fastify-xauth-better

requireAuth()

Returns a Fastify preHandler middleware that enforces authentication for a route.

requireAuth()

Returns a preHandler middleware function that validates the session from cookies or the Authorization: Bearer header and attaches request.user and request.auth to the request. Responds with 401 Unauthorized if no valid session is found.

Signature

instance.requireAuth(): (request: FastifyRequest, reply: FastifyReply) => Promise<void>

Params

requireAuth() takes no arguments.

Returns

A preHandler function to pass to a route's preHandler option.

Throws

Sends 401 Unauthorized if:

No session cookie or Bearer token is present
The session token is invalid or expired

Examples

Basic happy-path — protect a single route

const userAuth = fastify.xauthbetter.get("user");

fastify.get("/api/profile", {
  preHandler: [userAuth.requireAuth()],
}, async (request) => {
  // request.user is populated here
  return { id: request.user.id, email: request.user.email };
});

Chained with role middleware

Use requireAuth() before requireRole() when adding per-route auth to a scope that does not have a global prefix set.

const adminAuth = fastify.xauthbetter.get("admin");

fastify.delete("/api/admin/users/:id", {
  preHandler: [
    adminAuth.requireAuth(),
    adminAuth.requireRole(["superadmin"]),
  ],
}, async (request) => {
  return { deleted: request.params.id };
});

AI Context

package: "@xenterprises/fastify-xauth-better"
method: fastify.xauthbetter.get(name).requireAuth()
use-when: Fastify preHandler factory that enforces authentication — returns 401 if no valid session
usage: { preHandler: [fastify.xauthbetter.get('user').requireAuth()] }

Edit this pageorReport an issue

pruneAuditLogs(options)

Deletes AuthAuditLog records older than a configurable age, with optional dry-run mode.

requireOrg()

Returns a preHandler that validates org membership and populates request.organization.