Reference

@reckona/mreact-auth

32 public exports.

Function

Function__resetAuthForTestingfunction __resetAuthForTesting(): voidResets process-wide auth configuration and cached claims for tests.FunctionauthorizeSessionfunction authorizeSession<TData>(data: TData, policy: AuthorizationPolicy): AuthorizationResultEvaluates session claims against required roles and permissions without reading cookies or redirecting.FunctionconfigureAuthfunction configureAuth(config: AuthConfig): voidUpdates the process-wide auth defaults used by the guard helpers. Configure redirect targets and claim serialization before handling requests that call `requireSession()`, `requireRole()`, or `requirePermission()`. For per-request or per-tenant overrides, pass `config` to `runWithAuthRequest()` instead of calling `configureAuth()` while requests are in flight.FunctioncreateMemorySessionStorefunction createMemorySessionStore<TData>(options?: MemorySessionStoreOptions): SessionStore<TData>Creates a process-local session store backed by an in-memory LRU-like map. Use it for development, tests, or single-process deployments; production multi-instance deployments should provide a shared `SessionStore`.FunctioncreateSessionfunction createSession<TData>(response: Response, store: SessionStore<TData>, data: TData, options?: SessionCookieOptions): Promise<SessionRecord<TData>>Creates a new session record, stores it, and appends the session cookie to the response.FunctiondestroySessionfunction destroySession<TData>(request: Request, response: Response, store: SessionStore<TData>, options?: SessionCookieOptions): Promise<void>Deletes the current session record when present and appends an expiring session cookie to the response.FunctiongetCurrentSessionfunction getCurrentSession<TData>(request: Request, store: SessionStore<TData>, options: SessionCookieOptions): Promise<SessionRecord<TData> | undefined>Reads the current session and stores serialized claims for the active auth request scope.FunctiongetSessionfunction getSession<TData>(request: Request, store: SessionStore<TData>, options?: SessionCookieOptions): Promise<SessionRecord<TData> | undefined>Reads the current session cookie, loads the matching session record, and deletes expired records.FunctiongetSessionClaimsfunction getSessionClaims<TData>(): TData | undefinedReturns the claims captured by `getCurrentSession()` for the current request or hydrated browser document. Server code should call it inside `runWithAuthRequest()` so concurrent requests do not share claim state.FunctionrefreshSessionfunction refreshSession<TData>(request: Request, response: Response, store: SessionStore<TData>, options: SessionCookieOptions): Promise<SessionRecord<TData> | undefined>Rotates the current session id and refreshes request-local claims.FunctionrequirePermissionfunction requirePermission<TData>(request: Request, store: SessionStore<TData>, permission: AuthRequirement, options: AuthGuardOptions): Promise<SessionRecord<TData>>Requires an active session with the requested permission or redirects to the configured forbidden route.FunctionrequireRolefunction requireRole<TData>(request: Request, store: SessionStore<TData>, role: AuthRequirement, options: AuthGuardOptions): Promise<SessionRecord<TData>>Requires an active session with the requested role or redirects to the configured forbidden route.FunctionrequireSessionfunction requireSession<TData>(request: Request, store: SessionStore<TData>, options: AuthGuardOptions): Promise<SessionRecord<TData>>Requires an active session or redirects to the configured login route.FunctionrevokeCurrentSessionfunction revokeCurrentSession<TData>(request: Request, response: Response, store: SessionStore<TData>, options: SessionCookieOptions): Promise<void>Destroys the current session and clears request-local claims.FunctionrotateSessionfunction rotateSession<TData>(request: Request, response: Response, store: SessionStore<TData>, options?: SessionCookieOptions): Promise<SessionRecord<TData> | undefined>Replaces the current session id while preserving the stored session data. Use this after authentication or privilege changes to reduce session fixation risk.FunctionrunWithAuthRequestfunction runWithAuthRequest<T>(fn: (): T | Promise<T>, options: AuthRequestOptions): Promise<Awaited<T>>Runs server-side auth work inside an AsyncLocalStorage-backed request scope. Use this around custom server rendering or tests so `getSessionClaims()` can read request-local claims.FunctiontryRequirePermissionfunction tryRequirePermission<TData>(request: Request, store: SessionStore<TData>, permission: AuthRequirement, options: Pick<AuthGuardOptions, "mode">): Promise<TryAuthResult<TData>>Checks for a permission without redirecting, returning a discriminated authorization result.FunctiontryRequireRolefunction tryRequireRole<TData>(request: Request, store: SessionStore<TData>, role: AuthRequirement, options: Pick<AuthGuardOptions, "mode">): Promise<TryAuthResult<TData>>Checks for a role without redirecting, returning a discriminated authorization result.

Interface

InterfaceAuthConfiginterface AuthConfigConfigures process-wide auth defaults for redirects and claim serialization.InterfaceAuthGuardOptionsinterface AuthGuardOptionsConfigures redirects and requirement matching for auth guard helpers.InterfaceAuthorizationPolicyinterface AuthorizationPolicyDescribes role and permission claims required for authorization.InterfaceAuthRequestOptionsinterface AuthRequestOptionsInterfaceAuthSessionClaimsinterface AuthSessionClaimsContains serializable auth claims exposed to role and permission checks.InterfaceSessionCookieOptionsinterface SessionCookieOptionsConfigures the cookie used by app-router session helpers.InterfaceSessionRecordinterface SessionRecordStores session data and expiration metadata for one session id.InterfaceSessionStoreinterface SessionStoreDefines the persistence API used by app-router session helpers.

Type Alias

Type AliasAuthClaimsSerializertype AuthClaimsSerializer = (data: unknown): AuthSessionClaims | undefinedConverts raw session data into serializable claims for auth checks and hydration.Type AliasAuthorizationResulttype AuthorizationResult = { authorized: true } | { authorized: false; reason: "missing-permission" | "missing-role" }Reports whether claims satisfy an authorization policy and why they fail.Type AliasAuthRequirementtype AuthRequirement = string | readonly string[]Names one required role or permission, or a set of acceptable values.Type AliasAuthRequirementModetype AuthRequirementMode = "all" | "any"Controls whether all listed auth requirements or any one requirement must match.Type AliasTryAuthResulttype TryAuthResult = { authorized: true; session: SessionRecord<TData> } | { authorized: false; reason: "missing-permission" | "missing-role" | "missing-session" }Reports a session-bearing auth guard result without redirecting.

Variable

Variable__MREACT_AUTH_SESSION_SCRIPT_IDconst __MREACT_AUTH_SESSION_SCRIPT_ID: "__mreact_auth_session"Identifies the script element that carries serialized auth claims during hydration.