X Enterprises
fastify-xauth-better

getSession(request)

Resolves the Better Auth session from a Fastify request without using middleware.

getSession(request)

Resolves the Better Auth session from the request's cookies or Authorization: Bearer header. Returns null if no valid session exists. Useful for optional authentication — routes that work for both authenticated and anonymous users.

Signature

instance.getSession(
  request: FastifyRequest
): Promise<{ session: Session; user: User } | null>

Params

NameTypeRequiredDescription
requestFastifyRequestYesThe Fastify request object

Returns

Promise<{ session, user } | null> — the full Better Auth session object, or null if the request is unauthenticated.

Throws

Does not throw. Returns null on any session resolution failure.

Examples

Optional auth — serve different content to authenticated users

const userAuth = fastify.xauthbetter.get("user");

fastify.get("/api/feed", async (request) => {
  const session = await userAuth.getSession(request);

  if (session) {
    return { feed: await getPersonalizedFeed(session.user.id) };
  }

  return { feed: await getPublicFeed() };
});

Manual audit logging with session

fastify.post("/api/checkout", async (request) => {
  const session = await userAuth.getSession(request);
  if (!session) {
    return reply.code(401).send({ error: "Login required" });
  }

  const order = await processOrder(request.body, session.user.id);

  await userAuth.auditLog.log("auth.login.success", {
    userId: session.user.id,
    metadata: { action: "checkout", orderId: order.id },
    request,
  });

  return order;
});

See also

AI Context

package: "@xenterprises/fastify-xauth-better"
method: fastify.xauthbetter.get(name).getSession(request)
use-when: Resolve a Better Auth session from headers/cookies without middleware — useful for optional auth routes
returns: { session, user } | null

auditLog.log(event, data)

Writes a structured audit event to the AuthAuditLog Prisma model.

pruneAuditLogs(options)

Deletes AuthAuditLog records older than a configurable age, with optional dry-run mode.

Copyright © 2026