aris/apps/aris-backend/src/auth/session-middleware.ts

import type { Context, Next } from "hono"

import type { AuthSession, AuthUser } from "./session.ts"

import { auth } from "./index.ts"

export interface SessionVariables {
	user: AuthUser | null
	session: AuthSession | null
}

declare module "hono" {
	interface ContextVariableMap extends SessionVariables {}
}

/**
 * Middleware that attaches session and user to the context.
 * Does not reject unauthenticated requests - use requireSession for that.
 */
export async function sessionMiddleware(c: Context, next: Next): Promise<void> {
	const session = await auth.api.getSession({ headers: c.req.raw.headers })

	if (session) {
		c.set("user", session.user)
		c.set("session", session.session)
	} else {
		c.set("user", null)
		c.set("session", null)
	}

	await next()
}

/**
 * Middleware that requires a valid session. Returns 401 if not authenticated.
 */
export async function requireSession(c: Context, next: Next): Promise<Response | void> {
	const session = await auth.api.getSession({ headers: c.req.raw.headers })

	if (!session) {
		return c.json({ error: "Unauthorized" }, 401)
	}

	c.set("user", session.user)
	c.set("session", session.session)
	await next()
}

/**
 * Get session from headers. Useful for WebSocket upgrade validation.
 */
export async function getSessionFromHeaders(
	headers: Headers,
): Promise<{ user: AuthUser; session: AuthSession } | null> {
	const session = await auth.api.getSession({ headers })
	return session
}
feat(backend): add BetterAuth email/password authentication - Add PostgreSQL connection (src/db.ts) - Configure BetterAuth with email/password (src/auth/index.ts) - Add session middleware for route protection (src/auth/session-middleware.ts) - Add registerAuthHandlers for mounting auth routes (src/auth/http.ts) - Rename index.ts to server.ts - Add .env.example with required environment variables Co-authored-by: Ona <no-reply@ona.com> 2026-01-25 16:21:00 +00:00			`import type { Context, Next } from "hono"`

refactor: remove tRPC, use plain Hono routes Replace tRPC location.update mutation with POST /api/location using Hono route + requireSession middleware. Extract auth types (AuthUser, AuthToken) into auth/session.ts. Inject sessionManager via Hono context local to location handlers. Co-authored-by: Ona <no-reply@ona.com> 2026-02-22 20:59:19 +00:00			`import type { AuthSession, AuthUser } from "./session.ts"`
feat(backend): add BetterAuth email/password authentication - Add PostgreSQL connection (src/db.ts) - Configure BetterAuth with email/password (src/auth/index.ts) - Add session middleware for route protection (src/auth/session-middleware.ts) - Add registerAuthHandlers for mounting auth routes (src/auth/http.ts) - Rename index.ts to server.ts - Add .env.example with required environment variables Co-authored-by: Ona <no-reply@ona.com> 2026-01-25 16:21:00 +00:00
refactor: remove tRPC, use plain Hono routes Replace tRPC location.update mutation with POST /api/location using Hono route + requireSession middleware. Extract auth types (AuthUser, AuthToken) into auth/session.ts. Inject sessionManager via Hono context local to location handlers. Co-authored-by: Ona <no-reply@ona.com> 2026-02-22 20:59:19 +00:00			`import { auth } from "./index.ts"`
feat(backend): add BetterAuth email/password authentication - Add PostgreSQL connection (src/db.ts) - Configure BetterAuth with email/password (src/auth/index.ts) - Add session middleware for route protection (src/auth/session-middleware.ts) - Add registerAuthHandlers for mounting auth routes (src/auth/http.ts) - Rename index.ts to server.ts - Add .env.example with required environment variables Co-authored-by: Ona <no-reply@ona.com> 2026-01-25 16:21:00 +00:00
			`export interface SessionVariables {`
refactor: remove tRPC, use plain Hono routes Replace tRPC location.update mutation with POST /api/location using Hono route + requireSession middleware. Extract auth types (AuthUser, AuthToken) into auth/session.ts. Inject sessionManager via Hono context local to location handlers. Co-authored-by: Ona <no-reply@ona.com> 2026-02-22 20:59:19 +00:00			`user: AuthUser \| null`
			`session: AuthSession \| null`
			`}`

			`declare module "hono" {`
			`interface ContextVariableMap extends SessionVariables {}`
feat(backend): add BetterAuth email/password authentication - Add PostgreSQL connection (src/db.ts) - Configure BetterAuth with email/password (src/auth/index.ts) - Add session middleware for route protection (src/auth/session-middleware.ts) - Add registerAuthHandlers for mounting auth routes (src/auth/http.ts) - Rename index.ts to server.ts - Add .env.example with required environment variables Co-authored-by: Ona <no-reply@ona.com> 2026-01-25 16:21:00 +00:00			`}`

			`/**`
			`* Middleware that attaches session and user to the context.`
			`* Does not reject unauthenticated requests - use requireSession for that.`
			`*/`
			`export async function sessionMiddleware(c: Context, next: Next): Promise<void> {`
			`const session = await auth.api.getSession({ headers: c.req.raw.headers })`

			`if (session) {`
			`c.set("user", session.user)`
			`c.set("session", session.session)`
			`} else {`
			`c.set("user", null)`
			`c.set("session", null)`
			`}`

			`await next()`
			`}`

			`/**`
			`* Middleware that requires a valid session. Returns 401 if not authenticated.`
			`*/`
			`export async function requireSession(c: Context, next: Next): Promise<Response \| void> {`
			`const session = await auth.api.getSession({ headers: c.req.raw.headers })`

			`if (!session) {`
			`return c.json({ error: "Unauthorized" }, 401)`
			`}`

			`c.set("user", session.user)`
			`c.set("session", session.session)`
			`await next()`
			`}`

			`/**`
			`* Get session from headers. Useful for WebSocket upgrade validation.`
			`*/`
			`export async function getSessionFromHeaders(`
			`headers: Headers,`
refactor: remove tRPC, use plain Hono routes Replace tRPC location.update mutation with POST /api/location using Hono route + requireSession middleware. Extract auth types (AuthUser, AuthToken) into auth/session.ts. Inject sessionManager via Hono context local to location handlers. Co-authored-by: Ona <no-reply@ona.com> 2026-02-22 20:59:19 +00:00			`): Promise<{ user: AuthUser; session: AuthSession } \| null> {`
feat(backend): add BetterAuth email/password authentication - Add PostgreSQL connection (src/db.ts) - Configure BetterAuth with email/password (src/auth/index.ts) - Add session middleware for route protection (src/auth/session-middleware.ts) - Add registerAuthHandlers for mounting auth routes (src/auth/http.ts) - Rename index.ts to server.ts - Add .env.example with required environment variables Co-authored-by: Ona <no-reply@ona.com> 2026-01-25 16:21:00 +00:00			`const session = await auth.api.getSession({ headers })`
			`return session`
			`}`