAAA,CAAA,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,MACT,IAAA,UAAA,EAAA;AAAA,QAEM,OAAA,IAAA;AACJ,MAAA;AACE,IAAA;AACA,IAAA,OAAI,KAAA;AACF,EAAA;AAAO;;AAGX;AACF,IAAA,UAAA,GAAA,cAAAA,0BAAA,CAAA;AACF,EAAA,MAAA;;;ACZO,EAAA,WAAM,CAAA;AAA8D,IACjE,KAAA,CAAA,OAAA,CAAA;AAAA,IACA,IAAA,CAAA,MAAA,GAAA,OAAA,CAAA,MAAA;AAAA,IACA,IAAA,CAAA,WAAA,GAAA,IAAA,CAAA,gBAAA,CAAA,OAAA,CAAA,OAAA,CAAA;AAAA,2BAEuC,GAAA,IAAA,GAAA,CAAA,MAAA,CAAA,MAAA,CAAA,IAAA,CAAA,MAAA,CAAA,CAAA;AAC7C,EAAA;AACA,EAAA,gBAAc,CAAA,OAAQ,EAAA;AACtB,IAAA,IAAA,CAAK,OAAA,EAAA;AAEL,MAAA,wBAA0B;AAAkC,IAC9D;AAAA,wBAEyB,CAAA,OAAuC,CAAA,GAAA,OAAA,GAAA,CAAA,OAAA,CAAA;AAC9D,EAAA;AACE,EAAA,kBAAQ,CAAA,KAAA,EAAA;AAAe,IACzB,IAAA,KAAA,CAAA,UAAA,CAAA,SAAA,CAAA,EAAA;AACA,MAAA,YAAa,CAAA,KAAA,CAAQ,CAAA,CAAA;AAA6B,IACpD;AAAA;AAGE,EAAA;AACE,EAAA,0BAAoB,EAAA;AAAA,IACtB,KAAA,MAAA,UAAA,IAAA,IAAA,CAAA,WAAA,EAAA;AACA,MAAA,MAAO,WAAA,GAAA,OAAA,CAAA,MAAA,CAAA,UAAA,CAAA;AAAA,MACT,IAAA,WAAA,EAAA;AAAA,sBAE2B,CAAA,WAAqC,EAAA,KAAA,eAAA,EAAA;AAC9D,UAAA,OAAW,IAAA,CAAA,kBAAmB,CAAA,WAAa,CAAA;AACzC,QAAA;AACA,QAAA,OAAI,WAAa;AAEf,MAAA;AACE,IAAA;AAA0C,IAAA,OAC5C,IAAA;AACA,EAAA;AAAO,EAAA,MACT,iBAAA,CAAA,KAAA,EAAA,OAAA,EAAA;AAAA,IACF,MAAA,WAAA,GAAA,IAAA,CAAA,kBAAA,CAAA,KAAA,CAAA;AACA,IAAA,IAAA,WAAO,IAAA,IAAA,CAAA,MAAA,EAAA;AAAA,MACT,OAAA,IAAA,CAAA,MAAA,CAAA,WAAA,CAAA;AAAA,IAEA;AAEE,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,kBAAA,CAAmB,OAAK,CAAA;AACjD,IAAA,IAAI,WAAA,IAAe,WAAK,IAAQ,IAAA,CAAA,MAAA,EAAA;AAC9B,MAAA,OAAO,IAAA,CAAK,OAAO,WAAW,CAAA;AAAA,IAChC;AAGA,IAAA,OAAM,IAAA;AACN,EAAA;AACE,EAAA,MAAA,kBAAmB,EAAA,QAAW,EAAA;AAAA,IAChC,OAAA,IAAA,CAAA,kBAAA,CAAA,GAAA,CAAA,IAAA,CAAA;AAEA,EAAA;AAAO;;AAKP;AAAuC,SACzC,eAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AACF,EAAA,MAAA,IAAA,GAAA,OAAA;;;AC/BA,MAAA,EAAA,EAAS,yCAGwC;AAC/C,MAAA,IAAM,EAAA,CAAA,2BAAO,EAAA,IAAA,CAAA,4BAAA,CAAA;AAEb,MAAI,uBAAgB;AAClB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAI,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,0DAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC,EAAA,IACxC,IAAA,CAAA,OAAA,KAAA,MAAA,IAAA,IAAA,CAAA,aAAA,KAAA,MAAA,EAAA;AAAA,IAAA,MACA,IAAAA,6BAAA,CAAA;AAAA,MACD,EAAA,EAAA,yCAAA;AAAA,MACH,IAAA,EAAA,CAAA,2BAAA,EAAA,IAAA,CAAA,oFAAA,CAAA;AAEA,MAAI,MAAK,EAAA,eAAY;AACnB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACoC;AACxC,SACA,gBAAA,CAAA,IAAA,EAAA,OAAA,EAAA;AAAA,EAAA,IACD,IAAA,CAAA,UAAA,CAAA,OAAA,CAAA,EAAA;AAAA,IACH,MAAA,IAAAA,6BAAA,CAAA;AACF,MAAA,EAAA,EAAA,iCAAA;AAEO,MAAA,IAAS,EAAA,CAAA,sEAGa,CAAA;AAC3B,MAAI,MAAK,EAAA,eAAkB;AACzB,MAAA,QAAU,EAAA,MAAA;AAAY,KAAA,CACpB;AAAI,EAAA;AACE,EAAA,eACN,CAAA,IAAA,EAAA,OAAA,CAAA;AAAA,EAAA,OACA;AAAA,IACF,IAAC;AAAA,IACH,MAAA,EAAA,OAAA,CAAA,MAAA;AAEA,IAAA,OAAA,EAAA,eAAsB;AAEtB,IAAA,aAAO,EAAA,OAAA,CAAA,aAAA;AAAA,IACL,OAAA,EAAA,OAAA,CAAA,OAAA;AAAA,IACA,UAAQ,EAAA,OAAQ,CAAA,UAAA;AAAA,IAChB,YAAS,EAAA,OAAQ,CAAA;AAAA,GAAA;AACM;AACN,mBACL,CAAA,MAAQ,EAAA;AAAA,EAAA;AACE","file":"index.cjs","sourcesContent":["import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport { InstrumentClass } from '../telemetry';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n /**\n * Protected paths for the auth provider\n */\n protected?: MastraAuthConfig['protected'];\n /**\n * Public paths for the auth provider\n */\n public?: MastraAuthConfig['public'];\n}\n\n@InstrumentClass({\n prefix: 'auth',\n excludeMethods: ['__setTools', '__setLogger', '__setTelemetry', '#log'],\n})\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /**\n * Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n */\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n /**\n * Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\n\nexport class CompositeAuth extends MastraAuthProvider {\n private providers: MastraAuthProvider[];\n\n constructor(providers: MastraAuthProvider[]) {\n super();\n this.providers = providers;\n }\n\n async authenticateToken(token: string, request: HonoRequest): Promise<unknown | null> {\n for (const provider of this.providers) {\n try {\n const user = await provider.authenticateToken(token, request);\n if (user) {\n return user;\n }\n } catch {\n // ignore error, try next provider\n }\n }\n return null;\n }\n\n async authorizeUser(user: unknown, request: HonoRequest): Promise<boolean> {\n for (const provider of this.providers) {\n const authorized = await provider.authorizeUser(user, request);\n if (authorized) {\n return true;\n }\n }\n return false;\n }\n}\n","import type { HonoRequest } from 'hono';\nimport { MastraAuthProvider } from './auth';\nimport type { MastraAuthProviderOptions } from './auth';\n\nexport interface SimpleAuthOptions<TUser = unknown> extends MastraAuthProviderOptions<TUser> {\n /**\n * A map of tokens to users.\n * When a token is provided, it will be looked up in this map.\n */\n tokens: Record<string, TUser>;\n /**\n * Headers to check for the token.\n * Defaults to 'Authorization' with Bearer token extraction.\n * Can be a string or array of strings for custom header names.\n */\n headers?: string | string[];\n}\n\n/**\n * SimpleAuth is a basic token-based authentication provider.\n * It validates tokens against a predefined map of tokens to users.\n */\nexport class SimpleAuth<TUser = unknown> extends MastraAuthProvider<TUser> {\n private tokens: Record<string, TUser>;\n private headerNames: string[];\n private authenticatedUsers: Set<TUser>;\n\n constructor(options: SimpleAuthOptions<TUser>) {\n super(options);\n this.tokens = options.tokens;\n this.headerNames = this.normalizeHeaders(options.headers);\n // Store reference to all valid users for authorization\n this.authenticatedUsers = new Set(Object.values(this.tokens));\n }\n\n private normalizeHeaders(headers?: string | string[]): string[] {\n if (!headers) {\n return ['Authorization'];\n }\n return Array.isArray(headers) ? headers : [headers];\n }\n\n private extractBearerToken(value: string): string {\n if (value.startsWith('Bearer ')) {\n return value.slice(7);\n }\n return value;\n }\n\n private findTokenInHeaders(request: HonoRequest): string | null {\n for (const headerName of this.headerNames) {\n const headerValue = request.header(headerName);\n if (headerValue) {\n // For Authorization header, extract Bearer token\n if (headerName.toLowerCase() === 'authorization') {\n return this.extractBearerToken(headerValue);\n }\n return headerValue;\n }\n }\n return null;\n }\n\n async authenticateToken(token: string, request: HonoRequest): Promise<TUser | null> {\n // First, try the direct token\n const directToken = this.extractBearerToken(token);\n if (directToken in this.tokens) {\n return this.tokens[directToken]!;\n }\n\n // Then, try to find token in headers\n const headerToken = this.findTokenInHeaders(request);\n if (headerToken && headerToken in this.tokens) {\n return this.tokens[headerToken]!;\n }\n\n return null;\n }\n\n async authorizeUser(user: TUser, _request: HonoRequest): Promise<boolean> {\n // Check if this user was authenticated through our tokens\n return this.authenticatedUsers.has(user);\n }\n}\n","import type { Context, Handler, MiddlewareHandler } from 'hono';\nimport type { DescribeRouteOptions } from 'hono-openapi';\nimport { MastraError, ErrorDomain, ErrorCategory } from '../error';\nimport type { Mastra } from '../mastra';\nimport type { ApiRoute, MastraAuthConfig, Methods } from './types';\n\nexport type { MastraAuthConfig, ContextWithMastra, ApiRoute } from './types';\nexport { MastraAuthProvider } from './auth';\nexport type { MastraAuthProviderOptions } from './auth';\nexport { CompositeAuth } from './composite-auth';\nexport { SimpleAuth } from './simple-auth';\nexport type { SimpleAuthOptions } from './simple-auth';\n\n// Helper type for inferring parameters from a path\n// Thank you Claude!\ntype ParamsFromPath<P extends string> = {\n [K in P extends `${string}:${infer Param}/${string}` | `${string}:${infer Param}` ? Param : never]: string;\n};\n\ntype RegisterApiRoutePathError = `Param 'path' must not start with '/api', it is reserved for internal API routes.`;\ntype ValidatePath<P extends string, T> = P extends `/api/${string}` ? RegisterApiRoutePathError : T;\n\ntype RegisterApiRouteOptions<P extends string> = {\n method: Methods;\n openapi?: DescribeRouteOptions;\n handler?: Handler<\n {\n Variables: {\n mastra: Mastra;\n };\n },\n P,\n ParamsFromPath<P>\n >;\n createHandler?: (c: Context) => Promise<\n Handler<\n {\n Variables: {\n mastra: Mastra;\n };\n },\n P,\n ParamsFromPath<P>\n >\n >;\n middleware?: MiddlewareHandler | MiddlewareHandler[];\n /**\n * When false, skips Mastra auth for this route (defaults to true)\n */\n requiresAuth?: boolean;\n};\n\nfunction validateOptions<P extends string>(\n path: P,\n options: RegisterApiRoutePathError | RegisterApiRouteOptions<P>,\n): asserts options is RegisterApiRouteOptions<P> {\n const opts = options as RegisterApiRouteOptions<P>;\n\n if (opts.method === undefined) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n text: `Invalid options for route \"${path}\", missing \"method\" property`,\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n\n if (opts.handler === undefined && opts.createHandler === undefined) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n text: `Invalid options for route \"${path}\", you must define a \"handler\" or \"createHandler\" property`,\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n\n if (opts.handler !== undefined && opts.createHandler !== undefined) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_INVALID_ROUTE_OPTIONS',\n text: `Invalid options for route \"${path}\", you can only define one of the following properties: \"handler\" or \"createHandler\"`,\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n}\n\nexport function registerApiRoute<P extends string>(\n path: P,\n options: ValidatePath<P, RegisterApiRouteOptions<P>>,\n): ValidatePath<P, ApiRoute> {\n if (path.startsWith('/api/')) {\n throw new MastraError({\n id: 'MASTRA_SERVER_API_PATH_RESERVED',\n text: 'Path must not start with \"/api\", it\\'s reserved for internal API routes',\n domain: ErrorDomain.MASTRA_SERVER,\n category: ErrorCategory.USER,\n });\n }\n\n validateOptions(path, options);\n\n return {\n path,\n method: options.method,\n handler: options.handler,\n createHandler: options.createHandler,\n openapi: options.openapi,\n middleware: options.middleware,\n requiresAuth: options.requiresAuth,\n } as unknown as ValidatePath<P, ApiRoute>;\n}\n\nexport function defineAuth<TUser>(config: MastraAuthConfig<TUser>): MastraAuthConfig<TUser> {\n return config;\n}\n"]}