Add session data to Call type

- AuthService.validateRequest now returns AuthResult with both user and session - Call type includes session: SessionData | null - Handlers can access session metadata (createdAt, authMethod, etc.) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-04 09:50:05 -06:00
parent e9ccf6d757
commit ad6d405206
4 changed files with 19 additions and 11 deletions
--- a/express/auth/service.ts
+++ b/express/auth/service.ts
@@ -12,7 +12,7 @@ import {
    parseAuthorizationHeader,
    SESSION_COOKIE_NAME,
 } from "./token";
-import { type TokenId, tokenLifetimes } from "./types";
+import { type SessionData, type TokenId, tokenLifetimes } from "./types";

 type LoginResult =
    | { success: true; token: string; user: User }
@@ -24,6 +24,11 @@ type RegisterResult =

 type SimpleResult = { success: true } | { success: false; error: string };

+// Result of validating a request/token - contains both user and session
+export type AuthResult =
+    | { authenticated: true; user: User; session: SessionData }
+    | { authenticated: false; user: typeof AnonymousUser; session: null };
+
 export class AuthService {
    constructor(private store: AuthStore) {}

@@ -68,7 +73,7 @@ export class AuthService {

    // === Session Validation ===

-    async validateRequest(request: ExpressRequest): Promise<MaybeUser> {
+    async validateRequest(request: ExpressRequest): Promise<AuthResult> {
        // Try cookie first (for web requests)
        let token = this.extractCookieToken(request);

@@ -78,33 +83,33 @@ export class AuthService {
        }

        if (!token) {
-            return AnonymousUser;
+            return { authenticated: false, user: AnonymousUser, session: null };
        }

        return this.validateToken(token);
    }

-    async validateToken(token: string): Promise<MaybeUser> {
+    async validateToken(token: string): Promise<AuthResult> {
        const tokenId = hashToken(token) as TokenId;
        const session = await this.store.getSession(tokenId);

        if (!session) {
-            return AnonymousUser;
+            return { authenticated: false, user: AnonymousUser, session: null };
        }

        if (session.tokenType !== "session") {
-            return AnonymousUser;
+            return { authenticated: false, user: AnonymousUser, session: null };
        }

        const user = await this.store.getUserById(session.userId as UserId);
        if (!user || !user.isActive()) {
-            return AnonymousUser;
+            return { authenticated: false, user: AnonymousUser, session: null };
        }

        // Update last used (fire and forget)
        this.store.updateLastUsed(tokenId).catch(() => {});

-        return user;
+        return { authenticated: true, user, session };
    }

    private extractCookieToken(request: ExpressRequest): string | null {