philologue/diachron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rework user types: create AuthenticatedUser and AnonymousUser class

Browse Source 
Both are subclasses of an abstract User class which contains almost everything
interesting.
This commit is contained in:
Michael Wolf
2026-01-17 17:45:36 -06:00
parent 350bf7c865
commit d921679058
9 changed files with 102 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
express/auth/service.ts
View File

@@ -4,7 +4,12 @@
// password reset, and email verification. // password reset, and email verification.
import type { Request as ExpressRequest } from "express"; import type { Request as ExpressRequest } from "express";
import { AnonymousUser, type User, type UserId } from "../user"; import {
type AnonymousUser,
anonymousUser,
type User,
type UserId,
} from "../user";
import { hashPassword, verifyPassword } from "./password"; import { hashPassword, verifyPassword } from "./password";
import type { AuthStore } from "./store"; import type { AuthStore } from "./store";
import { import {
@@ -27,7 +32,7 @@ type SimpleResult = { success: true } | { success: false; error: string };
// Result of validating a request/token - contains both user and session // Result of validating a request/token - contains both user and session
export type AuthResult = export type AuthResult =
| { authenticated: true; user: User; session: SessionData } | { authenticated: true; user: User; session: SessionData }
| { authenticated: false; user: typeof AnonymousUser; session: null }; | { authenticated: false; user: AnonymousUser; session: null };
export class AuthService { export class AuthService {
constructor(private store: AuthStore) {} constructor(private store: AuthStore) {}
@@ -83,7 +88,7 @@ export class AuthService {
} }
if (!token) { if (!token) {
return { authenticated: false, user: AnonymousUser, session: null }; return { authenticated: false, user: anonymousUser, session: null };
} }
return this.validateToken(token); return this.validateToken(token);
@@ -94,16 +99,16 @@ export class AuthService {
const session = await this.store.getSession(tokenId); const session = await this.store.getSession(tokenId);
if (!session) { if (!session) {
return { authenticated: false, user: AnonymousUser, session: null }; return { authenticated: false, user: anonymousUser, session: null };
} }
if (session.tokenType !== "session") { if (session.tokenType !== "session") {
return { authenticated: false, user: AnonymousUser, session: null }; return { authenticated: false, user: anonymousUser, session: null };
} }
const user = await this.store.getUserById(session.userId as UserId); const user = await this.store.getUserById(session.userId as UserId);
if (!user || !user.isActive()) { if (!user || !user.isActive()) {
return { authenticated: false, user: AnonymousUser, session: null }; return { authenticated: false, user: anonymousUser, session: null };
} }
// Update last used (fire and forget) // Update last used (fire and forget)

6
express/auth/store.ts
View File

@@ -3,7 +3,7 @@
// Authentication storage interface and in-memory implementation. // Authentication storage interface and in-memory implementation.
// The interface allows easy migration to PostgreSQL later. // The interface allows easy migration to PostgreSQL later.
import { User, type UserId } from "../user"; import { AuthenticatedUser, type User, type UserId } from "../user";
import { generateToken, hashToken } from "./token"; import { generateToken, hashToken } from "./token";
import type { AuthMethod, SessionData, TokenId, TokenType } from "./types"; import type { AuthMethod, SessionData, TokenId, TokenType } from "./types";
@@ -123,7 +123,7 @@ export class InMemoryAuthStore implements AuthStore {
} }
async createUser(data: CreateUserData): Promise<User> { async createUser(data: CreateUserData): Promise<User> {
const user = User.create(data.email, { const user = AuthenticatedUser.create(data.email, {
displayName: data.displayName, displayName: data.displayName,
status: "pending", // Pending until email verified status: "pending", // Pending until email verified
}); });
@@ -151,7 +151,7 @@ export class InMemoryAuthStore implements AuthStore {
const user = this.users.get(userId); const user = this.users.get(userId);
if (user) { if (user) {
// Create new user with active status // Create new user with active status
const updatedUser = User.create(user.email, { const updatedUser = AuthenticatedUser.create(user.email, {
id: user.id, id: user.id,
displayName: user.displayName, displayName: user.displayName,
status: "active", status: "active",

8
express/auth/types.ts
View File

@@ -64,17 +64,17 @@ export const tokenLifetimes: Record<TokenType, number> = {
}; };
// Import here to avoid circular dependency at module load time // Import here to avoid circular dependency at module load time
import { AnonymousUser, type MaybeUser } from "../user"; import type { User } from "../user";
// Session wrapper class providing a consistent interface for handlers. // Session wrapper class providing a consistent interface for handlers.
// Always present on Call (never null), but may represent an anonymous session. // Always present on Call (never null), but may represent an anonymous session.
export class Session { export class Session {
constructor( constructor(
private readonly data: SessionData | null, private readonly data: SessionData | null,
private readonly user: MaybeUser, private readonly user: User,
) {} ) {}
getUser(): MaybeUser { getUser(): User {
return this.user; return this.user;
} }
@@ -83,7 +83,7 @@ export class Session {
} }
isAuthenticated(): boolean { isAuthenticated(): boolean {
return this.user !== AnonymousUser; return !this.user.isAnonymous();
} }
get tokenId(): string | undefined { get tokenId(): string | undefined {

9
express/basic/routes.ts
View File

@@ -24,7 +24,14 @@ const routes: Record<string, Route> = {
const me = request.session.getUser(); const me = request.session.getUser();
const email = me.toString(); const email = me.toString();
const c = await render("basic/home", { email }); const showLogin = me.isAnonymous();
const showLogout = !me.isAnonymous();
const c = await render("basic/home", {
email,
showLogin,
showLogout,
});
return html(c); return html(c);
}, },

8
express/context.ts
View File

@@ -5,10 +5,10 @@
// needing to pass Call through every function. // needing to pass Call through every function.
import { AsyncLocalStorage } from "node:async_hooks"; import { AsyncLocalStorage } from "node:async_hooks";
import { AnonymousUser, type MaybeUser } from "./user"; import { anonymousUser, type User } from "./user";
type RequestContext = { type RequestContext = {
user: MaybeUser; user: User;
}; };
const asyncLocalStorage = new AsyncLocalStorage<RequestContext>(); const asyncLocalStorage = new AsyncLocalStorage<RequestContext>();
@@ -19,9 +19,9 @@ function runWithContext<T>(context: RequestContext, fn: () => T): T {
} }
// Get the current user from context, or AnonymousUser if not in a request // Get the current user from context, or AnonymousUser if not in a request
function getCurrentUser(): MaybeUser { function getCurrentUser(): User {
const context = asyncLocalStorage.getStore(); const context = asyncLocalStorage.getStore();
return context?.user ?? AnonymousUser; return context?.user ?? anonymousUser;
} }
export { getCurrentUser, runWithContext, type RequestContext }; export { getCurrentUser, runWithContext, type RequestContext };

4
express/database.ts
View File

@@ -18,7 +18,7 @@ import type {
} from "./auth/store"; } from "./auth/store";
import { generateToken, hashToken } from "./auth/token"; import { generateToken, hashToken } from "./auth/token";
import type { SessionData, TokenId } from "./auth/types"; import type { SessionData, TokenId } from "./auth/types";
import { User, type UserId } from "./user"; import { AuthenticatedUser, type User, type UserId } from "./user";
// Connection configuration // Connection configuration
const connectionConfig = { const connectionConfig = {
@@ -367,7 +367,7 @@ class PostgresAuthStore implements AuthStore {
// Helper to convert database row to User object // Helper to convert database row to User object
private rowToUser(row: Selectable<UsersTable>): User { private rowToUser(row: Selectable<UsersTable>): User {
return new User({ return new AuthenticatedUser({
id: row.id, id: row.id,
email: row.email, email: row.email,
displayName: row.display_name ?? undefined, displayName: row.display_name ?? undefined,

4
express/request/index.ts
View File

@@ -1,13 +1,13 @@
import { AuthService } from "../auth"; import { AuthService } from "../auth";
import { getCurrentUser } from "../context"; import { getCurrentUser } from "../context";
import { PostgresAuthStore } from "../database"; import { PostgresAuthStore } from "../database";
import type { MaybeUser } from "../user"; import type { User } from "../user";
import { html, redirect, render } from "./util"; import { html, redirect, render } from "./util";
const util = { html, redirect, render }; const util = { html, redirect, render };
const session = { const session = {
getUser: (): MaybeUser => { getUser: (): User => {
return getCurrentUser(); return getCurrentUser();
}, },
}; };

11
express/types.ts
View File

@@ -8,12 +8,7 @@ import { z } from "zod";
import type { Session } from "./auth/types"; import type { Session } from "./auth/types";
import type { ContentType } from "./content-types"; import type { ContentType } from "./content-types";
import type { HttpCode } from "./http-codes"; import type { HttpCode } from "./http-codes";
import { import type { Permission, User } from "./user";
AnonymousUser,
type MaybeUser,
type Permission,
type User,
} from "./user";
const methodParser = z.union([ const methodParser = z.union([
z.literal("GET"), z.literal("GET"),
@@ -36,7 +31,7 @@ export type Call = {
method: Method; method: Method;
parameters: object; parameters: object;
request: ExpressRequest; request: ExpressRequest;
user: MaybeUser; user: User;
session: Session; session: Session;
}; };
@@ -102,7 +97,7 @@ export class AuthorizationDenied extends Error {
// Helper for handlers to require authentication // Helper for handlers to require authentication
export function requireAuth(call: Call): User { export function requireAuth(call: Call): User {
if (call.user === AnonymousUser) { if (call.user.isAnonymous()) {
throw new AuthenticationRequired(); throw new AuthenticationRequired();
} }
return call.user; return call.user;

97
express/user.ts
View File

@@ -51,39 +51,15 @@ const defaultRolePermissions: RolePermissionMap = new Map([
["user", ["users:read"]], ["user", ["users:read"]],
]); ]);
export class User { export abstract class User {
private readonly data: UserData; protected readonly data: UserData;
private rolePermissions: RolePermissionMap; protected rolePermissions: RolePermissionMap;
constructor(data: UserData, rolePermissions?: RolePermissionMap) { constructor(data: UserData, rolePermissions?: RolePermissionMap) {
this.data = userDataParser.parse(data); this.data = userDataParser.parse(data);
this.rolePermissions = rolePermissions ?? defaultRolePermissions; this.rolePermissions = rolePermissions ?? defaultRolePermissions;
} }
// Factory for creating new users with sensible defaults
static create(
email: string,
options?: {
id?: string;
displayName?: string;
status?: UserStatus;
roles?: Role[];
permissions?: Permission[];
},
): User {
const now = new Date();
return new User({
id: options?.id ?? crypto.randomUUID(),
email,
displayName: options?.displayName,
status: options?.status ?? "active",
roles: options?.roles ?? [],
permissions: options?.permissions ?? [],
createdAt: now,
updatedAt: now,
});
}
// Identity // Identity
get id(): UserId { get id(): UserId {
return this.data.id as UserId; return this.data.id as UserId;
@@ -185,15 +161,72 @@ export class User {
toString(): string { toString(): string {
return `User(id ${this.id})`; return `User(id ${this.id})`;
} }
abstract isAnonymous(): boolean;
}
export class AuthenticatedUser extends User {
// Factory for creating new users with sensible defaults
static create(
email: string,
options?: {
id?: string;
displayName?: string;
status?: UserStatus;
roles?: Role[];
permissions?: Permission[];
},
): User {
const now = new Date();
return new AuthenticatedUser({
id: options?.id ?? crypto.randomUUID(),
email,
displayName: options?.displayName,
status: options?.status ?? "active",
roles: options?.roles ?? [],
permissions: options?.permissions ?? [],
createdAt: now,
updatedAt: now,
});
}
isAnonymous(): boolean {
return false;
}
} }
// For representing "no user" in contexts where user is optional // For representing "no user" in contexts where user is optional
export const AnonymousUser = Symbol("AnonymousUser"); export class AnonymousUser extends User {
// FIXME: this is C&Ped with only minimal changes. No bueno.
static create(
email: string,
options?: {
id?: string;
displayName?: string;
status?: UserStatus;
roles?: Role[];
permissions?: Permission[];
},
): AnonymousUser {
const now = new Date(0);
return new AnonymousUser({
id: options?.id ?? crypto.randomUUID(),
email,
displayName: options?.displayName,
status: options?.status ?? "active",
roles: options?.roles ?? [],
permissions: options?.permissions ?? [],
createdAt: now,
updatedAt: now,
});
}
export const anonymousUser = User.create("anonymous@example.com", { isAnonymous(): boolean {
return true;
}
}
export const anonymousUser = AnonymousUser.create("anonymous@example.com", {
id: "-1", id: "-1",
displayName: "Anonymous User", displayName: "Anonymous User",
// FIXME: set createdAt and updatedAt to start of epoch
}); });
export type MaybeUser = User | typeof AnonymousUser;